ContraMTD: An Unsupervised Malicious Network Traffic Detection Method based on Contrastive Learning
Keywords: Malicious network traffic detection, Contrastive learning, Graph neural network
Abstract: Malicious traffic detection has been a focal point in the field of network security, and deep learning-based approaches are emerging as a new paradigm. However, most of them are supervised methods, which highly depend on well-labeled data, and fail to handle unknown or continuously evolving attacks. Unsupervised methods alleviate the need for labeled data, but existing methods are often limited to detecting anomalies either in vertical perspective through historical comparisons or in horizontal perspective by comparing with concurrent entities. Relying on data from a single perspective is unreliable, and it limits the model's accuracy and generalizability. In this paper, we propose a novel method ContraMTD based on contrastive learning, which comprehensively considers both vertical and horizontal perspectives. ContraMTD extracts local behavior features and global interaction features from normal network traffic by proposed SEC and DE-GAT respectively, then employs contrastive learning to learn the relationship, especially consistency between them, and finally detects malicious traffic through a multi-round scoring approach. We conduct extensive experiments on three datasets, including a self-collected dataset, and the results demonstrate that our method outperforms many state-of-the-art methods in the domain of unsupervised malicious traffic detection.
Track: Security
Submission Guidelines Scope: Yes
Submission Guidelines Blind: Yes
Submission Guidelines Format: Yes
Submission Guidelines Limit: Yes
Submission Guidelines Authorship: Yes
Student Author: Yes
Submission Number: 1020
Loading