当前位置: X-MOL 学术Complex Intell. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Meta learning-based few-shot intrusion detection for 5G-enabled industrial internet
Complex & Intelligent Systems ( IF 5.8 ) Pub Date : 2024-03-25 , DOI: 10.1007/s40747-024-01388-1
Yu Yan , Yu Yang , Fang Shen , Minna Gao , Yuheng Gu

With the formation and popularization of the 5G-enabled industrial internet, cybersecurity risks are increasing, and the limited number of attack samples, such as zero-day, leaves a short response time for security protectors, making it substantially more difficult to protect industrial control systems from new types of malicious attacks. Traditional supervised intrusion detection models rely on a large number of samples for training and their performance needs to be improved. Therefore, there is an urgent need for few-shot intrusion detection. Aiming at the above problems, this paper proposes a detection model based on a meta-learning framework, which aims to effectively improve the accuracy and real-time performance of intrusion detection, and designs a meta-learning intrusion detection model containing a sample generation module, a feature mapping module and a feature metric module. Among them, the sample generation module introduces the residual block into the Natural GAN and proposes a new method to generate high-quality antagonistic samples—Res-Natural GAN, which is used to enhance the antagonism of the generated samples and the feature mining degree, to improve the accuracy of malicious traffic detection; the feature mapping module proposes a new attention mechanism, the multi-head fast attention mechanism, which is applied to the encoder structure of the transformer and combined with a parameter optimization algorithm based on particle swarm mutation to shorten the mapping time and improve the real-time performance of the model while mapping the features effectively; the feature metric module proposes a prototype structure based on a prototype storage update algorithm and combines it with a prototype network to achieve correct classification by measuring the Euclidean distance between the detected samples and the class of prototypes, and to shorten the inference time while ensuring the detection accuracy; finally, the three modules are combined to form a real-time meta-learning intrusion detection model. To evaluate the proposed model, five different types of experiments are conducted on multiple public datasets. The experimental results show that the model has higher detection accuracy than the traditional model for both few-shot and zero-shot malicious attacks, and is not only applicable to 5G-enabled industrial internet, but also generalized to different network environments and attack types.



中文翻译:

基于元学习的 5G 工业互联网小样本入侵检测

随着5G工业互联网的形成和普及,网络安全风险不断加大,零日等攻击样本数量有限,安全防护者的响应时间较短,工业控制防护难度大幅增加系统免受新型恶意攻击。传统的有监督入侵检测模型依赖大量样本进行训练,其性能有待提高。因此,迫切需要少样本入侵检测。针对上述问题,本文提出一种基于元学习框架的检测模型,旨在有效提高入侵检测的准确性和实时性,设计了包含样本生成模块的元学习入侵检测模型、特征映射模块和特征度量模块。其中,样本生成模块将残差块引入到Natural GAN中,提出了一种生成高质量对抗性样本的新方法——Res-Natural GAN,用于增强生成样本的对抗性和特征挖掘程度,提高恶意流量检测的准确性;特征映射模块提出了一种新的注意力机制——多头快速注意力机制,应用于Transformer的编码器结构,并结合基于粒子群变异的参数优化算法,缩短映射时间,提高真实性。有效映射特征时模型的时间性能;特征度量模块提出了基于原型存储更新算法的原型结构,并将其与原型网络相结合,通过测量检测到的样本与原型类别之间的欧氏距离来实现正确的分类,在保证预测精度的同时缩短推理时间。检测精度;最后,将三个模块结合起来形成实时元学习入侵检测模型。为了评估所提出的模型,在多个公共数据集上进行了五种不同类型的实验。实验结果表明,该模型对于少样本和零样本恶意攻击均比传统模型具有更高的检测精度,不仅适用于5G工业互联网,而且可以推广到不同的网络环境和攻击类型。

更新日期:2024-03-25
down
wechat
bug