Abstract:Fine-grained attack detection is an important network security task. A large number of machine learning/deep learning(ML/DL) based algorithms have been proposed. However, attacks not present in the training set pose a challenge to the model (open-set problem). Further, ML/DL based models face the problem of adversarial attacks. Despite the large amount of work attempting to address these problems, there are still some challenges as follows. First, the open-set problem in fine-grained attack detection is difficult to solve because there is no effective representation of the distribution of unknown attacks. Second, in the open set environment, how the fine-grained attack detection model resists the adversarial attack is a more difficult problem. For example, the presence of unknown attacks poses a challenge for adversarial defense. For these reasons, we propose the RFG-HELAD model, which consists of a K classification model based on deep neural network (DNN) with contrastive learning (CL), and a classification model combining a generative adversarial networks (GAN) with two discriminators and deep k-nearest neighbors (Deep kNN). Among them, Deep kNN uses latent features from GAN and contrastive learning as input, which is essentially a distance-based out-of-distribution detection algorithm used to determine unknown attacks. The large category of unknown attacks has been added to the K classification, so it is a classification. To further improve the robustness of the RFG-HELAD model, we perform Fourier transform as well as feature fusion on the features, and also conduct adversarial training on the K classification model. Generative adversarial training of our GAN model can implicitly defend against adversarial attack. Experiments show that our model is superior to other state-of-the-art (SOTA) models in the presence of unknown attacks as well as under adversarial attacks. Especially, our model improves the accuracy by at least 18.7% over the corresponding SOTA model with adversarial defense. Further, we discuss the grounded deployment of the model and demonstrate its feasibility.

RFG-HELAD: A Robust Fine-Grained Network Traffic Anomaly Detection Model Based on Heterogeneous Ensemble Learning

HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning

: Towards Fine-Grained Unknown Class Detection Against the Open-Set Attack Spectrum with Variable Legitimate Traffic

DELM: Deep Ensemble Learning Model for Anomaly Detection in Malicious Network Traffic-based Adaptive Feature Aggregation and Network Optimization

CNN-based DGA Detection with High Coverage

An Adversarial Learning Model for Intrusion Detection in Real Complex Network Environments.

Detecting Unknown Threat Based on Continuous-Time Dynamic Heterogeneous Graph Network

Robust Heterogeneous Graph Neural Networks Against Adversarial Attacks.

A Robust Detection and Correction Framework for GNN-Based Vertical Federated Learning.

AKN-FGD: Adaptive Kohonen Network Based Fine-Grained Detection of LDoS Attacks

Cross-domain network attack detection enabled by heterogeneous transfer learning

Robust Hazardous Driving Scenario Detection for Supporting Autonomous Vehicles in Edge-Cloud Collaborative Environments

FLDDoS - DDoS Attack Detection Model Based on Federated Learning.

Malicious Code Detection under 5G HetNets Based on a Multi-Objective RBM Model

SNDGCN: Robust Android malware detection based on subgraph network and denoising GCN network

APT-KGL: an Intelligent APT Detection System Based on Threat Knowledge and Heterogeneous Provenance Graph Learning

GFENet: A Lightweight Network for Efficient Detection of Abnormal Objects in Transmission Line Corridors

CL-GAN: A GAN-based Continual Learning Model for Generating and Detecting AGDs

SEDAT: A Stacked Ensemble Learning-Based Detection Model for Multiscale Network Attacks

A vulnerability detection algorithm based on residual graph attention networks for source code imbalance (RGAN)

A Deep Learning Model for Network Intrusion Detection with Imbalanced Data