Go to DBLP homepagePayload Level Anomaly Network Traffic Detection via Semi-Supervised Contrastive Learning
Abstract: Anomalous network traffic poses significant threats to network security, compromising network stability and data privacy. While many researchers leverage deep packet inspection techniques to accomplish traffic modeling, they often struggle with the risk of information redundancy and feature noise. To address these challenges, we propose a novel anomaly network traffic detection framework that focuses on packet payload analysis, which contains the key information within network packets. Our framework primarily consists of two components: feature extraction using a semi-supervised approach and distribution modeling via contrastive learning. First, we employ a reconstruction model to acquire the compact representation for the normal traffic during first stage of training. In the second stage of training, we introduce the contrastive learning into anomaly traffic detection, enhancing the learning of packet payloads. Specifically, we propose a novel dual-domain noise generation method, which fabricates pseudo-anomaly samples through a more generalized strategy. During training, a classifier with a hard-sample triplet loss is developed effectively to distinguish pseudo-anomaly samples and original normal samples, archiving the precise classification decisions. For inference, we employ embedded difference produced by the trained classifier to assess the anomaly. Extensive evaluations on three real-world traffic datasets show our framework archives optimal performance, demonstrating its effectiveness and practicality in network anomaly detection. The source code is available at https://github.com/JDHS201128/Anomaly-Network-Traffic-Detection-via-Semi-Supervised-Contrastive-Learning.git.
Loading