期刊论文详细信息
IEEE Access
Unknown Attack Detection Based on Zero-Shot Learning
Cheng Zhang1  Zhun Zhang2  Qihe Liu2  Shilin Qiu2  Shijie Zhou2 
[1] School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China;School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, China;
关键词: Zero-shot learning;    network intrusion;    unknown attack detection;    sparse semantic autoencoder;   
DOI  :  10.1109/ACCESS.2020.3033494
来源: DOAJ
【 摘 要 】

In recent years, due to the frequent occurrence of network intrusions, more and more researchers have begun to focus on network intrusion detection. However, it is still a challenge to detect unknown attacks. Currently, there are two main methods of unknown attack detection: clustering and honeypot. But they still have unsolved problems such as difficulty in collecting unknown attack samples and failure to detect on time. Zero-Shot learning is proposed to deal with the problem in this article, which can recognize unknown attacks by learning the mapping relations between feature space and semantic space (such as attribute space). When the semantic descriptions of all attacks (including known and unknown attacks) are provided, the classifier built by Zero-Shot learning can extract common semantic information among all attacks and construct connections between known and unknown attacks. The classifier then utilizes the connections to classify unknown attacks although there are no samples for unknown attacks. In this article, we first propose to use Zero-Shot learning to overcome the challenge of unknown attack detection and illustrate the feasibility of this method. Secondly, we then propose a novel method of Zero-Shot learning based on sparse autoencoder for unknown attack detection. This method maps the feature of known attacks to the semantic space, and restores the semantic space to the feature space by constrains of reconstruction error, and establishes the feature to semantic mapping, which is used to detect unknown attacks. Verification tests have been carried out by using the public dataset NSL_KDD. From the experiments conducted in this work, the results show that the average accuracy reaches 88.3%, which performs better than other methods.

【 授权许可】

Unknown   

  文献评价指标  
  下载次数:0次 浏览次数:0次