Abstract
Supervised models for network intrusion detection usually rely on many training samples, but the annotation costs are very high. Unlabeled network traffic data is relatively easy to obtain. However, there are only a few methods to utilize these unlabeled data adequately. We propose a novel self-supervised few-shot network intrusion detection method to address the above problems. The method consists of two models: a) network traffic representation model and b) network intrusion detection model. First, the network traffic representation model uses unlabeled network traffic data through self-supervised learning to obtain network traffic representations, which will benefit the training of network intrusion detection model. Then, the shared layers of the network traffic representation model are transferred to the network intrusion detection model and frozen. Finally, a few training samples are used to fine-tune the network intrusion detection model, and we can obtain a model with good generalization. However, self-supervised learning of the network traffic representation model requires a method for generating labels from network traffic. Therefore, we propose a novel method to generate labels based on discrete features of network traffic. Experiments show that our proposed method has better performance than other network intrusion detection models with few-shot. On NSL-KDD, only \( 200 \) labeled samples are needed to achieve \( 95.2 \% \) accuracy.
Supported by organization Zhixin Shi Youth Promotion Association.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wang, L., Huang, W., Lv, Q., Wang, Y., Chen, H.Y.: AOPL: attention enhanced oversampling and parallel deep learning model for attack detection in imbalanced network traffic. In: Liu, Z., Wu, F., Das, S.K. (eds.) WASA 2021. LNCS, vol. 12938, pp. 84–95. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-86130-8_7
Xu, C., Shen, J., Du, X.: A method of few-shot network intrusion detection based on meta-learning framework. Trans. Inf. Forensics Secur. 15, 3540–3552 (2020)
Yang, T.-H., Lin, Y.-T., Wu, C.-L., Wang, C.-Y.: Voting-based ensemble model for network anomaly detection. In: ICASSP, pp. 8543–8547. IEEE (2021)
Xu, H., Przystupa, K., Fang, C., Marciniak, A., Kochan, O., Beshley, M.: A combination strategy of feature selection based on an integrated optimization algorithm and weighted k-nearest neighbor to improve the performance of network intrusion detection. Electronics 9(8), 1206 (2020)
Gu, J., Lu, S.: An effective intrusion detection approach using SVM with naïve bayes feature embedding. Comput. Secur. 103, 102158 (2021)
Devan, P., Khare, N.: An efficient XGBoost-DNN-based classification model for network intrusion detection system. Neural Comput. Appl. 32(16), 12499–12514 (2020). https://doi.org/10.1007/s00521-020-04708-x
Zhang, H., Li, Y., Lv, Z., Sangaiah, A.K., Huang, T.: A real-time and ubiquitous network attack detection based on deep belief network and support vector machine. J. Autom. Sinica 7(3), 790–799 (2020)
Sun, P., et al.: DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system. Secur. Commun. Netw. 2020, 1–11 (2020)
Andresini, G., Appice, A., Malerba, D.: Autoencoder-based deep metric learning for network intrusion detection. Inf. Sci. 569, 706–727 (2021)
Yang, Z., Leng, L., Zhang, B., Li, M., Chu, J.: Two novel style-transfer palmprint reconstruction attacks. Appl. Intell. 1–18 (2022)
Yang, Z., Xia, W., Lu, Z., Chen, Y., Li, X., Zhang, Y.: Hypernetwork-based personalized federated learning for multi-institutional CT imaging. arXiv preprint arXiv:2206.03709 (2022)
Tang, R., et al.: Zerowall: detecting zero-day web attacks through encoder-decoder recurrent neural networks. In: INFOCOM, pp. 2479–2488. IEEE (2020)
Jia, S., Jiang, S., Lin, Z., Li, N., Xu, M., Yu, S.: A survey: Deep learning for hyperspectral image classification with few labeled samples. Neurocomputing 448, 179–204 (2021)
Jing, L., Tian, Y.: Self-supervised visual feature learning with deep neural networks: a survey. Trans. Pattern Anal. Mach. Intell. 43(11), 4037–4058 (2020)
Khan, R.U., Zhang, X., Alazab, M., Kumar, R.: An improved convolutional neural network model for intrusion detection in networks. In: CCC, pp. 74–77. IEEE (2019)
Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G., Zhang, R.: Model of the intrusion detection system based on the integration of spatial-temporal features. Comput. Secur. 89, 101681 (2020)
Yu, Y., Bian, N.: An intrusion detection method using few-shot learning. IEEE Access 8, 49730–49740 (2020)
Sarkar, P., Etemad, A.: Self-supervised ECG representation learning for emotion recognition. Trans. Affect. Comput. (2020)
Liu, X., et al.: Self-supervised learning: generative or contrastive. Trans. Knowl. Data Eng. (2021)
Wang, Z., Li, Z., Wang, J., Li, D.: Network intrusion detection model based on improved BYOL self-supervised learning. Secur. Commun. Netw. 2021, 9486949 (2021)
Dwivedi, S., Vardhan, M., Tripathi, S.: Incorporating evolutionary computation for securing wireless network against cyberthreats. J. Supercomput. 76(11), 8691–8728 (2020). https://doi.org/10.1007/s11227-020-03161-w
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, J., Shi, Z., Wu, H., Xing, M. (2022). A Novel Self-supervised Few-shot Network Intrusion Detection Method. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13471. Springer, Cham. https://doi.org/10.1007/978-3-031-19208-1_42
Download citation
DOI: https://doi.org/10.1007/978-3-031-19208-1_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19207-4
Online ISBN: 978-3-031-19208-1
eBook Packages: Computer ScienceComputer Science (R0)