当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Enhanced Few-Shot Malware Traffic Classification via Integrating Knowledge Transfer With Neural Architecture Search
IEEE Transactions on Information Forensics and Security ( IF 6.8 ) Pub Date : 2024-05-03 , DOI: 10.1109/tifs.2024.3396624 Xixi Zhang 1 , Qin Wang 1 , Maoyang Qin 1 , Yu Wang 1 , Tomoaki Ohtsuki 2 , Bamidele Adebisi 3 , Hikmet Sari 1 , Guan Gui 1
IEEE Transactions on Information Forensics and Security ( IF 6.8 ) Pub Date : 2024-05-03 , DOI: 10.1109/tifs.2024.3396624 Xixi Zhang 1 , Qin Wang 1 , Maoyang Qin 1 , Yu Wang 1 , Tomoaki Ohtsuki 2 , Bamidele Adebisi 3 , Hikmet Sari 1 , Guan Gui 1
Affiliation
Malware traffic classification (MTC) is one of the important research topics in the field of cyber security. Existing MTC methods based on deep learning have been developed based on the assumption of enough high-quality samples and powerful computing resources. However, both are hard to obtain in real applications especially in availability of IoT. In this paper, we propose a few-shot MTC (FS-MTC) method combining knowledge transfer and neural architecture search (i.e. NAS-based FS-MTC) with limited training samples as well as acceptable computational resources, in order to mitigate the identified challenges. Specifically, our proposed method first converts the raw network traffic into traffic images through data pre-processing to serve as input data for the neural network. Second, we use neural architecture search to adaptively search for the effective feature extraction model on the source domain (including Edge-IIoTset, Bot-IoT, and benign USTC-TFC2016). Third, the searched model is pre-trained on source task to achieve the generic feature representation of malware traffic. Finally, we only use few-shot malware traffic samples to fine-tune the pre-trained model to quickly adapt to new types of MTC tasks in realistic network environments. The experimental results show that the proposed NAS-based FS-MTC method has great scalability and classification performance in different FS-MTC tasks, including 5-way K-shot USTC-TFC2016 dataset and 10-way K-shot CIC-IoT dataset. Compared with state-of-the-art methods in the field of malware classification, the proposed NAS-based FS-MTC has higher classification accuracy. Especially in the 1-shot case of the USTC-TFC2016 dataset, its average accuracy is as high as 86.91%.
中文翻译:
通过将知识转移与神经架构搜索集成来增强少样本恶意软件流量分类
恶意软件流量分类(MTC)是网络安全领域的重要研究课题之一。现有的基于深度学习的MTC方法是基于足够的高质量样本和强大的计算资源的假设而发展起来的。然而,这两者在实际应用中很难获得,尤其是在物联网的可用性方面。在本文中,我们提出了一种结合知识转移和神经架构搜索(即基于 NAS 的 FS-MTC)的少样本 MTC(FS-MTC)方法,具有有限的训练样本以及可接受的计算资源,以减轻已识别的问题挑战。具体来说,我们提出的方法首先通过数据预处理将原始网络流量转换为流量图像,作为神经网络的输入数据。其次,我们使用神经架构搜索来自适应地搜索源域上的有效特征提取模型(包括 Edge-IIoTset、Bot-IoT 和良性 USTC-TFC2016)。第三,搜索模型在源任务上进行预训练,以实现恶意软件流量的通用特征表示。最后,我们仅使用少量恶意软件流量样本来微调预训练模型,以快速适应现实网络环境中的新型 MTC 任务。实验结果表明,所提出的基于NAS的FS-MTC方法在不同的FS-MTC任务中具有良好的可扩展性和分类性能,包括5路K-shot USTC-TFC2016数据集和10路K-shot CIC-IoT数据集。与恶意软件分类领域最先进的方法相比,所提出的基于 NAS 的 FS-MTC 具有更高的分类精度。尤其是在USTC-TFC2016数据集的1-shot情况下,其平均准确率高达86.91%。
更新日期:2024-05-03
中文翻译:
通过将知识转移与神经架构搜索集成来增强少样本恶意软件流量分类
恶意软件流量分类(MTC)是网络安全领域的重要研究课题之一。现有的基于深度学习的MTC方法是基于足够的高质量样本和强大的计算资源的假设而发展起来的。然而,这两者在实际应用中很难获得,尤其是在物联网的可用性方面。在本文中,我们提出了一种结合知识转移和神经架构搜索(即基于 NAS 的 FS-MTC)的少样本 MTC(FS-MTC)方法,具有有限的训练样本以及可接受的计算资源,以减轻已识别的问题挑战。具体来说,我们提出的方法首先通过数据预处理将原始网络流量转换为流量图像,作为神经网络的输入数据。其次,我们使用神经架构搜索来自适应地搜索源域上的有效特征提取模型(包括 Edge-IIoTset、Bot-IoT 和良性 USTC-TFC2016)。第三,搜索模型在源任务上进行预训练,以实现恶意软件流量的通用特征表示。最后,我们仅使用少量恶意软件流量样本来微调预训练模型,以快速适应现实网络环境中的新型 MTC 任务。实验结果表明,所提出的基于NAS的FS-MTC方法在不同的FS-MTC任务中具有良好的可扩展性和分类性能,包括5路K-shot USTC-TFC2016数据集和10路K-shot CIC-IoT数据集。与恶意软件分类领域最先进的方法相比,所提出的基于 NAS 的 FS-MTC 具有更高的分类精度。尤其是在USTC-TFC2016数据集的1-shot情况下,其平均准确率高达86.91%。
京公网安备 11010802027423号