Go to OpenReview Public Article DBLP homepageMetaSSL-ETD: Robust Detection of Malicious Encrypted Traffic Based on Semi-supervised Meta-learning
Abstract: The widespread use of traffic encryption technology provides more effective security protection for data transmission. However, encrypted traffic effectively conceals attack features, posing new challenges to traffic-based attack detection technologies. Currently, existing attack detection methods for encrypted traffic generally rely on a large number of publicly available labeled datasets for training, yet the number of available real attack samples is extremely scarce. In addition, the strong concealment of encrypted traffic brings great difficulties to the data labeling work, resulting in an extreme shortage of labeled real data. The scarcity of training data caused by the small sample size and the lack of labels leads to poor generalization ability of existing methods when applied in actual network environments, and the actual detection ability is significantly lower than that during training. To address the above issues, this paper proposes a detection method named MetaSSL-ETD, which constructs a two-tier optimization mechanism based on the meta-learning framework. In the inner loop of meta-learning, the supervised loss is integrated with the pseudo-label generation method based on temperature scaling to optimize the local parameters, enabling adaptation to data with few labels. In the outer loop, the consistency loss is combined to optimize the global parameters, achieving the transfer of the model's capabilities in small-sample scenarios. Experimental results show that MetaSSL-ETD improves the performance by 9.1 percentage points compared with the baseline when the labeled data accounts for only 10%, and the accuracy in detecting small-sample types that were not involved in the training reaches as high as 97.81%.
External IDs:dblp:conf/icic/WangDLLWS25
Loading