The number of malware attempts that try to bypass the existing Network Intrusion Detection System (NIDS) is increasing. To detect illegal access to servers, deep analysis of the server-side network traffic has become increasingly important. However, the existing approaches have serious performance limitations in terms of real-time and accurate traffic detection. These limitations are mainly because of i) the rigid feature extraction and rule matching techniques of NIDS, which are insensitive to incremental network traffic, and ii) the strong correlation and coupling of malicious traffic to large normal traffic. To address these limitations, we propose a Few-shot Latent Dirichlet Generative Learning (FLAG) scheme for semantic-aware traffic detection in this paper. In FLAG, a Latent Dirichlet Allocation (LDA)-based pseudo samples generation algorithm is designated to augment the few-shot training data, which is essential to improve traffic classification accuracy. Furthermore, we propose a Fuzziness Recycle Method (FRM) to further improve the long short-term memory (LSTM)-based classifier’s robustness. Experimental results in real scenarios demonstrate that malicious traffic can be efficiently detected when only few-shot samples are learned. The results also reveal that the proposed scheme outperforms the state-of-the-art methods in detection accuracy.
|Journal||IEEE Transactions on Network and Service Management|
|Publication status||Accepted/In press - 2021|
|MoE publication type||A1 Journal article-refereed|
- Anomaly detection
- Deep learning
- Feature extraction
- Latent Dirichlet
- Machine Learning
- Network Security.
- Pseudo Samples Generation
- Semantic-aware traffic detection