| 基于半监督深度学习的木马流量检测方法 |
| |
| 引用本文: | 谷勇浩,黄博琪,王继刚,田甜,刘焱,吴月升.基于半监督深度学习的木马流量检测方法[J].计算机研究与发展,2022,59(6):1329-1342. |
| |
| 作者姓名: | 谷勇浩 黄博琪 王继刚 田甜 刘焱 吴月升 |
| |
| 作者单位: | 北京邮电大学计算机学院 北京 100876;智能通信软件与多媒体北京市重点实验室(北京邮电大学) 北京 100876;广东省信息安全技术重点实验室(中山大学) 广州 510275;北京邮电大学计算机学院 北京 100876;智能通信软件与多媒体北京市重点实验室(北京邮电大学) 北京 100876;中兴通讯股份有限公司 南京 210012;百度在线网络技术(北京)有限公司 北京 100080 |
| |
| 基金项目: | 国家自然科学基金项目(U1836108,U1936216)~~; |
| |
| 摘 要: | 针对木马流量检测技术存在人工提取特征不够准确、大量标记样本获取困难、无标记样本没有充分利用、模型对于未知样本识别率较低等问题,提出基于半监督深度学习的木马流量检测方法,利用大量未标记网络流量用于模型训练.首先,采用基于mean teacher模型的检测方法提高检测准确率;然后,为解决mean teacher模型中采用随机噪声导致模型泛化能力不足的问题,提出基于虚拟对抗mean teacher模型的检测方法;最后,通过实验验证所提半监督深度学习检测方法在少标记样本下的二分类、多分类以及未知样本检测任务中具有更高的准确率.此外,基于虚拟对抗mean teacher模型的检测方法在多分类任务中比原始mean teacher模型表现出更强的泛化性能.
|
| 关 键 词: | 木马流量检测 深度学习 半监督模型 mean teacher 虚拟对抗训练 |
Trojan Traffic Detection Method Based on Semi-Supervised Deep Learning |
| |
| Gu Yonghao,Huang Boqi,Wang Jigang,Tian Tian,Liu Yan,Wu Yuesheng.Trojan Traffic Detection Method Based on Semi-Supervised Deep Learning[J].Journal of Computer Research and Development,2022,59(6):1329-1342. |
| |
| Authors: | Gu Yonghao Huang Boqi Wang Jigang Tian Tian Liu Yan Wu Yuesheng |
| |
| Affiliation: | 1.1(School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876);2.2(Beijing Key Laboratory of Intelligent Telecommunications Software and Multimedia (Beijing University of Posts and Telecommunications), Beijing 100876);3.3(Guangdong Provincial Key Laboratory of Information Security Technology (Sun Yat-sen University), Guangzhou 510275);4.4(ZTE Corporation, Nanjing 210012);5.5(Baidu Online Network Technology(Beijing) Co., Ltd., Beijing 100080) |
| |
| Abstract: | The existing Trojan traffic detection technology has problems, such as the inaccuracy of manual feature extraction, the difficulty of obtaining a large number of labeled samples, the insufficient utilization of unlabeled samples, and the low detection rate of unknown samples. A semi-supervised deep learning method is proposed to detect Trojan traffic by using unlabeled network traffic for model training. Firstly, the detection method based on the mean teacher model is used to improve the detection accuracy. Then, in order to solve the problem that the model generalization ability is not enough due to the random noise in the mean teacher model, a detection method based on the virtual adversarial mean teacher is proposed. At last, the experimental results show that the proposed semi-supervised deep learning detection method has higher accuracy in the task of two classifications, multi-classification and unknown sample detection under the condition of less labeled samples. Besides, the detection method based on virtual adversarial mean teacher model has stronger generalization performance than the original mean teacher model in the task of multi-classification. |
| |
| Keywords: | Trojan traffic detection deep learning semi-supervised model mean teacher virtual adversarial training |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机研究与发展》浏览原始摘要信息 |
|
点击此处可从《计算机研究与发展》下载全文 |
|
