Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1109/tifs.2020.2991876

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Conventional intrusion detection systems based on supervised learning techniques require a large number of samples for training, while in some scenarios, such as zero-day attacks, security agencies can only intercept a limited number of shots of malicious samples. Therefore, there is a need for few-shot detection. In this paper, a detection method based on a meta-learning framework is proposed for this purpose. The proposed method can be used to distinguish and compare a pair of network traffic samples as a basic task of learning, including a normal unaffected sample and a malicious one. To accomplish this task, we design a deep neural network (DNN) named FC-Net, which mainly comprises two parts: feature extraction network and comparison network. FC-Net learns a pair of feature maps for classification from a pair of network traffic samples, then compares the obtained feature maps, and finally determines whether the pair of samples belongs to the same type. To evaluate the proposed detection method, we construct two datasets for few-shot network intrusion detection based on real network traffic data sources, using a specifically developed approach. The experimental results indicate that the proposed detection method is universal and is not limited to specific datasets or attack types. Training and testing on the same datasets demonstrate that the proposed method can achieve the average detection rate up to 98.88%. The outcome of training on one dataset and testing on the other one confirms that the proposed method can achieve better performance. In a few-shot scenario, malicious samples in an untrained dataset can be detected successfully, and the average detection rate is up to 99.62%.

Ruonan Wang,Minhuan Huang,Jinjing Zhao,Hongzheng Zhang,Wenjing Zhong,Zhaowei Zhang,Liqiang He

DOI: https://doi.org/10.1038/s41598-024-73342-7

IF: 4.6

2024-10-23

Scientific Reports

Abstract:Classifying malicious traffic, which can trace the lineage of attackers' malicious families, is fundamental to safeguarding cybersecurity. However, the deep learning approaches currently employed require substantial volumes of data, conflicting with the challenges in acquiring and accurately labeling malicious traffic data. Additionally, edge network devices vulnerable to cyber-attacks often cannot meet the computational demands required to deploy deep learning models. The rapid mutation of malicious activities further underscores the need for models with strong generalization capabilities to adapt to evolving threats. This paper introduces an innovative few-shot malicious traffic classification method that is precise, lightweight, and exhibits enhanced generalization. By refining traditional transfer learning, the source model is segmented into public and private feature extractors for stepwise transfer, enhancing parameter alignment with specific target tasks. Neuron importance is then sorted based on the task of each feature extractor, enabling precise pruning to create an optimal lightweight model. An adversarial network guiding principle is adopted for retraining the public feature extractor parameters, thus strengthening the model's generalization power. This method achieves an accuracy of over 97% on few-shot datasets with no more than 15 samples per class, has fewer than 50 K model parameters, and exhibits superior generalization compared to baseline methods.

multidisciplinary sciences

Changbin Xiao,Lei Xie,Huifang Chen

DOI: https://doi.org/10.1109/eit63098.2024.10762098

2024-01-01

Abstract:In the complicated modern network, an effective intrusive traffic detection (ITD) scheme is paramount for enhancing the cybersecurity. Due to the continuous dynamics of data and the introduction of new classes, the existing ITD methods based on deep learning primarily reliant on joint training face challenges. And the frequent retraining is in the price of real-time responsiveness and computational resource. Moreover, the incremental learning strategy is dependent on exemplar sets heavily, which results in a significant storage cost for retaining old-class exemplars. Hence, the ITD problem under evolving network threats should be resolved. In this paper, we propose an adaptive and lightweight ITD method within a class incremental learning (ALCIL) framework. In the proposed ALCIL framework, the attention mechanism and prototype extraction technique are combined to guarantee precise and efficient feature extraction from new threats, as well as reducing the storagerequirement significantly. The design of our framework aims to mitigate catastrophic forgetting, thereby ensuring that the system retains knowledge of earlier classes as it integrates new ones.

