Abstract
With the increasing growth of zero-day attacks, traditional machine learning-based network intrusion detection systems (NIDS) are difficult to cope with a large amount of unknown network attacks without labeled data. To this end, this paper proposes a new unknown network attack detection method, which combines zero-shot learning algorithm with reinforcement learning algorithm. First, the feature vector in traffic data and the semantic vector in threat intelligence are encoded in the hidden space by variational autoencoder, so that the two modalities are matched in the hidden space, and then the hidden features of known class and unknown class are used to input into the training classifier to get the predicted of the labeling results, and then use asynchronous advantage actor-critic based algorithm to learn and correct the attack results that are misclassified by the variational autoencoder to improve the accuracy of detection. Experiments prove that the proposed method in this paper achieves more than 95% accuracy on four unknown network attack classes that are difficult to identify, namely MAILBOMB, U2R, POD, and SNAPATTACK, which illustrates the effectiveness and feasibility of the method.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
