With increased reliance on Internet based technologies, cyberattacks compromising users' sensitive data are becoming more prevalent. The scale and frequency of these attacks are escalating rapidly, affecting systems and devices connected to the Internet. The traditional defense mechanisms may not be sufficiently equipped to handle the complex and ever-changing new threats. The significant breakthroughs in the machine learning methods including deep learning, had attracted interests from the cybersecurity research community for further enhancements in the existing anomaly detection methods. Unfortunately, collecting labelled anomaly data for all new evolving and sophisticated attacks is not practical. Training and tuning the machine learning model for anomaly detection using only a handful of labelled data samples is a pragmatic approach. Therefore, few-shot weakly supervised anomaly detection is an encouraging research direction. In this paper, we propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework. This framework incorporates data augmentation, representation learning and ordinal regression. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.
翻译:随着增加对基于互联网技术的依赖,攻击用户敏感数据的网络攻击变得更加普遍。这些攻击的规模和频率正迅速升级,影响连接到互联网的系统和设备。传统的防御机制可能无法充分应对复杂且不断变化的新威胁。机器学习方法包括深度学习的重大突破,吸引了网络安全研究界进一步改进现有的异常检测方法。然而,针对所有新型演进和精密攻击收集标记的异常数据并不现实。使用少量标记数据样本训练和调整机器学习模型进行异常检测是一种实用的方法。因此,few-shot弱监督的异常检测是一个有前途的研究方向。在本文中,我们提出了一种现有的few-shot弱监督深度学习异常检测框架的改进。该框架包括数据增强,表示学习和序数回归。然后,我们对三个基准数据集:NSL-KDD,CIC-IDS2018和TON_IoT的实现框架性能进行了评估和展示。