[1]陈虹,杨思文,金海波,等.改进生成对抗网络与残差网络的流量异常检测模型[J].计算机技术与发展,2025,(04):65-72.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0372]
 CHEN Hong,YANG Si-wen,JIN Hai-bo,et al.An Improved Traffic Anomaly Detection Model Based on Generative Adversarial Network and Residual Network[J].,2025,(04):65-72.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0372]
点击复制

改进生成对抗网络与残差网络的流量异常检测模型()

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2025年04期
页码:
65-72
栏目:
网络空间安全
出版日期:
2025-04-10

文章信息/Info

Title:
An Improved Traffic Anomaly Detection Model Based on Generative Adversarial Network and Residual Network
文章编号:
1673-629X(2025)04-0065-08
作者:
陈虹1杨思文1金海波1武聪2由雨竹1
1. 辽宁工程技术大学 软件学院,辽宁 葫芦岛 125105;
2. 辽宁工程技术大学 科学技术研究院,辽宁 阜新 123000
Author(s):
CHEN Hong1YANG Si-wen1JIN Hai-bo1WU Cong2YOU Yu-zhu1
1. School of Software,Liaoning Technical University,Huludao 125105,China;
2. Institute of Science and Technology,Liaoning Technical University,Fuxin 123000,China
关键词:
流量异常检测条件Wasserstein生成对抗网络自编码器孤立森林锐度感知最小化
Keywords:
traffic anomaly detectionconditional Wasserstein generative adversarial networkautoencoderisolation forestsharpness-aware minimization
分类号:
TP393
DOI:
10.20165/j.cnki.ISSN1673-629X.2024.0372
摘要:
针对网络流量异常检测中因数据类别不平衡导致检测率不高、尤其少数类检测率偏低的问题,提出了一种结合改进生成对抗网络和残差网络的流量异常检测模型。 首先,采用孤立森林算法对正常类样本进行异常值处理,以减少正常类样本与少数攻击类样本的边界重叠,避免在过采样过程中由于不同类型样本边界相似性而引入新的离群点。 其次,利用条件 Wasserstein 生成对抗网络在保持数据分布一致性的前提下生成新的少数攻击类样本,解决数据失衡问题的同时提高样本多样性。 最后,设计了分裂残差融合卷积自编码器-双向门控循环单元的流量异常检测方法,通过分裂残差结构提取多尺度空间特征,结合双向门控循环单元捕捉前后时序信息,并引入锐度感知最小化算法,结合随机梯度下降优化器,进一步提升少数类的检测率。 实验结果表明,在 NSL-KDD 数据集上,该模型的准确率和 F1 分数分别达到了 89. 69% 和 89. 71% 。 与主流方法相比,对 U2R 和 R2L 攻击流量的检出率分别提高了至少 8. 94% 和 3. 39% ,并在 CICIDS2017 场景数据集上进一步验证了该方法的有效性和可行性。
Abstract:
To tackle the issue of imbalanced network traffic data leading to low detection rates, particularly for minority classes, an improved traffic anomaly detection model based on generative adversarial network and residual network is proposed. First,the isolation forest algorithm is employed to process outliers within the normal class samples,introduction of new outliers during oversampling caused by boundary similarities between different types of samples. This approach mitigates the risk of introducing new outliers during oversampling due to boundary similarities between different sample types. Next,a conditional Wasserstein generative adversarial network is used to generate new minority attack samples while maintaining data distribution consistency,thereby addressing data imbalance and en-hancing sample diversity. Finally,a split residual fusion convolutional autoencoder – bidirectional gated recurrent unit model is designed for traffic anomaly detection. The split residual structure extracts multi-scale spatial features to improve anomaly detection performance,while the bidirectional gated recurrent unit captures bidirectional temporal dependencies. Additionally,sharpness-aware minimization,combined with the stochastic gradient descent optimizer, is incorporated to further improve detection rates for minority classes.Experimental results on the NSL - KDD dataset demonstrate that this model achieves an accuracy of 89.69% and an F1 - score of 89.71% . Compared to mainstream methods,the detection rates for U2R and R2L attack traffic improve by at least 8.94% and 3.39%,respectively. The effectiveness and feasibility of this approach are further validated on the CICIDS2017 dataset.
更新日期/Last Update: 2025-04-10