Name
Abstract | ||
|---|---|---|
Intrusion detection can distinguish between normal traffic and intrusions. It can be abstracted as a classification problem to use deep learning tools. However, there are unknown intrusions in the real network environment, and their detection is an open set recognition problem. Existing methods such as OpenMax only calculate classification probabilities more smartly, but they can't explicitly teach the network to recognize features of unknown classes. To improve the ability of deep learning tools to deal with intrusion detection problems based on the open set, the KCC (Known Central Clustering) method is proposed in this paper and is compatible with the existing network architectures. Considering that the high-dimensional vectors in the embedding space represent the deep features, different classes of intrusions in this space have their clusters. By introducing CD-loss (Class Distance-loss), we can get the centers of different class clusters. By introducing negative samples as the unknown classes for training, we can get the threshold of the known classes and reject unknown intrusions by comparing them with fuzzy distance. Experiments on CIC-IDS2017 and CIC-DDoS2019 datasets show that the KCC method improves the classification accuracy of known intrusions and reduces the misclassification rate of unknown intrusions. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1109/ICTAI52525.2021.00213 | 2021 IEEE 33RD INTERNATIONAL CONFERENCE ON TOOLS WITH ARTIFICIAL INTELLIGENCE (ICTAI 2021) |
Keywords | DocType | ISSN |
Intrusion Detection, Unknown Attack, Open Set Recognition, Distance Loss | Conference | 1082-3409 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Shuyuan Xu | 1 | 0 | 0.34 |
| Linsen Li | 2 | 0 | 0.34 |
| Hangjun Yang | 3 | 0 | 0.34 |
| Junhua Tang | 4 | 63 | 12.59 |