Identifying malicious traffic under concept drift based on intraclass consistency enhanced variational autoencoder
作者机构:Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security University of Chinese Academy of Sciences School of Computer Science and Technology Harbin Institute of Technology (Shenzhen)
出 版 物:《Science China(Information Sciences)》 (中国科学:信息科学(英文版))
年 卷 期:2024年
核心收录:
学科分类:12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0839[工学-网络空间安全] 08[工学] 081104[工学-模式识别与智能系统] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:supported by National Key Research and Development Program of China (Grant No. 2021YFB3101400)
摘 要:Accurate identification of malicious traffic is crucial for implementing effective defense countermeasures and has led to extensive research ***,the continuously evolving techniques employed by adversaries have introduced the issues of concept drift,which significantly affects the performance of existing *** tackle this challenge,some researchers have focused on improving the separability of malicious traffic representation and designing drift detectors to reduce the number of false ***,these methods often overlook the importance of enhancing the generalization and intraclass consistency in the ***,the detectors are not sufficiently sensitive to the variations among different malicious traffic classes,which results in poor performance and limited *** this paper,we propose intraclass consistency enhanced variational autoencoder with Class-Perception detector(ICE-CP) to identify malicious traffic under concept *** comprises two key modules during training:intraclass consistency enhanced (ICE) representation learning and Class-Perception (CP) detector *** the first module,we employ a variational autoencoder (VAE) in conjunction with Kullback-Leibler(KL)-divergence and cross-entropy loss to model the distribution of each input malicious traffic *** approach simultaneously enhances the generalization,interclass consistency,and intraclass differences in the learned ***,we obtain a compact representation and a trained classifier for nondrifting malicious *** the second module,we design the CP detector,which generates a centroid and threshold for each malicious traffic class separately based on the learned representation,depicting the boundaries between drifting and non-drifting malicious *** testing,we utilize the trained classifier to predict malicious traffic classes for the testing ***,we use the CP detector to detect the pote
同方期刊数据库