Feature Generation: A Novel Intrusion Detection Model Based on Prototypical Network

摘要

Intrusion detection becomes more and more essential to ensure cyberspace security. In fact, the detection is a process of classifying traffic data. However, attacks usually try to cover up themselves to be as similar as normal traffic to avoid being detected. This will cause a high degree of overlap among different classes in the input data, and affect the detection rate. In this paper, we propose a feature generation based prototypical network (FGPNetwork) model to solve overlapping data classification problem in intrusion detection. By analyzing the characteristics of data transmission in the network, we select the basic package characteristics and roughly divide them into several parts. Then, a contribution rate is used to calculate the specific contribution of basic features to classification. We order the features by rate descending in each part and generate the new features by Convolutional Neural Networks (CNN) with different kernels. The new features can obtain the intrinsic connection of original features and add more nonlinearity to the model. Finally, the combination of new features and original features will be input into the prototypical network. In prototypical network, data is mapped to a high-dimensional space, and separated by nanowing the distance of data and their respective cluster centers. Because of the uneven distribution of the intrusion detection dataset, we use undersampling method in each batch. The experimental result on NSL-KDD test dataset also shows that our model is better than other deep learning intrusion detection methods.