Zhuoxue Song,Ziming Zhao,Fan Zhang,Gang Xiong,Guang Cheng,Xinjie Zhao,Shize Guo,Binbin Chen

DOI: https://doi.org/10.1109/TDSC.2023.3245411

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Traffic classification occupies a significant role in cybersecurity and network management. The widespread of encryption transmission protocols such as SSL/TLS has led to the dominance of deep learning based approaches. In cybersecurity, strong adversaries often complicate their strategies by constantly developing emerging attacks. Meanwhile, security practitioners desire to grasp the reasons for inference results. However, existing deep learning approaches lack efficient adaptation for incremental traffic types and often have less interpretability. In this paper, we propose I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN, an Incremental and Interpretable Recurrent Neural Network for encrypted traffic classification. The I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN proposes a novel propagation process to extract the sequence fingerprints from sessions with local robustness. Meanwhile, this proposal provides interpretability including time-series feature attribution and inter-class similarity portrait. Moreover, we design I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN in an incremental manner to adapt to emerging traffic types. The I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN only needs to train an additional set of parameters for the newly added traffic type rather than retraining the whole model with the entire dataset. Extensive experimental results show that our I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN can achieve remarkable performance in traffic classification, incremental learning, and model interpretability. Compared with other local interpretability methods, our I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN exhibits excellent stability, robustness, and effectiveness in the interpretation of network traffic data.

Yige Chen,Tianning Zang,Yongzheng Zhang,Yuan Zhou,Linshu Ouyang,Peng Yang

DOI: https://doi.org/10.1109/icc42927.2021.9500619

2021-01-01

Abstract:With the rising popularity of mobile networks and applications, network traffic classification has gradually become essential to mobile network management and cyberspace security. Existing state-of-the-art methods have achieved high accuracy in the closed-world mobile encrypted traffic classification, where the classifier only needs to process the classes seen in the training. When we update the dataset with new mobile applications, these methods must retrain a new classifier from scratch to learn the knowledge of all applications because directly fine-tuning the existing classifier would lead to the catastrophic forgetting problem. Thus, it is challenging to incrementally add new applications to the classification system while preserving the learned knowledge of the existing classifier. To tackle this issue, we propose an incremental learning framework based on the one vs rest (OvR) strategy and neural network classifiers. Moreover, we adopt a sample selection algorithm to balance the conflict between the growing training effort caused by new applications and the high classification accuracy. The experimental results demonstrate that our proposed framework achieves incremental learning with high classification accuracy like the closed-world method, and the selection algorithm significantly reduces training efforts to meet the dataset scale control and classification accuracy requirement in the lifetime incremental learning.

W Yang,XC Yun,LJ Zhang

DOI: https://doi.org/10.1109/icmlc.2005.1527625

2005-01-01

Abstract:This paper proposes an adaptive on-line intrusion detection model based on incremental rule learning. This model can make self-learning over the ever-emerged new network behavior examples and dynamically modify behavior profile of the model, which overcomes the disadvantage that the traditional static detecting model must relearn over all the old and new examples, even can't relearn because of limited memory size. The experiment results validate the feasibility and effectivity of the presented adaptive intrusion detection model.

Qiankun Li,Juan Li,Yao Li,Feng Jiu,Yunxia Chu

DOI: https://doi.org/10.4018/ijitsa.343317

2024-05-10

International Journal of Information Technologies and Systems Approach

Abstract:A malicious traffic sample adaptive enhancement device based on Deep Convolutional Generative Adversarial Network (DCGAN) is designed to address the issue of imbalanced network traffic data distribution, aiming to enhance the accuracy and efficiency of anomaly detection. By leveraging generative adversarial network technology, this device can generate samples similar to real malicious traffic to balance the training dataset. It utilizes the generator and discriminator of the Deep Convolutional Generative Adversarial Network (DCGAN), combined with the residual network (ResNet) in the CNN model, to enhance the quality of generated samples. The device can switch states to adapt to various network environments and has been experimentally validated for its effectiveness and feasibility.Moreover, employing an adaptive device, the samples of malicious traffic are adjusted. Experimental analysis demonstrates that the device significantly enhances the accuracy of anomaly traffic detection, improves robustness, and provides robust support for network security protection.

