Implementation Of Abnormal Traffic Detection System Based On Interpretable Small Sample Learning

With the booming development of the Internet,people have become more and more dependent on the network,and the network is unknowingly affecting every aspect of people’s lives.With the increase in network traffic,illegal network attacks are increasingly making network smart devices bring convenience to people but also bring security risks,such as leakage of personal privacy,so traditional traffic detection faces serious challenges.In this case,academia and industry attach great importance to traffic detection.The existing methods of traffic detection can be divided into traditional network traffic detection methods and machine learning-based network traffic detection methods.Traditional network traffic inspection techniques include Deep Packet Inspection(DPI),which implements network traffic inspection by verifying packet headers and data in real-time.It has the following two advantages: first,it will scan the whole packet with higher accuracy;second,it can implement predefined rule constraints to prevent the network from slowing down.However,it also has some shortcomings,such as: first,using DPI to stop certain malicious attacks can be used by unscrupulous people to develop similar new attacks and thus introduce new vulnerabilities;second,it is poorly private because DPI accesses specific information about the source and flow of information;third,it cannot identify encrypted traffic.Traditional network traffic detection methods based on machine learning methods can still accurately identify encrypted traffic without violating user privacy.However,it still has shortcomings,and the method requires a large amount of manually labeled traffic data to train the model.New types of anomalous network attacks are emerging,and the traffic data is difficult to collect and time-consuming to mark manually.To cope with the problem of the difficult collection of anomalous traffic data,this paper proposes a small-sample-based anomalous traffic detection method.Although semi-supervised and unsupervised learning can also solve the problem of difficult collection of labeled data,the semi-supervised and unsupervised anomalous traffic detection methods are difficult to train,the model does not easily converge,and the accuracy of anomalous traffic identification is not high.In contrast,small-sample-based anomalous traffic detection methods require only a small number of traffic samples for training anomalous traffic classification models.However,the traditional small-sample-based anomalous traffic detection method lacks interpretability for the model,and it is difficult to gain the trust of users.The SAE-SCNN model solves the problem of few samples and insufficient labeling data,and largely improves the accuracy of abnormal traffic identification.In addition,this paper proposes an interpretable small-sample-based learning anomalous traffic classification model,in which the model interpretable method is added for accurate feature extraction to provide the model’s decision process.The experimental results show that the two methods proposed in this paper have excellent anomalous traffic classification performance.The contributions of this paper are as follows:(1)An abnormal traffic detection method based on the SAE-SCNN model is proposed,with feature extraction by stacked self-encoder(SAE)and traffic classification by twin network(SCNN),and the experimental results show that the method improves the recognition rate of abnormal traffic.(2)An interpretable small-sample-based anomalous traffic detection method is proposed.An EFSL model is designed,consisting of an input module,a feature mapping module,an interpretable small-sample classification module,and a comparison learning module,to provide interpretability for the decision process of anomalous traffic detection,and experiments show that the method improves the average accuracy of anomalous traffic classification.(3)A simple small-sample learning-based anomalous traffic detection system is built,which uses an anomalous traffic detection method based on the SAE-SCNN model and an explainable smallsample learning-based anomalous traffic detection method to assist users in anomalous traffic detection and management through visualization.