In the network traffic intrusion detection, deep learning based schemes have attracted lots of achievements. However, in real-world scenarios, data is often insufficient (few-shot), which leads to various deviations between the models prediction and the ground truth. Consequently, downstream tasks such as unknown attack detection based on few-shot will be limited by insufficient data. In this paper, we propose a novel unknown attack detection method based on Intra Categories Generation in Embedding Space, namely SFE-GACN, which might be the solution of few-shot problem. Concretely, we first propose Session Feature Embedding (SFE) to summarize the context of basic granularity of network traffic: sessions, bring the insufficient data to the pre-trained embedding space. In this way, we achieve the goal of preliminary information extension in the few-shot case. Second, we further propose the Generative Adversarial Cooperative Network (GACN), which improves the conventional Generative Adversarial Network by supervising the generated sample to avoid falling into similar categories, and thus enables samples to generate intra categories. Our proposed SFE-GACN achieved that it can accurately generate session samples in the case of few-shot, and ensure the difference between categories during data augmentation. The detection results show that compared to the state-of-the-art method, the average TPR is 8.38% higher, and the average FPR is 12.77% lower. In addition, we evaluated the graphics generation capabilities of GACN on the graphics dataset, the result shows our proposed GACN can be popularized for generating easy-confused multi-categories graphics.

在网络流量入侵检测中，基于深度学习的方案吸引了许多成就。但是，在实际情况下，数据通常是不够的（射门次数很少），这导致模型预测和地面真实情况之间出现各种偏差。因此，下游任务（例如，基于少量射击的未知攻击检测）将受到数据不足的限制。本文提出了一种基于嵌入空间内分类生成的未知攻击检测新方法，即SFE-GACN，它可能是少数问题的解决方案。具体而言，我们首先提出会话特征嵌入（SFE），以概括网络流量基本粒度的上下文：会话，将不足的数据带入预训练的嵌入空间。通过这种方式，在少数情况下，我们实现了初步信息扩展的目标。其次，我们进一步提出了生成对抗性合作网络（GACN），该网络通过监督生成的样本以避免落入相似的类别来改进常规的生成对抗性网络，从而使样本能够生成内部类别。我们提出的SFE-GACN实现了在少量拍摄的情况下可以准确生成会话样本，并确保在数据增强期间类别之间的差异。检测结果表明，与最新方法相比，平均TPR高8.38％，平均FPR低12.77％。此外，我们在图形数据集上评估了GACN的图形生成功能，