LightSEEN: Real-Time Unknown Traffic Discovery via Lightweight Siamese Networks

Ji, Li; Gu, Chunxiang; Wei, Fushan; Zhang, Xieli; Hu, Xinyi; Guo, Jiaxing; Liu, Wenfen

doi:10.1155/2021/8267298

Cited by 3 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Figure 5, the attention model includes three main parts: multihead attention, residual and normalization, and 1D-CNN. Among them, multihead attention integrates the deeply hidden information learned by the model in multiple expression subspaces [44]. Let i u be the u-th indicator in the indicator set i.…”

Section: Attention Modelmentioning

confidence: 99%

The Evaluation of DDoS Attack Effect Based on Neural Network

Guo¹,

Qiu²,

Liu³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

DDoS attack effect evaluation is the basis of security strategy deployment. The traditional effect evaluation method relies on the original data, ignoring the relationship between features and the evaluation target and indicator data redundancy, which affects the accuracy and reliability of the evaluation result. To this end, we introduce distance entropy to measure the similarity between features and evaluation target and use LSTM and Triplet networks to measure multiple correlations simultaneously. Then, a 2D-CNN is used to mine deep feature information and filter irrelevant information. We also combine 1D-CNN and attention models to achieve hierarchical sampling of different local features. Finally, three fully connected layers’ training obtains a total evaluation value. We conducted experiments on five commonly used DDoS datasets. The results showed that the average ranking accuracy of the neural network-based DDoS attack evaluation method (NNDE) reached 87.2%, 91.3%, 88%, 85.6%, and 94.5%, respectively. Compared with other evaluation methods, an average increase of 19.73% indicates that this method can better evaluate the effect of DDoS attacks.

show abstract

Section: Attention Modelmentioning

confidence: 99%

The Evaluation of DDoS Attack Effect Based on Neural Network

Guo¹,

Qiu²,

Liu³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In 2021, Li et al [36] proposed a lightweight unknown traffic discovery model, LightSEEN, which realized traffic classification and model update in the open world under practical conditions. The overall structure of the method was based on the Siamese network, and each side used a multihead attention mechanism, a one-dimensional convolutional neural network, and a residual network to facilitate the extraction of deep flow features and the convergence speed of the network.…”

Section: Unknown Traffic Identificationmentioning

confidence: 99%

OpenCBD: A Network-Encrypted Unknown Traffic Identification Scheme Based on Open-Set Recognition

Chen³

et al. 2022

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

The encryption of network traffic promotes the development of encrypted traffic classification and identification research. However, many existing studies are only effective for closed-set experimental data, that is to say, only for traffic of known classes, while there are often lots of unknown classes traffic in the real environment of open sets, and many studies have difficulty identifying the traffic of unknown classes and can only misclassify them as known classes. How to identify unknown traffic and classify known traffic in an open-collection environment is one of the focuses of traffic analysis research. Considering these problems, this paper proposes a novel solution, which applies the open-set recognition method to the unknown traffic identification, and constructs a model based on deep learning and ensemble learning. The method constructs a model based on a convolutional neural network and a transformer encoder and then uses a three-stage training and testing process, combined with a novel loss function, to generalize to the open space to form OpenCBD. Experiments on public datasets show that the proposed method is significantly better than other open-set identification methods. It can not only distinguish known traffic from unknown traffic but also identify specific classes of known traffic.

show abstract

“…This paper focuses on the classification of bi-directional flow. The extracted packet-level features are consistent with those in [6], and the first five packets are selected for each flow, thus the dimension of the formed flow feature map is N p × d = 5 × 90. Since the neural network used in this paper is Resnet-12, to facilitate its square-shape convolution kernel processing, the flow feature map is copied as a whole, and the dimension of the final characteristic map is 90 × 90, which is called the original feature map.…”

Section: A Original Feature Mapmentioning

confidence: 99%

“…We use the same metrics as Neal et al [12] to measure classification performance, namely closed set accuracy (CSA) and area under the receiver operating characteristic (AUROC). Besides, we use clustering purity (CP) [6] to measure the clustering effect.…”

Section: ) Evaluation Metricsmentioning

confidence: 99%

Few-Shot Open-Set Traffic Classification Based on Self-Supervised Learning

Li¹,

Gu²,

Luan³

et al. 2022

2022 IEEE 47th Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

Encrypted traffic classification is a key technology for network monitoring and management, and its recent research results are mostly based on deep learning. Due to the difficulty in obtaining sufficient labeled data, few-shot traffic classification has received considerable attention. However, most of the existing results have two defects. First, they are mostly based on the assumption of a labeled base dataset for pre-training. Second, they neglect the problem of unknown traffic discovery under open-set conditions. In this paper, aiming at the problem of few-shot openset encrypted traffic classification, a corresponding framework FSOSTC is constructed under the condition of unsupervised pretraining. Two data augmentation methods for packet feature map are proposed to assist the pre-training through self-supervised learning, which is combined with parameter fine-tuning, unknown discovery and class extension strategies. Experiments on public datasets verify the effectiveness of FSOSTC. For the few-shot open-set malicious traffic classification task, the CSA reaches 95.41% and the AUROC reaches 0.8664.

show abstract

LightSEEN: Real-Time Unknown Traffic Discovery via Lightweight Siamese Networks

Cited by 3 publications

References 24 publications

The Evaluation of DDoS Attack Effect Based on Neural Network

The Evaluation of DDoS Attack Effect Based on Neural Network

OpenCBD: A Network-Encrypted Unknown Traffic Identification Scheme Based on Open-Set Recognition

Few-Shot Open-Set Traffic Classification Based on Self-Supervised Learning

Contact Info

Product

Resources

About