Tongxin xuebao (Oct 2022)
Method based on contrastive learning for fine-grained unknown malicious traffic classification
Abstract
In order to protect against unknown threats and evasion attacks, a new method based on contrastive learning for fine-grained unknown malicious traffic classification was proposed.Specifically, based on variational auto-encoder (CVAE), it included two classification stages, and cross entropy and reconstruction errors were used for known and unknown traffic classification respectively.Different form other methods, contrastive learning was adopted in different classification stages, which significantly improved the classification performance of the few-shot and unknown (zero-shot) classes.Moreover, some techniques (e.g., re-training and re-sample) combined with contrastive learning further improved the classification performance of the few-shot classes and the generalization ability of model.Experimental results indicate that the proposed method has increased the macro recall of few-shot classes by 20.3% and the recall of unknown attacks by 9.1% respectively, and it also has protected against evasion attacks on partial classes to some extent.