Nearest cluster-based intrusion detection through convolutional neural networks

技术要点

So, the primary innovation of this study is the definition of a new deep learning pipeline, that couples the characteristics of a target network flow to the characteristics of the neighbour of the flow under consideration, which belongs to the same class, as well as the characteristics of the neighbour that belongs to the opposite class of the target flow.

Another innovation is that this joint information – the characteristics of the network flows coupled to the characteristics of the neighbour flows – is represented as multiple rows of image-like 2D pixel grids, instead of being concatenated into 1D vectors.

However, to the best of our knowledge, none of the existing state-of-the-art algorithms propose a 2D representation of the network flows, which encodes the neighbouring informa- tion in the imaging step. On the other hand, this is one of the innovative contributions of this study,

Similarly to the above-mentioned studies, we also adopt clus- tering to speed up the computation. However, we pursue this speeding-up with respect to the imaging stage, while the related works listed above mainly use clustering to accelerate the deep learning stage, by reducing the volume of data processed to train the networks. We also perform experiments proving that the efficiency in our methodology is gained by preserving the accuracy of the final CNNs trained with the produced images.

因此，本研究的主要创新之处在于定义了一种新的深度学习管道，它将目标网络流的特征与所考虑的同类别流的邻居的特征相结合，以及属于目标流相反类的邻居的特性。

另一个创新是，这种联合信息——网络流的特征与相邻流的特征耦合——被表示为多行类似图像的2D像素网格，而不是被连接成一维向量。

然而，据我们所知，现有的最先进的算法都没有提出网络流的二维表示，在成像步骤中对邻近的信息进行编码。另一方面，这是本研究的创新贡献之一，

与上述研究相似，我们也采用聚类来加快计算速度。然而，我们在成像阶段追求这种加速，而上面列出的相关工作主要使用聚类来加速深度学习阶段，通过减少处理的数据量来训练网络。我们还进行了实验，证明了我们的方法的效率是通过保持最后用生成的图像训练的cnn的准确性来获得的。

关键文献

Z. Li, Z. Qin, K. Huang, X. Yang, S. Ye, Intrusion detection using convolutional neural networks for representation learning, in: ICONIP, Springer International Publishing, 2017, pp. 858–866.
T. Kim, S.C. Suh, H. Kim, J. Kim, J. Kim, An encoding technique for cnn-based network anomaly detection, in: 2018 IEEE International Conference on Big Data (Big Data), IEEE, 2018, pp. 2960–2965.
K. He, X. Zhang, S. Ren, J. Sun, Deep residual learning for image recognition,in: 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR), IEEE Computer Society, 2016, pp. 770–778.
C. Szegedy, Wei Liu, Yangqing Jia, P. Sermanet, S. Reed, D. Anguelov, D.Erhan, V. Vanhoucke, A. Rabinovich, Going deeper with convolutions, in:2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR),IEEE, 2015, pp. 1–9.
K. Millar, A. Cheng, H.G. Chew, C.-C. Lim, Using convolutional neural networks for classifying malicious network traffic, Deep Learn. Appl. Cyber Secur. (2019) 103–126.