With increased reliance on Internet based technologies, cyberattacks compromising users' sensitive data are becoming more prevalent. The scale and frequency of these attacks are escalating rapidly, affecting systems and devices connected to the Internet. The traditional defense mechanisms may not be sufficiently equipped to handle the complex and ever-changing new threats. The significant breakthroughs in the machine learning methods including deep learning, had attracted interests from the cybersecurity research community for further enhancements in the existing anomaly detection methods. Unfortunately, collecting labelled anomaly data for all new evolving and sophisticated attacks is not practical. Training and tuning the machine learning model for anomaly detection using only a handful of labelled data samples is a pragmatic approach. Therefore, few-shot weakly supervised anomaly detection is an encouraging research direction. In this paper, we propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework. This framework incorporates data augmentation, representation learning and ordinal regression. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.

翻译：随着对基于互联网技术的依赖日益增加，针对用户敏感数据的网络攻击愈发普遍。这些攻击的规模和频率迅速升级，影响到所有连接至互联网的系统和设备。传统的防御机制可能不足以应对复杂且不断变化的新型威胁。机器学习方法（包括深度学习）的重大突破，吸引了网络安全研究界的兴趣，以进一步改进现有的异常检测方法。然而，为所有不断演进且复杂的攻击收集标记的异常数据并不现实。仅使用少量标记数据样本来训练和调优用于异常检测的机器学习模型是一种务实的方法。因此，少样本弱监督的异常检测是一个有前景的研究方向。在本文中，我们提出对现有少样本弱监督深度学习异常检测框架的改进。该框架融合了数据增强、表示学习和有序回归。我们随后在三个基准数据集上评估并展示了所实现框架的性能：NSL-KDD、CIC-IDS2018 和 TON_IoT。