Qing Liao,Tianqi Li,Wei Zhang

DOI: https://doi.org/10.1109/iceict.2019.8846395

2019-01-01

Abstract:Traffic classification plays an important role in network traffic analysis. In this paper, an online network traffic classification method based on deep learning was proposed. By pre-training CNN and fine-tuning the fully connected layer, the complexity of model update is greatly reduced, thus enabling online learning. To deal with the stability-plasticity dilemma, we introduce a proficiency mechanism. The proposed method uses the raw binary data of packet header as input of the model instead of statistical features, which avoid complex feature selection process. And it can identify traffic by a small number of packets, which meets the needs of early stage identification. Besides, our model has the ability of online learning, and can adapt dynamically to the network environment. Experimental results show good performance of the proposed method in both accuracy and speed on traffic classification task.

Jingmei Li,Di Xue,Weifei Wu,Jiaxiang Wang

DOI: https://doi.org/10.1155/2020/6309243

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Information security is an important research area. As a very special yet important case, malware classification plays an important role in information security. In the real world, the malware datasets are open-ended and dynamic, and new malware samples belonging to old classes and new classes are increasing continuously. This requires the malware classification method to enable incremental learning, which can efficiently learn the new knowledge. However, existing works mainly focus on feature engineering with machine learning as a tool. To solve the problem, we present an incremental malware classification framework, named "IMC," which consists of opcode sequence extraction, selection, and incremental learning method. We develop an incremental learning method based on multiclass support vector machine (SVM) as the core component of IMC, named "IMCSVM," which can incrementally improve its classification ability by learning new malware samples. In IMC, IMCSVM adds the new classification planes (if new samples belong to a new class) and updates all old classification planes for new malware samples. As a result, IMC can improve the classification quality of known malware classes by minimizing the prediction error and transfer the old model with known knowledge to classify unknown malware classes. We apply the incremental learning method into malware classification, and the experimental results demonstrate the advantages and effectiveness of IMC.

Jinhui Ning,Guan Gui,Yu Wang,Jie Yang,Bamidele Adebisi,Song Ci,Haris Gacanin,Fumiyuki Adachi

DOI: https://doi.org/10.1109/jiot.2021.3131981

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Malware traffic classification (MTC) is a key technology for anomaly and intrusion detection in secure Industrial Internet of Things (IIoT). Traditional MTC methods based on port, payload, and statistic depend on the manual-designed features, which have low accuracy. Recently, deep-learning methods have attracted a significant attention due to their high accuracy in terms of classification. However, in practical application scenarios, deep-learning methods require a large amount of labeled samples for training, while the available labeled samples for training are very rare. Furthermore, the preparation of a large amount of labeled samples requires a lot of labor costs. To solve these problems, this article proposes three methods based on semisupervised learning (SSL), transfer learning (TL), and domain adaptive (DA), respectively. Our proposed methods use a large amount of unlabeled data collected in the Internet traffic, which can greatly improve the classification accuracy with few labeled samples. Then, we use the DA method to solve the mismatch problem between the source domain and the target domain in the TL process. The proposed method is not only applicable to the shallow network but also to the deep neural network structure, and can achieve better classification results. Experimental results show that our proposed methods can satisfy the requirement of MTC in the case of few labeled samples in IIoT. The source code for all the experiments is available at GitHub.The code of this article can be downloaded from GitHub link: https://github.com/yzjh/Keras-MTC-DA-Ladder.

Xingtong Liu,Meng Shen,Laizhong Cui,Ke Ye,Jizhe Jia,Guangchun Yue

DOI: https://doi.org/10.1109/smartworld-uic-atc-scalcom-digitaltwin-pricomp-metaverse56740.2022.00080

