Abstract
In the field of cybersecurity, a significant concern is the potential for unknown attacks to occur at any moment. The primary obstacle faced by intrusion detection systems lies in the identification of unknown attacks and the differentiation of such threats from benign network traffic and known attack patterns. Many current deep learning approaches struggle to discern the underlying features of these new attack types, especially in the case of encrypted attacks, resulting in inherent inaccuracies. To tackle these challenges, a novel unknown attack detection method based on deep prototype learning (UAD-DPL) is proposed to improve the accuracy of unknown encrypted attack detection. Firstly, a spatiotemporal fusion feature extraction network for encrypted traffic is employed to enhance the feature representation ability. Subsequently, an innovative prototype-based deep feature space learning model is proposed, which utilizes discriminative loss and open loss training to ensure that the learned encrypted traffic features meet the predetermined prior distribution. Finally, an unknown attack recognition approach is designed to effectively identify both known and unknown attacks, and a three-stage training strategy is proposed to train the model. Experimental results indicate that the UAD-DPL method is highly proficient in detecting both known and unknown attacks in encrypted traffic. Moreover, UAD-DPL exhibits promising application potential in open-set network intrusion detection systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ramu, C., Rao, T.S., Rao, E.U.S.: Attack classification in network intrusion detection system based on optimization strategy and deep learning methodology. Multimedia Tools Appl., 1–23 (2024)
Google transparency report. Accessed 26 July 2022. https://transparencyreportgoogle.com/https/overview?hl=en
Chen, Z.H., Cheng, G.: Research review on internet encryption traffic detection, classification, and recognition. Chin. J. Comput. 46(5), 1060–1085 (2023)
Geng, C., Huang, S., Chen, S.: Recent advances in open set recognition: a survey. IEEE Trans. Pattern Anal. Mach. Intell. 43(10), 3614–3631 (2021)
Zoppi, T., Ceccarelli, A., Puccetti, T., et al.: Which algorithm can detect unknown attacks? comparison of supervised, unsupervised and meta-learning algorithms for intrusion detection. Comput. Secur. 127, 1–12 (2023)
Sabeel, U., Heydari, S.S., Mohanka, H., et al.: Evaluation of deep learning in detecting unknown network attacks. In: 2019 International Conference on Smart Applications, Communications and Networking (SmartNets), Sharm El Sheikh, Egypt (2019)
Zhao, J., Shetty, S., Pan, J.W., et al.: Transfer learning for detecting unknown network attacks. EURASIP J. Inf. Secur. 1, 1–13 (2019)
Zhang, Z., Liu, Q., Qiu, S., et al.: Unknown attack detection based on zero-shot learning. IEEE Access 8, 193981–193991 (2020)
Wang, H., Mumtaz, S., Li, H., et al.: An identification strategy for unknown attack through the joint learning of space–time features. Futur. Gener. Comput. Syst. 117, 145–154 (2021)
Bendale, A., Boult, T.E.: Towards open set deep networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 1563–1572 (2016)
Zhang, Y., Niu, J., Guo, D., et al.: Unknown network attack detection based on open set recognition. Procedia Comput. Sci. 174, 387–392 (2020)
Zhang, Z., Zhang, Y., Niu, J., et al.: Unknown network attack detection based on open-set recognition and active learning in drone network. Trans. Emerg. Telecommun. Technol. 33(10), 1–16 (2022)
Wang, C., Wang, B.L., Sun, Y.X.: Intrusion detection for industrial control systems based on open set artificial neural network. Secur. Commun. Netw. 8, 1–14 (2021)
Yang, H.M., Zhang, X.Y., Yin, F., et al.: Convolutional prototype network for open set recognition. IEEE Trans. Pattern Anal. Mach. Intell. 44(5), 2358–2370 (2022)
Fard, M.M., Thonet, T., Gaussier, E.: Deep k-means: Jointly clustering with k-means and learning representations. Pattern Recogn. Lett. 138, 185–192 (2020)
Stratosphere IPS. Malware Capture Facility Project. https://www.stratosphereips.org/datasets-malware
A source for pcap files and malware samples (2013). Accessed 13 Mar 2020. https://www.malware-traffic-analysis.net/
CTU-13. Malware Capture Facility Project [EB/OL]. https://mcfp.weebly.com/the-ctu-13-dataset-alabeled-dataset-with-botnet-normal-and-background-traffic.html
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the International Conference on Information Systems Security and Privacy, vol. 1, pp. 108–116 (2018)
Akshay, R., Manuel, G., Terrance, B.: Reducing network agnostophobia. In: Advances in Neural Information Processing Systems (NeurIPS), pp. 9157–9168 (2018)
Neal, L., Olson, M., Fern, X., et al.: Open set learning with counterfactual images. In: European Conference on Computer Vision, pp. 613–628 (2018)
Ge, Z., Demyanov, S., Chen, Z., et al.: Generative openmax for multi-class open set classification. In: British Machine Vision Conference (2017)
Acknowledgement
This research has been supported by the National Key Research and Development Program of China (No.2023YFB2603800).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, LC., Gao, S., Liu, BX., Zhang, XY. (2025). UAD-DPL: An Unknown Encrypted Attack Detection Method Based on Deep Prototype Learning. In: Antonacopoulos, A., Chaudhuri, S., Chellappa, R., Liu, CL., Bhattacharya, S., Pal, U. (eds) Pattern Recognition. ICPR 2024. Lecture Notes in Computer Science, vol 15305. Springer, Cham. https://doi.org/10.1007/978-3-031-78169-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-78169-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-78168-1
Online ISBN: 978-3-031-78169-8
eBook Packages: Computer ScienceComputer Science (R0)