基于图对比学习的自监督网络流量检测模型

doi:10.16180/j.cnki.issn1007-7820.2025.03.004

电子科技 ›› 2025, Vol. 38 ›› Issue (3): 22-31.doi: 10.16180/j.cnki.issn1007-7820.2025.03.004

基于图对比学习的自监督网络流量检测模型

王紫祎, 陈世平()

上海理工大学光电信息与计算机工程学院,上海 200093

收稿日期:2023-08-12 修回日期:2023-09-14 出版日期:2025-03-15 发布日期:2025-03-11
通讯作者: 陈世平(1964-),男,E-mail:1164624362@qq.com,博士,教授。研究方向:信息检索、大数据、云计算。
作者简介:王紫祎(1998-),女,硕士研究生。研究方向:异常检测、信息安全。
基金资助:
国家自然科学基金(61472256);国家自然科学基金(61170277);上海理工大学科技发展基金(16KJFZ035);上海理工大学科技发展基金(2017KJFZ033);沪江基金(A14006)

Self-Supervised Network Intrusion Detection Model Based on Graph Contrastive Learning

WANG Ziyi, CHEN Shiping()

School of Optical-Electrical and Computer Engineering,University of Shanghai for Science and Technology,Shanghai 200093,China

Received:2023-08-12 Revised:2023-09-14 Online:2025-03-15 Published:2025-03-11
Supported by:
National Natural Science Foundation of China(61472256);National Natural Science Foundation of China(61170277);Shanghai University of Technology Science and Technology Development Foundation(16KJFZ035);Shanghai University of Technology Science and Technology Development Foundation(2017KJFZ033);Hujiang Foundation(A14006)

摘要/Abstract

摘要：

传统网络异常流量检测方法存在忽略网络拓扑结构、获取标注数据成本高等问题,导致模型的准确率和泛化性较低。为此,文中提出了一种基于图神经网络和自监督学习的检测方法。利用网络流量数据的特点构建自监督图对比学习任务,通过边特征变换和边遮掩进行流量图增强生成对比样本。改进基于GraphSAGE(Graph SAmple and aggreGatE)的图编码器以充分利用相关关系来丰富节点的特征表示。使用适合对比学习的InfoNCE损失函数训练图编码器的参数,实现自主学习特征表示,摆脱对网络流量标签数据的依赖,并提高网络异常流量检测的准确率。实验结果表明,所提模型在没有标签数据的情况下在检测异常网络流量性能方面表现良好,在两个公开数据集上的F1值分别达到了92.64%和90.97%。

关键词: 网络流量检测, 图神经网络, 对比学习, 自监督表征学习, InfoNCE损失函数, 图表示学习, 深度学习, 图数据增强

Abstract:

Traditional methods for detecting network traffic anomalies suffer from issues such as neglecting network topology and high costs associated with acquiring labeled data, leading to lower model accuracy and generalization. This study proposes a detection approach based on graph neural networks and self-supervised learning. Based on the characteristics of network traffic data, the self-supervised graph comparison learning task is constructed, and the traffic graph is enhanced by edge feature transformation and edge masking to generate comparison samples. The graph encoder based on GraphSAGE(Graph SAmple and aggreGatE)is improved to make full use of correlation to enrich the feature representation of nodes, and the parameters of the graph encoder are trained with InfoNCE loss function suitable for comparative learning to achieve self-learning feature representation, get rid of the dependence on network traffic label data, and improve the accuracy of network abnormal traffic detection. The experimental results show that the proposed model performs well in detecting abnormal network traffic without label data, with F1 values reaching 92.64% and 90.97% on two public data sets, respectively.

Key words: network intrusion detection, graph neural networks, contrastive learning, self-supervised learning, InfoNCE loss function, graph representation learning, deep learning, graph data enhancement

中图分类号:

TP393

王紫祎, 陈世平. 基于图对比学习的自监督网络流量检测模型[J]. 电子科技, 2025, 38(3): 22-31.

WANG Ziyi, CHEN Shiping. Self-Supervised Network Intrusion Detection Model Based on Graph Contrastive Learning[J]. Electronic Science and Technology, 2025, 38(3): 22-31.