2022-01-01

Abstract:Malware traffic is constantly evolving and remains destructive. The detection and classification of malware traffic is crucial for maintaining cyberspace security. Only by swiftly and accurately detecting and classifying malware traffic can user privacy and cyberspace security be effectively protected.In this paper, we propose FewFine, an approach for few-shot malware traffic classification based on transfer learning. We initially pre-train a detection model and two classification models with substantial quantity of malware and application traffic samples. For classifying new types of malware traffic accurately and promptly, we utilize transfer learning based on fine-tuning strategy and freeze several blocks in the pre-trained model. Utilizing prior knowledge from the pre-trained models, we leverage few samples of novel classes to perform accurate malware detection and classification. We execute extensive experiments on publicly available datasets to evaluate the effectiveness of FewFine. In model pre-training, with considerable number of samples, the accuracy of malware detection and classification can reach 0.99. The pre-trained models are saved for fine-tuning. When detecting and classifying novel malware traffic, FewFine can achieve the accuracy of 0.95 leveraging only 10 samples per class through fine-tuning the pre-trained model. It outperforms methods under comparison in terms of accuracy and efficiency.

Chaopeng Li,Jinlin Wang,Xiaozhou Ye

DOI: https://doi.org/10.14704/nq.2018.16.5.1391

2018-01-01

NeuroQuantology

Abstract:In the studies of intrusion detection/prevention systems (IDS/IPS) and network security situational awareness, malicious traffic detection has been given significantly more attention to prevent malicious traffic. Meanwhile, with the development of machine learning technology, an increasing number of algorithms and models have been employed for attack detection. Previous studies generally used common and typical machine learning models such as SVM, KNN, or a random forest. However, the bottleneck of these types of approaches is two-fold. The input of the model is constructed using the feature engineering method of artificially designed representation, which requires a substantial amounts expertise. Additionally, most detection methods ignore the temporal information between network packets in one micro-flow. In this paper, we regard malicious traffic detection as a classification task and propose a hybrid model that combines a recurrent neural network (RNN) with restricted Boltzmann machines (RBM) which take byte-level raw data as input without feature engineering. Specifically, distributed embedding is utilized to pre-process network data to make it more suitable for deep neural network models. Subsequently, an RBM model is used to extract the feature vectors of the network packets and an RNN model is used to extract the flow feature vector. Finally, the flow vectors are sent to the Softmax layer to obtain the detection result. Experiments based on the ISCX-2012 and DARPA-1998 published datasets show that our proposed RNN-RBM model has a greater detection accuracy, recall rate, and lower false alarm rate than most traditional machine learning models. This proves the effectiveness of the proposed RNN-RBM model in malicious traffic detection.

Ziyang Wu,Christina Baek,Chong You,Yi Ma

DOI: https://doi.org/10.1109/cvpr46437.2021.00118

2021-01-01

Abstract:Current deep learning architectures suffer from catastrophic forgetting, a failure to retain knowledge of previously learned classes when incrementally trained on new classes. The fundamental roadblock faced by deep learning methods is that the models are optimized as "black boxes," making it difficult to properly adjust the model parameters to preserve knowledge about previously seen data. To overcome the problem of catastrophic forgetting, we propose utilizing an alternative "white box" architecture derived from the principle of rate reduction, where each layer of the network is explicitly computed without back propagation. Under this paradigm, we demonstrate that, given a pretrained network and new data classes, our approach can provably construct a new network that emulates joint training with all past and new classes. Finally, our experiments show that our proposed learning algorithm observes significantly less decay in classification performance, outperforming state of the art methods on MNIST and CIFAR-10 by a large margin and justifying the use of "white box" algorithms for incremental learning even for sufficiently complex image data.

