Skip to main content

UAD-DPL: An Unknown Encrypted Attack Detection Method Based on Deep Prototype Learning

  • Conference paper
  • First Online:
Pattern Recognition (ICPR 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15305))

Included in the following conference series:

  • 206 Accesses

Abstract

In the field of cybersecurity, a significant concern is the potential for unknown attacks to occur at any moment. The primary obstacle faced by intrusion detection systems lies in the identification of unknown attacks and the differentiation of such threats from benign network traffic and known attack patterns. Many current deep learning approaches struggle to discern the underlying features of these new attack types, especially in the case of encrypted attacks, resulting in inherent inaccuracies. To tackle these challenges, a novel unknown attack detection method based on deep prototype learning (UAD-DPL) is proposed to improve the accuracy of unknown encrypted attack detection. Firstly, a spatiotemporal fusion feature extraction network for encrypted traffic is employed to enhance the feature representation ability. Subsequently, an innovative prototype-based deep feature space learning model is proposed, which utilizes discriminative loss and open loss training to ensure that the learned encrypted traffic features meet the predetermined prior distribution. Finally, an unknown attack recognition approach is designed to effectively identify both known and unknown attacks, and a three-stage training strategy is proposed to train the model. Experimental results indicate that the UAD-DPL method is highly proficient in detecting both known and unknown attacks in encrypted traffic. Moreover, UAD-DPL exhibits promising application potential in open-set network intrusion detection systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ramu, C., Rao, T.S., Rao, E.U.S.: Attack classification in network intrusion detection system based on optimization strategy and deep learning methodology. Multimedia Tools Appl., 1–23 (2024)

    Google Scholar 

  2. Google transparency report. Accessed 26 July 2022. https://transparencyreportgoogle.com/https/overview?hl=en

  3. Chen, Z.H., Cheng, G.: Research review on internet encryption traffic detection, classification, and recognition. Chin. J. Comput. 46(5), 1060–1085 (2023)

    Google Scholar 

  4. Geng, C., Huang, S., Chen, S.: Recent advances in open set recognition: a survey. IEEE Trans. Pattern Anal. Mach. Intell. 43(10), 3614–3631 (2021)

    Article  Google Scholar 

  5. Zoppi, T., Ceccarelli, A., Puccetti, T., et al.: Which algorithm can detect unknown attacks? comparison of supervised, unsupervised and meta-learning algorithms for intrusion detection. Comput. Secur. 127, 1–12 (2023)

    Article  Google Scholar 

  6. Sabeel, U., Heydari, S.S., Mohanka, H., et al.: Evaluation of deep learning in detecting unknown network attacks. In: 2019 International Conference on Smart Applications, Communications and Networking (SmartNets), Sharm El Sheikh, Egypt (2019)

    Google Scholar 

  7. Zhao, J., Shetty, S., Pan, J.W., et al.: Transfer learning for detecting unknown network attacks. EURASIP J. Inf. Secur. 1, 1–13 (2019)

    Google Scholar 

  8. Zhang, Z., Liu, Q., Qiu, S., et al.: Unknown attack detection based on zero-shot learning. IEEE Access 8, 193981–193991 (2020)

    Article  Google Scholar 

  9. Wang, H., Mumtaz, S., Li, H., et al.: An identification strategy for unknown attack through the joint learning of space–time features. Futur. Gener. Comput. Syst. 117, 145–154 (2021)

    Article  Google Scholar 

  10. Bendale, A., Boult, T.E.: Towards open set deep networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 1563–1572 (2016)

    Google Scholar 

  11. Zhang, Y., Niu, J., Guo, D., et al.: Unknown network attack detection based on open set recognition. Procedia Comput. Sci. 174, 387–392 (2020)

    Article  Google Scholar 

  12. Zhang, Z., Zhang, Y., Niu, J., et al.: Unknown network attack detection based on open-set recognition and active learning in drone network. Trans. Emerg. Telecommun. Technol. 33(10), 1–16 (2022)

    Google Scholar 

  13. Wang, C., Wang, B.L., Sun, Y.X.: Intrusion detection for industrial control systems based on open set artificial neural network. Secur. Commun. Netw. 8, 1–14 (2021)

    Google Scholar 

  14. Yang, H.M., Zhang, X.Y., Yin, F., et al.: Convolutional prototype network for open set recognition. IEEE Trans. Pattern Anal. Mach. Intell. 44(5), 2358–2370 (2022)

    Google Scholar 

  15. Fard, M.M., Thonet, T., Gaussier, E.: Deep k-means: Jointly clustering with k-means and learning representations. Pattern Recogn. Lett. 138, 185–192 (2020)

    Article  Google Scholar 

  16. Stratosphere IPS. Malware Capture Facility Project. https://www.stratosphereips.org/datasets-malware

  17. A source for pcap files and malware samples (2013). Accessed 13 Mar 2020. https://www.malware-traffic-analysis.net/

  18. CTU-13. Malware Capture Facility Project [EB/OL]. https://mcfp.weebly.com/the-ctu-13-dataset-alabeled-dataset-with-botnet-normal-and-background-traffic.html

  19. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the International Conference on Information Systems Security and Privacy, vol. 1, pp. 108–116 (2018)

    Google Scholar 

  20. Akshay, R., Manuel, G., Terrance, B.: Reducing network agnostophobia. In: Advances in Neural Information Processing Systems (NeurIPS), pp. 9157–9168 (2018)

    Google Scholar 

  21. Neal, L., Olson, M., Fern, X., et al.: Open set learning with counterfactual images. In: European Conference on Computer Vision, pp. 613–628 (2018)

    Google Scholar 

  22. Ge, Z., Demyanov, S., Chen, Z., et al.: Generative openmax for multi-class open set classification. In: British Machine Vision Conference (2017)

    Google Scholar 

Download references

Acknowledgement

This research has been supported by the National Key Research and Development Program of China (No.2023YFB2603800).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shu Gao .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, LC., Gao, S., Liu, BX., Zhang, XY. (2025). UAD-DPL: An Unknown Encrypted Attack Detection Method Based on Deep Prototype Learning. In: Antonacopoulos, A., Chaudhuri, S., Chellappa, R., Liu, CL., Bhattacharya, S., Pal, U. (eds) Pattern Recognition. ICPR 2024. Lecture Notes in Computer Science, vol 15305. Springer, Cham. https://doi.org/10.1007/978-3-031-78169-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-78169-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-78168-1

  • Online ISBN: 978-3-031-78169-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics