Unknown Network Attack Detection Based on Open Set Recognition

Abstract

Abstract The rapid development of the Internet of Things has led to a series of security and privacy issues. Although existing network intrusion detection technologies can identify abnormal traffic, they are mostly focused on detecting in closed sets. For a real open network environment, when an unknown attack occurs, the existing detection system cannot recognize it correctly, which will severely threaten network security. In order to solve this problem, this paper investigates how the Extreme Value Theory (EVT) is applied to unknown network attack detection system and proposes a network intrusion detection method based on open set recognition. By fitting the known classes’ post recognition activations to a Weibull distribution, we build the Open-CNN model to recalculate each activation at the penultimate level, then the pseudo-probability of unknown classes can be estimated from the activation scores of known classes, realizing the detection purpose of unknown attacks. We perform experiments on multiple datasets with different types and feature distributions. All of them obtain high detection accuracy, which proves the effectiveness and robustness of the proposed method.