Research And Implementation Of Intrusion Detection Method Based On Small Sample Learnin

Intrusion detection is an important means to ensure the security of cyberspace.Deep learning-based intrusion detection techniques have become a hot research topic and have achieved good results in terms of detection accuracy.However,there are still some issues.Firstly,many deep learning intrusion detection methods require a sufficient number of labeled samples to train the classifier,which is time-consuming and labor-intensive.Secondly,in real-world network environments,the frequency of network intrusion events is much lower than that of normal network behavior.As a result,the amount of abnormal traffic is much less than normal traffic.Additionally,the continuous emergence of new variants of network attacks leads to a scarcity of intrusion samples,which fails to meet the conditions for training deep learning models and results in poor detection performance.Therefore,these challenges need to be addressed to further improve the effectiveness of deep learning-based intrusion detection techniques.Few-shot learning is a method for addressing the problem of insufficient training samples,allowing for learning with a limited amount of data and achieving good detection results.This dissertation applies the idea of few-shot learning to the field of intrusion detection,aiming to address the issue of insufficient and hard-to-obtain abnormal samples.The main research content and contributions of this dissertation include the following points.To address the issue of hard-to-obtain intrusion samples,this dissertation proposes an intrusion detection method based on few-shot data augmentation at the data level.Firstly,an Auxiliary Classifier Generative Adversarial Network(ACGAN)is employed to augment the small-sample intrusion data by generating data belonging to specified categories,thus increasing the number of intrusion samples to meet the training requirements of deep learning models.Next,a Transformer-based intrusion detection classification model is constructed,focusing on session data.The augmented data is used to train this model.Experimental results demonstrate that the model trained using the augmented dataset with ACGAN achieves higher detection accuracy compared to the model trained using the original dataset.To address the issue of low detection rates for few-shot intrusion classes,this dissertation proposes a few-shot intrusion detection model based on Capsule Prototype Attention Network at the model level.Firstly,a temporal-spatial feature fusion model is introduced,utilizing a Capsule Network to extract more representative spatial features and preserve more sample information.Additionally,considering the temporal correlation in network traffic data,a Long Short-Term Memory(LSTM)network is employed to extract temporal features,which are then combined with the spatial features to form temporal-spatial features.Next,a prototype-based classification model is constructed,incorporating an attention mechanism module and introducing a voting mechanism.Experimental results demonstrate that the proposed model effectively improves the detection accuracy of few-shot classes without altering the overall data volume.Building upon the aforementioned research contents,this dissertation designs and implements an intrusion detection tool that consists of three major functional modules: traffic collection,attack detection,and result visualization.