Skip to main content
Springer Nature Link
Log in

Trojan Traffic Detection Based on Meta-learning

  • Conference paper
  • First Online:
Computational Science – ICCS 2021 (ICCS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12743))

Included in the following conference series:

Abstract

At present, Trojan traffic detection technology based on machine learning generally needs a large number of traffic samples as the training set. In the real network environment, in the face of Zero-Day attack and Trojan variant technology, we may only get a small number of traffic samples in a short time, which can not meet the training requirements of the model. To solve this problem, this paper proposes a method of Trojan traffic detection using meta-learning for the first time, which mainly includes the embedded part and the relation part. In the embedding part, we design a neural network combining ResNet and BiLSTM to transform the original traffic into eigenvectors and allocate the meta tasks of each round of training in the form of a C-way K-shot. In the relation part, we design a relationship network improved by dynamic routing algorithm to calculate the relationship score between samples and categories in the meta-task. The model can learn the ability to calculate the difference between different types of samples on multiple meta-tasks. The model can use a small number of samples to complete training and classify quickly according to prior knowledge. In few-shot, our method has better results in Trojan traffic classification than the traditional deep learning method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. He, K., Zhang, X., Ren, S., et al.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  2. Moore, A.W., Zuev, D.: Discriminators for use in flow-based classification. Technical report, Intel Research, Cambridge (2005)

    Google Scholar 

  3. Feizollah, A., Anuar, N.B., Salleh, R., et al.: Comparative study of k-means and mini batch k-means clustering algorithms in android malware detection using network traffic analysis. In: 2014 International Symposium on Biometrics and Security Technologies (ISBAST), pp. 193–197. IEEE (2014)

    Google Scholar 

  4. Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)

    Article  Google Scholar 

  5. Wang, W., Zhu, M., Zeng, X., et al.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), pp. 712–717. IEEE (2017)

    Google Scholar 

  6. Wang, W., Zhu, M., Wang, J., et al.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)

    Google Scholar 

  7. Wang, W., Sheng, Y., Wang, J., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)

    Article  Google Scholar 

  8. Hwang, R.H., Peng, M.C., Nguyen, V.L., et al.: An LSTM-based deep learning approach for classifying malicious traffic at the packet level. Appl. Sci. 9(16), 3414 (2019)

    Article  Google Scholar 

  9. Liu, X., You, J., Wu, Y., et al.: Attention-based bidirectional GRU networks for efficient HTTPS traffic classification. Inf. Sci. 541, 297–315 (2020)

    Article  Google Scholar 

  10. Santoro, A., Bartunov, S., Botvinick, M., et al.: One-shot learning with memory-augmented neural networks. arXiv preprint arXiv:1605.06065 (2016)

  11. Munkhdalai, T., Yu, H.: Meta networks. In: Proceedings of the 34th International Conference on Machine Learning, vol. 70, pp. 2554–2563. JMLR. org (2017)

    Google Scholar 

  12. Ravi, S., Larochelle, H.: Optimization as a model for few-shot learning. In: International Conference on Learning Representations (2017)

    Google Scholar 

  13. Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: ICML Deep Learning Workshop, p. 2 (2015)

    Google Scholar 

  14. Sung, F., Yang, Y., Zhang, L., et al.: Learning to compare: Relation network for few-shot learning. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1199–1208 (2018)

    Google Scholar 

  15. Xu, C., Shen, J., Du, X.: A method of few-shot network intrusion detection based on meta-learning framework. IEEE Trans. Inf. Forensics Secur. PP(99), 1 (2020)

    Article  Google Scholar 

  16. Zhenyan, L., Yifei, Z., Pengfei, Z., et al.: An imbalanced malicious domains detection method based on passive DNS traffic analysis. Secur. Commun. . 2018, 1–7 (2018)

    Google Scholar 

  17. Sabour, S., Frosst, N., Hinton, G.E.: Dynamic routing between capsules. In: Advances in neural Information Processing Systems, pp. 3856–3866 (2017)

    Google Scholar 

  18. Mandal, B., Ghosh, S., Sarkhel, R., et al.: Using dynamic routing to extract intermediate features for developing scalable capsule networks. In: 2019 Second International Conference on Advanced Computational and Communication Paradigms (ICACCP), pp. 1–6. IEEE (2019)

    Google Scholar 

  19. Lin, A., Li, J., Ma, Z.: On learning and learned data representation by capsule networks. IEEE Access 7, 50808–50822 (2019)

    Article  Google Scholar 

  20. Li, S., Yun, X., Zhang, Y., Xiao, J., Wang, Y.: A general framework of trojan communication detection based on network traces. In: IEEE Seventh International Conference on Networking Architecture and Storage, pp. 49–58 (2012)

    Google Scholar 

  21. Jiang, D., Omote, K.: An approach to detect remote access trojan in the early stage of communication. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, Gwangiu, pp. 706–713 (2015). https://doi.org/10.1109/AINA.2015.257

Download references

Acknowledgement

This research is supported by the National Key Research and Development Program of China (Grant No. 2018YFC0824801). It is also partially supported by Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences and Beijing Key Laboratory of Network Security and Protection Technology.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Zijian Jia, Yepeng Yao, Qiuyun Wang, Xuren Wang, Baoxu Liu & Zhengwei Jiang

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Zijian Jia, Yepeng Yao, Baoxu Liu & Zhengwei Jiang

  3. College of Information Engineering, Capital Normal University, Beijing, China

    Xuren Wang

Authors
  1. Zijian Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yepeng Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qiuyun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xuren Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Baoxu Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhengwei Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhengwei Jiang .

Editor information

Editors and Affiliations

  1. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  2. Ludwig-Maximilians-Universität München, Munich, Germany

    Dieter Kranzlmüller

  3. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  4. University of Tennessee at Knoxville, Knoxville, TN, USA

    Jack J. Dongarra

  5. University of Amsterdam, Amsterdam, The Netherlands

    Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jia, Z., Yao, Y., Wang, Q., Wang, X., Liu, B., Jiang, Z. (2021). Trojan Traffic Detection Based on Meta-learning. In: Paszynski, M., Kranzlmüller, D., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2021. ICCS 2021. Lecture Notes in Computer Science(), vol 12743. Springer, Cham. https://doi.org/10.1007/978-3-030-77964-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77964-1_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77963-4

  • Online ISBN: 978-3-030-77964-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics