PDF下载 分享
[1]郭楠馨,林宏刚,张运理,等.基于元学习的僵尸网络检测研究[J].成都信息工程大学学报,2022,37(06):615-621.[doi:10.16836/j.cnki.jcuit.2022.06.001]
 GUO Nanxin,LIN Honggang,ZHANG Yunli,et al.Botnet Detection Method based on Meta-Learning Network[J].Journal of Chengdu University of Information Technology,2022,37(06):615-621.[doi:10.16836/j.cnki.jcuit.2022.06.001]
点击复制

基于元学习的僵尸网络检测研究

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 37 期数: 2022年06期 页码: 615-621 栏目: 电子信息科学与技术 出版日期: 2022-12-30
Title:
Botnet Detection Method based on Meta-Learning Network
文章编号:
2096-1618(2022)06-0615-07
作者:
郭楠馨12 林宏刚3 张运理12 陈 麟12
(1.成都信息工程大学网络空间安全学院,四川 成都 610225; 2.成都信息工程大学先进密码技术与系统安全四川省重点实验室,四川 成都 610225; 3.网络空间安全态势感知与评估安徽省重点实验室,安徽 合肥 230027)
Author(s):
GUO Nanxin12 LIN Honggang3 ZHANG Yunli12 CHEN lin12
(1.College of Cyberspace Security,Chengdu Univ. of Info.Technol.,Chengdu 610225,China; 2.Advanced Cryptography and System Security Key Lab. of Sichuan Province,Chengdu Univ.of Info.Technol,Chengdu 610225,China; 3.Anhui Province Key Lab. of Cyberspace Security Situation Awareness and Evaluation,Hefei 230027,China)
关键词:
僵尸网络 深度学习 元学习 小样本 注意力机制 CNN
Keywords:
botnet deep learning meta-learning few-shot attention mechanism CNN
分类号:
TP309
DOI:
10.16836/j.cnki.jcuit.2022.06.001
文献标志码:
A
摘要:
针对现实网络中僵尸网络流量占比远小于正常网络流量,新出现的僵尸网络类型缺乏标记样本,以及传统深度学习依赖大量标记数据的问题,提出了基于元学习的僵尸网络检测模型,用于小样本场景下的僵尸网络检测。该模型分为特征提取模块和比较模块两个部分,都由CNN实现。特征提取模块从一对网络流量中学习流量特征,包含正常流量和僵尸网络流量,并引入非局部注意力机制,用来捕获长距离依赖关系,提高模型的准确率; 比较模块用于获取这对网络流量特征图的相似度得分,进而判断两者是否为同一类型的样本。通过学习一定数量的小样本僵尸网络检测任务,使模型获得足够的先验知识,以便能通过极少量的标记样本实现对未知僵尸网络类型的检测。实验结果表明,1-shot设定下的小样本僵尸网络检测平均准确率达到96.79%,5-shot设定下的小样本僵尸网络检测平均准确率达到98.06%,验证了模型的有效性。
Abstract:
In view of the fact that the proportion of botnet traffic in real network world is far less than that of normal network traffic, the new types of botnet lack of labeled sufficient samples, and the traditional deep learning relies on a large number of labeled data for training, a botnet detection model based on metric meta-learning is proposed for botnet detection in few-shot scenarios. The model is divided into feature extraction module and comparison module, which are implemented by convolutional neural network(CNN). In the feature extraction module, network traffic features are learned from a pair of network traffic as the input of the comparison module, including normal traffic and botnet traffic, and Non-Local attention mechanism is introduced to capture long-range dependencies and improve the accuracy of the detection model; The comparison module is used to obtain the similarity score of the two network traffic feature maps, and then judge whether they are the same type of samples. By learning a certain number of small sample botnet detection tasks, the model can obtain enough prior knowledge to detect unknown botnet types through a very small number of traffic samples. The experimental results show that the average accuracy of few-shot botnet detection under 1-shot setting is 96.79%,and the average accuracy of few-shot botnet detection under 5-shot setting is 98.06%,which verifies the effectiveness of the model.

