Research on Network Unknown Attack Detection Based on Machine Learning#br#

	#br#

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (9): 807-.

Previous Articles Next Articles

Research on Network Unknown Attack Detection Based on Machine Learning#br#
#br#

Chen Liangchen1,2,3, Fu Deyin1, Liu Baoxu2, Lu Zhigang2, Jiang Zhengwei2, and Gao Shu3

1(School of Computer, China University of Labor Relations, Beijing 100048)
2(Key Laboratory of Network Assessment Technology (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)
3(School of Computer and Artificial Intelligence, Wuhan University of Technology, Wuhan 430063)

Online:2025-09-30 Published:2025-09-30

基于机器学习的网络未知攻击检测方法研究综述

陈良臣1,2,3傅德印1刘宝旭2卢志刚2姜政伟2高曙3

1(中国劳动关系学院计算机学院北京100048)
2(中国科学院网络测评技术重点实验室(中国科学院信息工程研究所)北京100093)
3(武汉理工大学计算机与人工智能学院武汉430063)

通讯作者: 陈良臣博士，副教授.主要研究方向为人工智能、机器学习、网络信息安全. chenliangchen@culr.edu.cn
作者简介:陈良臣博士，副教授.主要研究方向为人工智能、机器学习、网络信息安全. chenliangchen@culr.edu.cn 傅德印博士，教授.主要研究方向为机器学习、统计分析、人工智能. fudeyin@culr.edu.cn 刘宝旭博士，研究员.主要研究方向为网络攻防、安全态势感知、威胁发现. liubaoxu@iie.ac.cn 卢志刚博士，研究员.主要研究方向为网络攻防、安全态势感知、威胁发现. luzhigang@iie.ac.cn 姜政伟博士，正高级工程师.主要研究方向为网络攻防、安全态势感知、威胁发现. jiangzhengwei@iie.ac.cn 高曙博士，教授.主要研究方向为人工智能、网络信息安全、计算机视觉. gshu@whut.edu.cn

Abstract

Abstract: In the complex context of the continuous evolution of cybersecurity threats, the threats posed by unknown network attacks to digital infrastructure are increasing daily. Consequently, The technology for detecting unknown network attacks based on machine learning has emerged as a focal point in research. This paper first discusses the classification of intrusion detection systems and the commonly used technologies for detecting unknown network attacks. Subsequently, it conducts an indepth exploration of the methods for detecting unknown attacks based on machine learning from three dimensions: anomaly detection, openset recognition, and zeroshot learning. Furthermore, it summarizes the commonly used datasets and key evaluation indicators. Finally, it summarizes and looks ahead to the development trends and challenges of unknown attack detection. This article can provide references for further exploring new methods and technologies in the field of cyberspace security.

Key words: unknown attack detection, machine learning, anomaly detection, open set recognition, zero sample learning

摘要： 在网络安全威胁持续演变的复杂背景下，未知的网络攻击对数字基础设施的威胁与日俱增，基于机器学习的网络未知攻击检测技术成为研究重点.首先对入侵检测系统分类和网络未知攻击检测常用技术进行论述；其次从异常检测、开集识别和零样本学习3个维度对基于机器学习的网络未知攻击检测方法进行深入探讨，并进一步对常用数据集和关键评估指标进行总结；最后对未知攻击检测的发展趋势和挑战进行展望.可为进一步探索网络空间安全领域的新方法与新技术提供借鉴与参考.

关键词: 未知攻击检测, 机器学习, 异常检测, 开集识别, 零样本学习

CLC Number:

