Towards a Knowledge-Guided Foundation Model for Long-Tail Anomaly Detection in Network Traffic

Researchers will develop a knowledge-guided foundation model for timely  network traffic anomaly detection when data is under long-tailed distribution.

Funded by CCI’s Coastal Virginia Node and Southwest Virginia Node

Project Investigators

• Principal Investigator (PI): Gang Zhou, William & Mary Department of Computer Science
• Co-PI: Huajie Shao, William & Mary Department of Computer Science
• Co-PI: Bo Ji, Virginia Tech Department of Computer Science

Rationale

Network traffic anomalies threaten computer network security on such systems as mobile devices and cloud computing, leading to the loss of intellectual property, financial resources, and customer data. 

While classical machine learning techniques have been introduced to detect traffic anomalies based on their features, these methods struggle to generalize to unknown anomalies. 

To overcome this problem, recent studies have adopted pre-training foundation models (FMs) for network traffic anomaly detection. 

Projected Outcomes

Researchers will: 

• Develop a knowledge-guided foundation model to improve the generalization capability of traffic anomaly detection.
• Adopt knowledge-guided data augmentation and semantics-based data selection to mitigate the long-tail problem during fine-tuning. 

The project will be evaluated using real-world traffic datasets, such as Internet of Things (IoT) attacks, Android Malware, and DDoS attacks.