参考文献/References:

[1] 冯贵兰,李正楠,周文刚.大数据分析技术在网络领域中的研究综述[J].计算机科学,2019,46(6):1-20.
[2] 张蕾,李井泉,曲武,等.基于SparkStreaming的僵尸主机检测算法[J].计算机应用研究,2016,33(5):1497-1503.
[3] 姜建国,王继志,孔斌,等.网络攻击源追踪技术研究综述[J].信息安全学报,2018,3(1):111-131.
[4] 高见,王安.面向网络攻击的能力评估分类体系研究[J].计算机应用研究,2020,37(8):2449-2454.
[5] 周昌令,陈恺,公绪晓,等.基于Passive DNS的速变域名检测[J].北京大学学报(自然科学版),2016,52(3):396-402.
[6] Khan R U,Zhang X,Kumar R,et al.An adaptive multi-layer botnet detection technique using machine learning classifiers[J].Applied Sciences,2019,9(11):2375.
[7] McDermott C D,Majdani F,Petrovski A V.Botnet detection in the internet of things using deep learning approaches[C].2018 international joint conference on neural networks(IJCNN).IEEE,2018:1-8.
[8] Chen S C,Chen Y R,Tzeng W G.Effective botnet detection through neural networks on convolutional features[C].2018 17th IEEE International Conference On Trust,Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).IEEE,2018:372-378.
[9] 牛伟纳,蒋天宇,张小松,等.基于流量时空特征的fast-flux僵尸网络检测方法[J].电子与信息学报,2020,42(8):1872-1880.
[10] Hospedales T,Antoniou A,Micaelli P,et al.Meta-learning in neural networks:A survey[J].arXiv preprint arXiv:2004.05439, 2020.
[11] Huisman M,Van Rijn J N,Plaat A. A survey of deep meta-learning[J].Artificial Intelligence Review,2021:1-59.
[12] Peng H.A Comprehensive Overview and Survey of Recent Advances in Meta-Learning[J].arXiv preprint arXiv:2004.11149,2020.
[13] Koch G,Zemel R,Salakhutdinov R.Siamese neural networks for one-shot image recognition[C].ICML deep learning workshop,2015.
[14] Snell J,Swersky K,Zemel R.Prototypical networks for few-shot learning[J].Advances in neural information processing systems,2017,30.
[15] Sung F,Yang Y,Zhang L,et al.Learning to compare: Relation network for few-shot learning[C].Proceedings of the IEEE conference on computer vision and pattern recognition,2018:1199-1208.
[16] Vinyals O,Blundell C,Lillicrap T,et al.Matching networks for one shot learning[J].Advances in neural information processing systems,2016,29.
[17] Ji Y,Zhang H,Wu Q J.Salient Object Detection via Multi-Scale Attention CNN[J].Neurocomputing,2018,322(17):130-140.
[18] 刘颖,雷研博,范九伦,等.基于小样本学习的图像分类技术综述[J].自动化学报,2021,47(2):19.
[19] Ren M,Liao R,Fetaya E,et al.Incremental few-shot learning with attention attractor networks[J].Advances in Neural Information Processing Systems,2019,32.
[20] Gao T,Han X,Liu Z,et al.Hybrid attention-based prototypical networks for noisy few-shot relation classification[C].Proceedings of the AAAI Conference on Artificial Intelligence,2019,33(1):6407-6414.
[21] Wu Z,Li Y,Guo L,et al.PARN:Position-aware relation networks for few-shot learning[C].Proceedings of the IEEE/CVF International Conference on Computer Vision,2019:6659-6667.
[22] Wang X,Girshick R,Gupta A,et al.Non-local neural networks[C].Proceedings of the IEEE conference on computer vision and pattern recognition,2018:7794-7803.
[23] 王伟.基于深度学习的网络流量分类及异常检测方法研究[D].安徽:中国科学技术大学,2018.
[24] Saad S,I Traoré,Ghorbani A A,et al.Detecting P2P botnets through network behavior analysis and machine learning[C].Ninth International Conference on Privacy.IEEE,2011.
[25] Garcia S,Grill M,Stiborek J,et al.An empirical comparison of botnet detection methods[J].computers & security,2014,45:100-123.
[26] Ahmed A A.Botnet Detection Using a Feed-Forward Backpropagation Artificial Neural Network[C].International Conference on Computational Intelligence in Information System.Springer,Cham,2018:24-35.
[27] Nugraha B,Nambiar A,Bauschert T.Performance Evaluation of Botnet Detection using Deep Learning Techniques[C].2020 11th International Conference on Network of the Future(NoF).IEEE,2020:141-149.