Yuanjun Xia,Shi Dong,Tao Peng,Tao Wang

DOI: https://doi.org/10.1109/msn53354.2021.00083

2021-12-01

Abstract:With the continuous development of information technology, the network as the infrastructure of the information age has become an indispensable and vital aspect of our daily lives. With the popularization of 5G technology, the number of handheld devices has increased significantly. Although it has brought great convenience to our production and life, it has also introduced new security risks, making the network more likely to be infiltrated and attacked. Currently, abnormal network traffic detection technology has become a vital part of network security, effectively protecting the network and computer systems from intrusion and maintaining normal operation. In the network abnormal traffic detection experiment based on simulation, most researchers use public and well-known datasets, and different datasets contain different attack samples. When testing on different datasets, the model needs to be retrained, significantly increasing the consumption of computer resources. The paper proposes a wireless network abnormal traffic detection method based on the deep transfer adversarial environment dueling double deep Q-Network (DTAE-Dueling DDQN). First, use the old NSL-KDD dataset to train AE-Dueling DDQN and save the training model weights. Then, use the idea of fine-tuning, transfer the weight of the AE-Dueling DDQN training is completed to the target model, and fine-tune the target model using the newer AWID dataset in the WiFi environment. The experiment compares the current representative deep learning (DL) and deep reinforcement learning (DRL) methods. Experimental results show that our proposed method saves computer resources significantly and achieves good results in all evaluation indicators.

Wengang Ma,Yadong Zhang,Jin Guo,Kehong Li

DOI: https://doi.org/10.1016/j.comcom.2021.08.005

IF: 5.047

2021-01-01

Computer Communications

Abstract:Problems such as a vanishing gradient and overfitting will occur when a recurrent neural network (RNN) is exploited to detect abnormal network traffic. In addition, some network traffic is unbalanced, which leads to low detection accuracy. Therefore, an unbalanced abnormal traffic detection method has been proposed. It is composed of the improved bidirectional residual gated recurrent unit (Res-BIGRU) and integrated dynamic extreme learning machine (IDELM). First, the candidate hidden state activation function of the GRU is changed into an unsaturated activation function. The residual connection is used to avoid the vanishing gradient. The purpose of alleviating network degradation is achieved, and the traffic features extracted are better. Second, an IDELM is proposed to solve the unbalanced classification. The minority samples are generated by the IDELM model. The set model in game theory is used to compute the combined weight, which improves the fitting effect. Third, two IDELMs are used to update the final classification results. Fourth, four network datasets and IoT datasets are used to verify the performance. The average accuracy on four network datasets is 91.11% when samples are unbalanced. Furthermore, it can be concluded that the improved Res-BIGRU and IDELM strategy is effective. Better classification results can be achieved when network traffic is unbalanced. In particular, the performance is better in unbalanced NSL-KDD datasets. The index values obtained are the best compared with other methods. It is also suitable for intrusion detection of the Internet of Things, which has good performance. The further advantage lies in that the robustness is better when there are other sample interferences.

Pinghong Li,Yong Wang,Xiaoling Tao

DOI: https://doi.org/10.1007/978-3-642-34522-7_100

2013-01-01

Abstract:In order to solve low accuracy, time consumption and limited application range in traditional network traffic classification, a semi-supervised network traffic classification method based on incremental learning is proposed. During training Support Vector Machine (SVM), it takes full advantage of a large number of unlabeled samples and a small amount of labeled samples to modify the classifiers. By utilizing incremental learning technology to void unnecessary repetition training, improve the situation of original classifiers' low accuracy and time-consuming when new samples are added. Combined with the Synergies of multiple classifiers, this paper proposes an improved Tri-training method to train multiple classifiers, overcoming the strict limitation of traditional Co-verification for classification methods and sample types. Experiments' results show that the proposed algorithm has excellent accuracy and speed in traffic classification. © 2013 Springer-Verlag.

Ke Xu,Xixi Zhang,Yu Wang,Tomoaki Ohtsuki,Bamidele Adebisi,Hikmet Sari,Guan Gui

DOI: https://doi.org/10.1109/jiot.2024.3357072

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Malware traffic classification (MTC) is one of the important techniques to ensure the security of cyberspace, which aims to detect anomalies and classify different types of network traffic. Recently, MTC methods based on deep learning (DL) have shown their excellent performance. However, these DL-based methods rely on datasets with manually labeled samples for training, which are costly and hard to obtain. To address this problem, this paper proposes a novel self-supervised MTC method based on the framework of masked auto-encoder (MAE). Specifically, MAE first constructs a reasonable unsupervised pretext task with a random masking strategy, which reduces the redundant information in samples and speeds up the pre-training process. The transformer-based backbone network then efficiently extracts features from the non-redundant traffic data efficiently. The proposed MTC-MAE method employs self-supervised learning on a large-scale unlabeled dataset to acquire unbiased features, and fine-tunes on specific datasets to adapt to diverse traffic classification scenarios. Simulation experiments show that our proposed MTC-MAE method is able to learn universal features with high quality and has excellent classification performance on various downstream datasets. The datasets we used, code implementation, and pre-trained models are available on GitHub.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shi Dong,Yuanjun Xia,Tao Wang

