A Network Attack Traffic Detection System Based on a Small Sample and Imbalanced Data

In order to solve the problem that the supervised learning method used in network attack traffic detection relies heavily on the scale of label data, an attack traffic detection system is designed and a network attack traffic detection model (CNN-Siamese) based on siamese network and deep learning convolutional neural network (CNN) is built to achieve the purpose of few-shot and uneven attack traffic detection. Subsequently, a pre-trained detection model AE-CNN-Siamese was constructed, adopting the idea of migration learning, to solve the problem of unstable prediction caused by CNN-Simaese on obtaining training samples. In addition, the contrastive loss function commonly used in a siamese network is improved. The experimental results show that CNN-Siamese can accurately detect attack traffic. Compared with CNN and CNN-SVM, it can correct the error when there is no significant gap in the false negative rate. The reporting rate is reduced from 30% to 2%; the prediction result of AE-CNN-Sia-mese is more stable than that of CNN-Siamese; the improved loss function improves the convergence speed of the model and accelerates model training.