Nearest cluster-based intrusion detection through convolutional neural networks

技術要點

So, the primary innovation of this study is the definition of a new deep learning pipeline, that couples the characteristics of a target network flow to the characteristics of the neighbour of the flow under consideration, which belongs to the same class, as well as the characteristics of the neighbour that belongs to the opposite class of the target flow.

Another innovation is that this joint information – the characteristics of the network flows coupled to the characteristics of the neighbour flows – is represented as multiple rows of image-like 2D pixel grids, instead of being concatenated into 1D vectors.

However, to the best of our knowledge, none of the existing state-of-the-art algorithms propose a 2D representation of the network flows, which encodes the neighbouring informa- tion in the imaging step. On the other hand, this is one of the innovative contributions of this study,

Similarly to the above-mentioned studies, we also adopt clus- tering to speed up the computation. However, we pursue this speeding-up with respect to the imaging stage, while the related works listed above mainly use clustering to accelerate the deep learning stage, by reducing the volume of data processed to train the networks. We also perform experiments proving that the efficiency in our methodology is gained by preserving the accuracy of the final CNNs trained with the produced images.

因此，本研究的主要創新之處在於定義了一種新的深度學習管道，它將目標網路流的特徵與所考慮的同類別流的鄰居的特徵相結合，以及屬於目標流相反類的鄰居的特性。

另一個創新是，這種聯合資訊——網路流的特徵與相鄰流的特徵耦合——被表示為多行類似影象的2D畫素網格，而不是被連線成一維向量。

然而，據我們所知，現有的最先進的演算法都沒有提出網路流的二維表示，在成像步驟中對鄰近的資訊進行編碼。另一方面，這是本研究的創新貢獻之一，

與上述研究相似，我們也採用聚類來加快計算速度。然而，我們在成像階段追求這種加速，而上面列出的相關工作主要使用聚類來加速深度學習階段，通過減少處理的資料量來訓練網路。我們還進行了實驗，證明了我們的方法的效率是通過保持最後用生成的影象訓練的cnn的準確性來獲得的。

關鍵文獻

• Z. Li, Z. Qin, K. Huang, X. Yang, S. Ye, Intrusion detection using convolutional neural networks for representation learning, in: ICONIP, Springer International Publishing, 2017, pp. 858–866.
• T. Kim, S.C. Suh, H. Kim, J. Kim, J. Kim, An encoding technique for cnn-based network anomaly detection, in: 2018 IEEE International Conference on Big Data (Big Data), IEEE, 2018, pp. 2960–2965.
• K. He, X. Zhang, S. Ren, J. Sun, Deep residual learning for image recognition,in: 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR), IEEE Computer Society, 2016, pp. 770–778.
• C. Szegedy, Wei Liu, Yangqing Jia, P. Sermanet, S. Reed, D. Anguelov, D.Erhan, V. Vanhoucke, A. Rabinovich, Going deeper with convolutions, in:2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR),IEEE, 2015, pp. 1–9.
• K. Millar, A. Cheng, H.G. Chew, C.-C. Lim, Using convolutional neural networks for classifying malicious network traffic, Deep Learn. Appl. Cyber Secur. (2019) 103–126.