DOI: https://doi.org/10.1109/mwc.011.2200320

IF: 12.777

2024-01-01

IEEE Wireless Communications

Abstract:Because wireless communication network attacks continue to evolve, cyber security is becoming more and more important, requiring network security solutions to be constantly updated. In addition, wireless communication network traffic in high-speed networks is massive, high-dimensional, dynamic, and so on, making attacks difficult to detect in real-time. Unknown attacks are also difficult to identify. This article proposes a framework for abnormal traffic detection based on deep reinforcement learning, mainly consisting of four stages: data collection, dataset pre-processing, feature selection, and model detection. Experimental results show that the abnormal traffic detection framework has improved detection performance.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Di Wu,Binxing Fang,Junnan Wang,Qixu Liu,Xiang Cui

DOI: https://doi.org/10.1109/ICC.2019.8761337

2019-01-01

Abstract:Botnets are one of predominant threats to Internet security. To date, machine learning technology has wide application in botnet detection because that it is able to summarize the features of existing attacks and generalize to never-before-seen botnet families. However, recent works in adversarial machine learning have shown that attackers are able to bypass the detection model by constructing specific samples, which due to many algorithms are vulnerable to almost imperceptible perturbations of their inputs. According to the degree of adversaries' knowledge about the model, adversarial attacks can be classified into several groups, such as gradient- and score-based attacks. In this paper, we propose a more general framework based on deep reinforcement learning (DRL), which effectively generates adversarial traffic flows to deceive the detection model by automatically adding perturbations to samples. Throughout the process, the target detector will be regarded as a black box and more close to realistic attack circumstance. A reinforcement learning agent is equipped for updating the adversarial samples by combining the feedback from the target model (i.e. benign or malicious) and the sequence of actions, which is able to change the temporal and spatial features of the traffic flows while maintaining the original functionality and executability. The experiment results show that the evasion rates of adversarial botnet flows are significantly improved. Furthermore, with the perspective of defense, this research can help the detection model spot its defect and thus enhance the robustness.

Yueqin Ge,Yali Gao,Xiaoyong Li,Binsi Cai,Jinwen Xi,Shui Yu

DOI: https://doi.org/10.1109/jiot.2024.3413580

2024-01-01

Abstract:In the Internet of Things (IoT) scenario, the device diversity and data sparsity present a significant challenge for malicious traffic detection, notably the "small sample problem" where insufficient data hampers the performance of the deep learning methods that depend on large volumes of labeled data for training. Transfer learning (TL) has the capability to transfer knowledge from a label-rich but heterogeneous domain to a label-sparse domain, making it a powerful tool for addressing challenges in IoT malicious traffic detection. To address these challenges, we introduce the EMTD-SSC model, a novel enhanced malicious traffic detection model that leverages TL under small sample conditions in IoT environments. Initially, our approach includes a comprehensive labeled data set that merges a small-scale IoT intrusion detection domain with the traditional intrusion detection domain to enrich semantic information transfer from the source to target domains. The EMTD-SSC model employs dual residual convolutional autoencoders for robust feature extraction and transfer, incorporating skip connections to expedite the model convergence and minimize information loss. Furthermore, to optimize transfer efficiency, we minimize the multilayer multi kernel maximum mean discrepancy (MLMK-MMD) across corresponding network layers, facilitating effective domain adaptation. Through unsupervised training and subsequent fine tuning on the target domain data, the model significantly enhances anomaly detection capabilities. Extensive experiments on the two well-known public data sets demonstrate that the EMTD-SSC model's effectiveness, achieving an impressive 94.8% accuracy in the binary classification tasks.