• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

一种用于少样本恶意流量分类的轻量级模型设计方法。

A lightweight model design approach for few-shot malicious traffic classification.

作者信息

Wang Ruonan, Huang Minhuan, Zhao Jinjing, Zhang Hongzheng, Zhong Wenjing, Zhang Zhaowei, He Liqiang

机构信息

Institute of Systems Engineering, Academy of Military Sciences, PLA, Beijing, 100101, China.

出版信息

Sci Rep. 2024 Oct 21;14(1):24710. doi: 10.1038/s41598-024-73342-7.

DOI:10.1038/s41598-024-73342-7
PMID:39433748
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11493955/
Abstract

Classifying malicious traffic, which can trace the lineage of attackers' malicious families, is fundamental to safeguarding cybersecurity. However, the deep learning approaches currently employed require substantial volumes of data, conflicting with the challenges in acquiring and accurately labeling malicious traffic data. Additionally, edge network devices vulnerable to cyber-attacks often cannot meet the computational demands required to deploy deep learning models. The rapid mutation of malicious activities further underscores the need for models with strong generalization capabilities to adapt to evolving threats. This paper introduces an innovative few-shot malicious traffic classification method that is precise, lightweight, and exhibits enhanced generalization. By refining traditional transfer learning, the source model is segmented into public and private feature extractors for stepwise transfer, enhancing parameter alignment with specific target tasks. Neuron importance is then sorted based on the task of each feature extractor, enabling precise pruning to create an optimal lightweight model. An adversarial network guiding principle is adopted for retraining the public feature extractor parameters, thus strengthening the model's generalization power. This method achieves an accuracy of over 97% on few-shot datasets with no more than 15 samples per class, has fewer than 50 K model parameters, and exhibits superior generalization compared to baseline methods.

摘要

对恶意流量进行分类,从而追踪攻击者恶意家族的脉络,是保障网络安全的基础。然而,目前所采用的深度学习方法需要大量数据,这与获取和准确标记恶意流量数据所面临的挑战相冲突。此外,易受网络攻击的边缘网络设备往往无法满足部署深度学习模型所需的计算要求。恶意活动的快速变异进一步凸显了对具有强大泛化能力的模型的需求,以适应不断演变的威胁。本文介绍了一种创新的少样本恶意流量分类方法,该方法精确、轻量级且具有更强的泛化能力。通过改进传统的迁移学习,将源模型分割为公共和私有特征提取器进行逐步迁移,增强与特定目标任务的参数对齐。然后根据每个特征提取器的任务对神经元重要性进行排序,可以进行精确剪枝以创建最优的轻量级模型。采用对抗网络指导原则对公共特征提取器参数进行重新训练,从而增强模型的泛化能力。该方法在每个类别不超过15个样本的少样本数据集上实现了超过97%的准确率,模型参数少于5万个,并且与基线方法相比具有卓越的泛化能力。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/08526e83c61b/41598_2024_73342_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/990507b71b4f/41598_2024_73342_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/155be1434aac/41598_2024_73342_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/ca0e22b2a592/41598_2024_73342_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/de61375956e1/41598_2024_73342_Figa_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/a3ef5a2de584/41598_2024_73342_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/b75929efa2e6/41598_2024_73342_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/8844b1b4231b/41598_2024_73342_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/08526e83c61b/41598_2024_73342_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/990507b71b4f/41598_2024_73342_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/155be1434aac/41598_2024_73342_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/ca0e22b2a592/41598_2024_73342_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/de61375956e1/41598_2024_73342_Figa_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/a3ef5a2de584/41598_2024_73342_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/b75929efa2e6/41598_2024_73342_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/8844b1b4231b/41598_2024_73342_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7883/11493955/08526e83c61b/41598_2024_73342_Fig7_HTML.jpg

相似文献

1
A lightweight model design approach for few-shot malicious traffic classification.一种用于少样本恶意流量分类的轻量级模型设计方法。
Sci Rep. 2024 Oct 21;14(1):24710. doi: 10.1038/s41598-024-73342-7.
2
A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach.一种使用混合学习方法识别恶意 DNS over HTTPS 流量的轻量级两阶段方案。
Sensors (Basel). 2023 Mar 27;23(7):3489. doi: 10.3390/s23073489.
3
Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure.用于云基础设施中加密网络流量检测与分类的智能模型。
PeerJ Comput Sci. 2024 May 27;10:e2027. doi: 10.7717/peerj-cs.2027. eCollection 2024.
4
Efficient Detection of Malicious Traffic Using a Decision Tree-Based Proximal Policy Optimisation Algorithm: A Deep Reinforcement Learning Malicious Traffic Detection Model Incorporating Entropy.使用基于决策树的近端策略优化算法高效检测恶意流量:一种结合熵的深度强化学习恶意流量检测模型
Entropy (Basel). 2024 Jul 30;26(8):648. doi: 10.3390/e26080648.
5
TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM.TSFN:一种使用BERT和LSTM的新型恶意流量分类方法
Entropy (Basel). 2023 May 19;25(5):821. doi: 10.3390/e25050821.
6
A hybrid feature weighted attention based deep learning approach for an intrusion detection system using the random forest algorithm.基于混合特征加权注意力的深度学习方法与随机森林算法在入侵检测系统中的应用。
PLoS One. 2024 May 23;19(5):e0302294. doi: 10.1371/journal.pone.0302294. eCollection 2024.
7
Multi-Task Scenario Encrypted Traffic Classification and Parameter Analysis.多任务场景加密流量分类与参数分析
Sensors (Basel). 2024 May 12;24(10):3078. doi: 10.3390/s24103078.
8
An Adaptive Temporal Convolutional Network Autoencoder for Malicious Data Detection in Mobile Crowd Sensing.一种用于移动人群感知中恶意数据检测的自适应时间卷积网络自动编码器
Sensors (Basel). 2024 Apr 7;24(7):2353. doi: 10.3390/s24072353.
9
Malicious Traffic Identification with Self-Supervised Contrastive Learning.基于自监督对比学习的恶意流量识别
Sensors (Basel). 2023 Aug 17;23(16):7215. doi: 10.3390/s23167215.
10
A conditional GAN-based approach for enhancing transfer learning performance in few-shot HCR tasks.基于条件生成对抗网络的少样本 HCR 任务中迁移学习性能增强方法。
Sci Rep. 2022 Sep 29;12(1):16271. doi: 10.1038/s41598-022-20654-1.

本文引用的文献

1
EvoPruneDeepTL: An evolutionary pruning model for transfer learning based deep neural networks.EvoPruneDeepTL:一种用于基于迁移学习的深度神经网络的进化剪枝模型。
Neural Netw. 2023 Jan;158:59-82. doi: 10.1016/j.neunet.2022.10.011. Epub 2022 Nov 4.
2
Transfer-Learning-Based Intrusion Detection Framework in IoT Networks.基于迁移学习的物联网网络入侵检测框架。
Sensors (Basel). 2022 Jul 27;22(15):5621. doi: 10.3390/s22155621.
3
BERT-Promoter: An improved sequence-based predictor of DNA promoter using BERT pre-trained model and SHAP feature selection.
BERT-启动子:一种使用BERT预训练模型和SHAP特征选择的基于序列的DNA启动子改进预测器。
Comput Biol Chem. 2022 Aug;99:107732. doi: 10.1016/j.compbiolchem.2022.107732. Epub 2022 Jul 14.