Go to DBLP homepageUAD-DPL: An Unknown Encrypted Attack Detection Method Based on Deep Prototype Learning
Abstract: In the field of cybersecurity, a significant concern is the potential for unknown attacks to occur at any moment. The primary obstacle faced by intrusion detection systems lies in the identification of unknown attacks and the differentiation of such threats from benign network traffic and known attack patterns. Many current deep learning approaches struggle to discern the underlying features of these new attack types, especially in the case of encrypted attacks, resulting in inherent inaccuracies. To tackle these challenges, a novel unknown attack detection method based on deep prototype learning (UAD-DPL) is proposed to improve the accuracy of unknown encrypted attack detection. Firstly, a spatiotemporal fusion feature extraction network for encrypted traffic is employed to enhance the feature representation ability. Subsequently, an innovative prototype-based deep feature space learning model is proposed, which utilizes discriminative loss and open loss training to ensure that the learned encrypted traffic features meet the predetermined prior distribution. Finally, an unknown attack recognition approach is designed to effectively identify both known and unknown attacks, and a three-stage training strategy is proposed to train the model. Experimental results indicate that the UAD-DPL method is highly proficient in detecting both known and unknown attacks in encrypted traffic. Moreover, UAD-DPL exhibits promising application potential in open-set network intrusion detection systems.
Loading