Abstract:
The existing Trojan traffic detection technology has problems, such as the inaccuracy of manual feature extraction, the difficulty of obtaining a large number of labeled samples, the insufficient utilization of unlabeled samples, and the low detection rate of unknown samples. A semi-supervised deep learning method is proposed to detect Trojan traffic by using unlabeled network traffic for model training. Firstly, the detection method based on the mean teacher model is used to improve the detection accuracy. Then, in order to solve the problem that the model generalization ability is not enough due to the random noise in the mean teacher model, a detection method based on the virtual adversarial mean teacher is proposed. At last, the experimental results show that the proposed semi-supervised deep learning detection method has higher accuracy in the task of two classifications, multi-classification and unknown sample detection under the condition of less labeled samples. Besides, the detection method based on virtual adversarial mean teacher model has stronger generalization performance than the original mean teacher model in the task of multi-classification.