IEEE Access (Jan 2024)

Intrusion Traffic Detection and Classification Based on Unsupervised Learning

  • Zhaogen Zhong,
  • Cunxiang Xie,
  • Xibo Tang

DOI
https://doi.org/10.1109/ACCESS.2024.3400213
Journal volume & issue
Vol. 12
pp. 67860 – 67879

Abstract

Read online

To solve the problem that the existing intrusion traffic detection models generally adopt machine learning algorithm and supervised deep learning algorithm, and the classification accuracy of model small samples is low, A unsupervised learning intrusion traffic classification model based on Wasserstein divergence objective for generative adversarial nets (WGAN-div) and information maximizing generative adversarial nets (Info GAN) is presented. The algorithm uses generative adversarial network to optimize the sampling of unbalanced data sets and effectively improves the feature extraction capability of small samples of the model. Firstly, the unbalanced data training set is oversampled by WGAN-div to improve the data distribution. Then, the non-data part is processed by independent thermal coding and integrated with the data part to reduce the complexity of pretreatment. Finally, the Info GAN model is used for data training. Performance evaluation and algorithm performance comparison were carried out in NSL-KDD, CICIDS2017 and UNSW-NB15 data sets. The experimental results show that the accuracy of multi-classification task is 91.1%, 97.1%, 79.9% respectively, and the accuracy of binary classification task is 90.9%, 96.9%, 86.1% respectively. Compared with the classical deep learning algorithm, the Info GAN model has higher accuracy and lower false positive rate, and has higher reliability and engineering application value.

Keywords