TP393

References

［1］Chen L C, Gao S, Liu B X, et al. UADDPL: An unknown encrypted attack detection method based on deep prototype learning［C］ Proc of the Int Conf on Pattern Recognition. Berlin: Springer, 2024: 124140［2］张涛, 陈璐, 张波, 等. 面向未知攻击感知的执行体细粒度调度算法［J］. 信息安全研究, 2025, 11(6): 569577［3］Trendmicro. CVE202336025 Exploited for defense evasion in phemedrone stealer campaign［EBOL］. ［20240112］. https:www.trendmicro.comen_usresearch24acve202336025exploitedfordefenseevasioninphemedronesteal.html［4］何国锋. 面向未知威胁的网络攻击行为自感知方法研究及应用［D］. 成都: 电子科技大学, 2024［5］Fatema E H, Noura H, Salman O, et al. Advanced machine learning approaches for zeroday attack detection: A review［C］ Proc of the 8th Cyber Security in Networking Conference. Piscataway, NJ: IEEE, 2024: 297304［6］Alazzam H, Sharieh A, Sabri K E. A lightweight intelligent network intrusion detection system using OCSVM and pigeon inspired optimizer［J］. Applied Intelligence, 2022, 52(4): 35273544［7］Mbona I, Eloff J H P. Detecting zeroday intrusion attacks using semisupervised machine learning approaches［J］. IEEE Access, 2022, 10: 6982269838［8］兰景宏, 常昊, 蔡军飞, 等．融合三元组网络和单分类算法的未知攻击检测［JOL］. 计算机应用与软件, 2024 ［20250201］. https:link.cnki.neturlid31.1250.TP.20241111.1238.008［9］Moussa M M, Alazzawi L.Cyber attacks detection based on deep learning for clouddew computing in automotive IoT applications［C］ Proc of the 2020 IEEE Int Conf on Smart Cloud. Piscataway, NJ: IEEE, 2020: 5561［10］Hwang C, Kim D, Lee T. Semisupervised based unknown attack detection in EDR environment［J］. KSII Trans on Internet and Information Systems, 2020, 14(12): 49094926［11］Kim S, Hwang C, Lee T. Anomaly based unknown intrusion detection in endpoint environments［J］. Electronics, 2020, 9(6): 119［12］Kim C, Chang S Y, Kim J. Zeroday malware detection using thresholdfree autoencoding architecture［C］ Proc of the IEEE Int Conf on Big Data. Piscataway, NJ: IEEE, 2021: 12791284［13］Binbusayyis A, Vaiyapuri T. Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and oneclass SVM［J］. Applied Intelligence, 2021, 51(10): 70947108［14］Vanerio J, Casas P. Ensemblelearning approaches for network security and anomaly detection［C］ Proc of the Workshop on Big Data Analytics and Machine Learning for Data Communication Networks. New York: ACM, 2017: 16［15］Zhang Z, Zhang Y, Niu J, et al. Unknown network attack detection based on openset recognition and active learning in drone network［J］. Trans on Emerging Telecommunications Technologies, 2022, 33(10): 116［16］Shin G, Kim D, Han M. Open set recognition with dissimilarity weight for unknown attack detection［J］. IEEE Access, 2023, 11: 102381102390［17］Ahmad R, Alsmadi I, Alhamdani W, et al. A deep learning ensemble approach to detecting unknown network attacks［J］. Journal of Information Security and Applications, 2022, 67: 115［18］Liu Z, Li S, Zhang Y. Efficient malware originated traffic classification by using generative adversarial networks［C］ Proc of the 2020 IEEE Symp on Computers and Communications. Piscataway, NJ: IEEE, 2020: 17［19］Zhao Z, Chen G, Liu T, et al. Attack as detection: Using adversarial attack methods to detect abnormal examples［J］. ACM Trans on Software Engineering and Methodology, 2024, 33(3): 145［20］Liu A, Wang Y P, Li T. SFEGACN: A novel unknown attack detection under insufficient data via intra categories generation in embedding space［J］. Computers & Security, 2021, 105(7): 102262102275［21］Li Z, Qin Z, Shen P, et al. Zeroshot learning for intrusion detection via attribute representation［C］ Proc of the Int Conf on Neural Information Processing, Berlin: Springer, 2019: 352364［22］Demirel D Y, Sandikkaya M T. Web based anomaly detection using zeroshot learning with CNN［J］. IEEE Access, 2023, 11: 9151191525［23］Barros P H, Chagas E T C, Oliveira L B, et al. MalwareSMELL: A zeroshot learning strategy for detecting zeroday vulnerabilities［J］. Computers & Security, 2022, 120(12): 118［24］Kumar V, Sinha, D. A robust intelligent zeroday cyberattack detection technique［J］. Complex Intelligence System, 2021, 7(5): 22112234［25］Ahmed A, Aminollah K, Hisham A. Adversarial learning attacks on graphbased IoT malware detection systems［C］ Proc of the 39th IEEE Int Conf on Distributed Computing Systems. Piscataway, NJ: IEEE, 2019: 12961305［26］Huu K, Wilson T, Legay A. Unsupervised behavioural mining and clustering for malware family identification［C］ Proc of the 36th Annual ACM Symp on Applied Computing. New York: ACM, 2021: 374383［27］Pang G, Shen C, Cao L, et al. Deep learning for anomaly detection: A review［J］. ACM Computing Surveys, 2021, 54(2): 138［28］Yucel M K, Cinbis R G, Duygulu P. How robust are discriminatively trained zeroshot learning models?［J］. Image Vis Computer, 2022, 119(3): 127［29］Won D, Jang Y N, Lee S W. PlausMalGAN: Plausible malware training based on generative adversarial networks for analogous zeroday malware detection［J］. IEEE Trans on Emerging Topics in Computing, 2022, 11(1): 8294［30］Mauro C, Shubham K, Vinod P. A fewshot malware classification approach for unknown family recognition using malware feature visualization［J］. Computers & Security, 2022, 122: 116［31］Liu C, Li B, Zhao J, et al. FewMHGCL: Fewshot malware variants detection via heterogeneous graph contrastive learning［J］. IEEE Trans on Depend Sec Computer, 2022, 14(8): 118［32］Julian B, Anton K, Volker T. NFGNN: Network flow graph neural networks for malware detection and classification［C］ Proc of the 33rd Int Conf on Scientific and Statistical Database Management. New York: ACM, 2021: 121132［33］Liu Z, Wang R, Japkowicz N. Research on unsupervised feature learning for Android malware detection based on restricted boltzmann machines［J］. Future Generation Computer Systems, 2021, 120(7): 91108［34］Samaneh M, Andi F, Rasool. Dynamic Android malware category classification using semisupervised deep learning［C］ Proc of the 18th IEEE Int Conf on Dependable, Autonomic and Secure Computing. Piscataway, NJ: IEEE, 2020: 515522［35］Samaneh M, Dima A, Ali G. Effective and efficient hybrid Android malware classification using pseudolabel stacked autoencoder［J］. Journal of Network System Manag, 2022, 30(1): 134

