摘要
针对现实网络中僵尸网络流量占比远小于正常网络流量,新出现的僵尸网络类型缺乏标记样本,以及传统深度学习依赖大量标记数据的问题,提出了基于元学习的僵尸网络检测模型,用于小样本场景下的僵尸网络检测。该模型分为特征提取模块和比较模块两个部分,都由CNN实现。特征提取模块从一对网络流量中学习流量特征,包含正常流量和僵尸网络流量,并引入非局部注意力机制,用来捕获长距离依赖关系,提高模型的准确率;比较模块用于获取这对网络流量特征图的相似度得分,进而判断两者是否为同一类型的样本。通过学习一定数量的小样本僵尸网络检测任务,使模型获得足够的先验知识,以便能通过极少量的标记样本实现对未知僵尸网络类型的检测。实验结果表明,1-shot设定下的小样本僵尸网络检测平均准确率达到96.79%,5-shot设定下的小样本僵尸网络检测平均准确率达到98.06%,验证了模型的有效性。
In view of the fact that the proportion of botnet traffic in real network world is far less than that of normal network traffic,the new types of botnet lack of labeled sufficient samples,and the traditional deep learning relies on a large number of labeled data for training,a botnet detection model based on metric meta-learning is proposed for botnet detection in few-shot scenarios.The model is divided into feature extraction module and comparison module,which are implemented by convolutional neural network(CNN).In the feature extraction module,network traffic features are learned from a pair of network traffic as the input of the comparison module,including normal traffic and botnet traffic,and NonLocal attention mechanism is introduced to capture long-range dependencies and improve the accuracy of the detection model;The comparison module is used to obtain the similarity score of the two network traffic feature maps,and then judge whether they are the same type of samples.By learning a certain number of small sample botnet detection tasks,the model can obtain enough prior knowledge to detect unknown botnet types through a very small number of traffic samples.The experimental results show that the average accuracy of few-shot botnet detection under 1-shot setting is96.79%,and the average accuracy of few-shot botnet detection under 5-shot setting is 98.06%,which verifies the effectiveness of the model.
作者
郭楠馨
林宏刚
张运理
陈麟
GUO Nanxin;LIN Honggang;ZHANG Yunli;CHEN lin(College of Cyberspace Security,Chengdu Univ.of Info.Technol.,chengdu610225,China;Advanced Cryptography and System Security Key Lab.of Sichuan Province,Chengdu Univ.of Info.Technol,chengdu610225,China;Anhui Province Key Lab.of Cyberspace Security Situation Awareness and Evaluation,Hefei230027,China)
出处
《成都信息工程大学学报》
2022年第6期615-621,共7页
Journal of Chengdu University of Information Technology
基金
网络空间安全态势感知与评估安徽省重点实验室开放课题资助项目(CSSAE-2021-002)
