Few-Shot Network Traffic Anomaly Detection Based on Siamese Neural Network

Simin Xu; Xueying Han; Tian Tian; Bo Jiang; Zhigang Lu; Chen Zhang

Few-Shot Network Traffic Anomaly Detection Based on Siamese Neural Network

Simin Xu, Xueying Han, Tian Tian, Bo Jiang, Zhigang Lu, Chen Zhang

Published: 01 Jan 2023, Last Modified: 10 Feb 2025ICC 2023EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Network traffic anomaly detection is a critical means to detect network attacks, and plays a very important role in ensuring network security. However, existing network traffic anomaly detection methods rely on large-scale, well-labeled, class-balanced datasets, which are difficult to apply in practical application. Thus, this paper proposes a few shot network traffic anomaly detection method, called “SN-IDS”. “SN-IDS” includes a raw traffic encoding module and a convolution based siamese net(CSNet). The raw traffic encoding module converts the traffic into 3D images. The CSNet uses 3D convolution operations to extract the feature vectors of different traffic sessions from the 3D images and compares them in a metric way to detect anomalies. Experiments on the CICIDS2017 dataset show that the detection accuracy of our proposed method in the 5-shot scenario exceeds the current state-of-the-art methods.

Loading