Unknown Intrusion Traffic Detection Method Based on Unsupervised Learning and Open-set Recognition

Intrusion traffic detection technology is an important network protection technology to ensure network communication security and protect users' information privacy. To address problems relating to the low classification accuracy of current intrusion traffic detection algorithms and that most of the current research focus on closed set detection, this paper proposes a detection and classification model for open set traffic based on information maximization generative adversarial network and OpenMax algorithm. Firstly, the intrusion traffic classification model under the closed set condition is trained, and the sample activation vector is recalculated in the penultimate layer of the model by using the OpenMax algorithm. According to the activation vector of the known category, the estimated probability of the unknown category is then calculated to identify unknown traffic. Results show that the model's classification accuracy for CICIDS2017 open set traffic in the misuse and anomaly detection experiments is above 88.5% and 88.2%, respectively. The model can effectively detect various types of unknown traffic with high detection accuracy and robustness.