[1]	. A DoH Realtime Traffic Identification System [J]. Journal of Information Security Reserach, 2025, 11(4): 358-.
[2]	. [J]. Journal of Information Security Reserach, 2025, 11(2): 173-.
[3]	. TCNGANbased Temporal Traffic Anomaly Detection [J]. Journal of Information Security Reserach, 2025, 11(10): 907-.
[4]	. Research on Traffic Anomaly Detection Method and System for API Gateway [J]. Journal of Information Security Reserach, 2025, 11(10): 917-.
[5]	. Container Anomaly Detection Based on Attention Mechanism and Multiscale Convolutional Neural Network [J]. Journal of Information Security Reserach, 2025, 11(1): 35-.
[6]	. Research on Location Attack Detection of VANET Based on Incremental Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 277-.
[7]	. Malicious Client Detection and Defense Method for Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(2): 163-.
[8]	. Traffic Anomaly Detection Method by Secondorder Feature [J]. Journal of Information Security Reserach, 2024, 10(12): 1082-.
[9]	. Traffic Anomaly Detection Based on Improved Pigeon Inspired Optimizer and #br# Pyramid Convolution#br# [J]. Journal of Information Security Reserach, 2024, 10(12): 1107-.
[10]	. Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 921-.
[11]	. Research on Blockchain Abnormal Transaction Detection Technology Based on LightGBM [J]. Journal of Information Security Reserach, 2023, 9(9): 877-.
[12]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[13]	. Research on Blockchain Anomaly Transaction Detection Technology Based on Stacking Ensemble Learning [J]. Journal of Information Security Reserach, 2023, 9(2): 98-.
[14]	. Research on the Trusted Identity Scheme of Internet of Vehicles Based on Blockchain Oracle [J]. Journal of Information Security Reserach, 2023, 9(2): 120-.
[15]	. Machine Learning based Code Injection Attack Vulnerability Detection for Android Hybrid Applications [J]. Journal of Information Security Reserach, 2023, 9(10): 940-.

Research on Network Unknown Attack Detection Based on Machine Learning#br#
#br#

基于机器学习的网络未知攻击检测方法研究综述

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Research on Network Unknown Attack Detection Based on Machine Learning#br# #br#

基于机器学习的网络未知攻击检测方法研究综述

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Research on Network Unknown Attack Detection Based on Machine Learning#br#
#br#