相似文献/References:

[1]卢 丽,许源平,卢 军,等.基于社会力异常检测改进算法的人群行为模型[J].成都信息工程大学学报,2018,(01):1.[doi:10.16836/j.cnki.jcuit.2018.01.001]
 LU Li,XU Yuan-ping,LU Jun,et al.A Crowd Behavior Model based on an ImprovedSocial Force Anomaly Detection Algorithm[J].Journal of Chengdu University of Information Technology,2018,(06):1.[doi:10.16836/j.cnki.jcuit.2018.01.001]
[2]胡 婕,陶宏才.基于深度学习的领域问答系统的设计与实现[J].成都信息工程大学学报,2019,(03):232.[doi:10.16836/j.cnki.jcuit.2019.03.004]
 HU Jie,TAO Hongcai.Design and Implementation of Domain Question Answering System based on Deep Learning[J].Journal of Chengdu University of Information Technology,2019,(06):232.[doi:10.16836/j.cnki.jcuit.2019.03.004]
[3]王 强,李孝杰,陈 俊.基于He-Net的卷积神经网络算法的图像分类研究[J].成都信息工程大学学报,2017,(05):503.[doi:10.16836/j.cnki.jcuit.2017.05.007]
 WANG Qing,LI Xiao-jie,CHEN Jun.Research on Image Classification based on HE-Net Convolutional Neural Networks[J].Journal of Chengdu University of Information Technology,2017,(06):503.[doi:10.16836/j.cnki.jcuit.2017.05.007]
[4]冉元波,孙 敏,高梦清,等.双偏振天气雷达水凝物识别研究[J].成都信息工程大学学报,2017,(06):590.[doi:10.16836/j.cnki.jcuit.2017.06.003]
 RAN Yuan-bo,SUN Min,GAO Meng-qing,et al.Study on Hydrometeor Identification based on Deep Learning[J].Journal of Chengdu University of Information Technology,2017,(06):590.[doi:10.16836/j.cnki.jcuit.2017.06.003]
[5]周 咏,万 垚.基于无人机的监控系统设计[J].成都信息工程大学学报,2021,36(02):159.[doi:10.16836/j.cnki.jcuit.2021.02.006]
 ZHOU Yong,WAN Yao.Design of Surveillance System based on UAV[J].Journal of Chengdu University of Information Technology,2021,36(06):159.[doi:10.16836/j.cnki.jcuit.2021.02.006]
[6]谭诗雨,杨 玲,师春香,等.复杂背景下银行卡号识别方法研究[J].成都信息工程大学学报,2021,36(03):280.[doi:10.16836/j.cnki.jcuit.2021.03.007]
 TAN Shiyu,YANG Ling,SHI Chunxiang,et al.Bank Card Number Recognition System under the Complex Background based on Deep Learning[J].Journal of Chengdu University of Information Technology,2021,36(06):280.[doi:10.16836/j.cnki.jcuit.2021.03.007]
[7]李 静,鲜 林,王海江.基于YOLOv3的船只检测算法研究[J].成都信息工程大学学报,2023,38(01):37.[doi:10.16836/j.cnki.jcuit.2023.01.006]
 LI Jing,XIAN Lin,WANG Haijiang.Research on Ship Detection Algorithm based on YOLOv3[J].Journal of Chengdu University of Information Technology,2023,38(06):37.[doi:10.16836/j.cnki.jcuit.2023.01.006]
[8]毛 波,杨 昊,周世杰,等.基于CMA-REPS格点预报数据的深度学习风速订正方法[J].成都信息工程大学学报,2023,38(03):264.[doi:10.16836/j.cnki.jcuit.2023.03.003]
 MAO Bo,YANG Hao,ZHOU Shijie,et al.A Deep Learning Method for Wind Speed Grid Point Forecasting Data Correction based on CMA-REPS[J].Journal of Chengdu University of Information Technology,2023,38(06):264.[doi:10.16836/j.cnki.jcuit.2023.03.003]
[9]任不凡,黄小燕,吴思东,等.基于语义信息的三维点云全景分割方法研究[J].成都信息工程大学学报,2023,38(05):535.[doi:10.16836/j.cnki.jcuit.2023.05.007]
 REN Bufan,HUANG Xiaoyan,WU Sidong,et al.Research on Panoptic Segmentation of 3D Point Clouds based on Semantic Information[J].Journal of Chengdu University of Information Technology,2023,38(06):535.[doi:10.16836/j.cnki.jcuit.2023.05.007]
[10]张卓然,张 倩,宋 智,等.基于残差Swin Transformer的天气图像识别技术研究[J].成都信息工程大学学报,2023,38(06):637.[doi:10.16836/j.cnki.jcuit.2023.06.003]
 ZHANG Zhuoran,ZHANG Qian,SONG Zhi,et al.Research on Weather Image Recognition based on Residual Swin Transformer[J].Journal of Chengdu University of Information Technology,2023,38(06):637.[doi:10.16836/j.cnki.jcuit.2023.06.003]

备注/Memo

收稿日期:2022-01-11
基金项目:网络空间安全态势感知与评估安徽省重点实验室开放课题资助项目(CSSAE-2021-002)

更新日期/Last Update: 2022-12-30