图/表 16

图1

图2

图3

图4

图5

图6

表1

表2

表3

表4

表5

表6

图7

图8

表7

图9

参考文献 25

[1]	张天奇, 张顺康. 基于主成分分析的实时全网络异常检测方法[J]. 电子科技, 2019, 32(12):17-21.
	Zhang Tianqi, Zhang Shunkang. A real-time full network performance anomaly detection algorithm based on principal component[J]. Electronic Science and Technology, 2019, 32(12):17-21.
[2]	He H, Sun X, He H, et al. A novel multimodal-sequential approach based on multi-view features for network intrusion detection[J]. IEEE Access, 2019, 20(7): 183207-183221.
[3]	Wu P, Guo H. LuNET:A deep neural network for network intrusion detection[C]. Xiamen: IEEE Symposium Series on Computational Intelligence,2019:617-624.
[4]	Rusek K, Suarez Varela J, Almasan P, et al. RouteNet: Leveraging graph neural networks for network modeling and optimization in SDN[J]. IEEE Journal on Selected Areas in Communications, 2020, 39(9):1-7.
[5]	Zhou J, Xu Z, Rush A M, et al. Automating botnet detection with graph neural networks[EB/OL].(2020-3-13) [2023-08-12].https://doi.org/10.48550/arXiv.2003.06344.
[6]	Benaddi H, Jouhari M, Ibrahimi K, et al. Anomaly detection in industrial IoT using distributional reinforcement learning and generative adversarial networks[J]. Sensors, 2022, 22(21):8085-8086.
[7]	Zhu H, Lu J. Graph-based intrusion detection system using general behavior learning[C]. Rio de Janeir: IEEE Global Communications Conference,2022:2621-2626.
[8]	Wang Z, Li Z, Wang J, et al. Network intrusion detection model based on improved BYOL self-supervised learning[J]. Security and Communication Networks, 2021, 47(2):1-23.
[9]	Chen T, Kornblith S, Norouzi M, et al. A simple framework for contrastive learning of visual representations[C]. Online: International Conference on Machine Learning,2020:1597-1607.
[10]	Liu Y, Jin M, Pan S, et al. Graph self-supervised learning:A survey[J]. IEEE Transactions on Knowledge and Data Engineering, 2022, 35(6):5879-5900.
[11]	Sun F Y, Hoffmann J, Verma V, et al. Infograph: Unsupervised and semi-supervised graph-level representation learning via mutual information maximization[EB/OL].(2019-6-31)[2023-08-12].https://doi.org/10.48550/arXiv.1908.01000.
[12]	You Y, Chen T, Sui Y, et al. Graph contrastive learning with augmentations[J]. Advances in Neural Information Processing Systems, 2020, 33(1):5812-5823.
[13]	陈娜, 黄金诚, 李平. 结合对比学习的图神经网络防御方法[J]. 计算机科学与探索, 2023, 17(8):1949-1960.
	Chen Na, Huang Jincheng, Li Ping. Graph neural network defense combined with contrast learning[J]. Journal of Frontiers Computer Science and Technology, 2023, 17(8):1949-1960.
[14]	Hamilton W, Ying Z, Leskovec J. Inductive representation learning on large graphs[J]. Advances in Neural Information Processing Systems, 2017, 30(2):47-51.
[15]	Lo W W, Layeghy S, Sarhan M, et al. E-graphSAGE:A graph neural network based intrusion detection system for IoT[C]. Budapest: NOMS IEEE/IFIP Network Operations and Management Symposium,2022:1-9.
[16]	Hadsell R, Chopra S, Yang L C. Dimensionality reduction by learning an invariant mapping[C]. New York: IEEE Computer Society Conference on Computer Vision and Pattern Recognition,2006:1735-1742.
[17]	Oord A, Li Y, Vinyals O. Representation learning with contrastive predictive coding[EB/OL].(2018-6-10) [2023-08-12].https://doi.org/10.48550/arXiv.1807.03748.
[18]	He Z, Xu X, Deng S. Discovering cluster-based local outliers[J]. Pattern Recognition Letters, 2003, 24(9-10): 1641-1650.
[19]	Xu K, Li C, Tian Y, et al. Representation learning on graphs with jumping knowledge networks[C]. Stockholm: International Cconference on Machine Learning,2018: 5453-5462.
[20]	Sarhan M, Layeghy S, Portmann M. Towards a standard feature set for network intrusion detection system datasets[J]. Mobile Networks and Applications, 2022, 47(7): 1-14.
[21]	邹承明, 陈德. 高维大数据分析的无监督异常检测方法[J]. 计算机科学, 2021, 48(2):121-127.
	Zou Chengming, Chen De. Unsupervised anomaly detection method for high-dimensional big data analysis[J]. Computer Science, 2021, 48(2):121-127.
[22]	Sinha J, Manollas M. Efficient deep CNN-BiLSTM model for network intrusion detection[C]. Xiamen: The Third International Conference on Artificial Intelligence and Pattern Recognition,2020:223-231.
[23]	Chang L, Branco P. Graph-based solutions with residuals for intrusion detection: The modified E-graphSAGE and E-ResGAT algorithms[EB/OL].(2021-11-26)[2023-08-12].https://doi.org/10.48550/arXiv.2111.13597.
[24]	Wang W, Jian S, Tan Y, et al. Robust unsupervised network intrusion detection with self-supervised masked context reconstruction[J]. Computersand Security, 2023, 72(8): 103131-103132.
[25]	Zakroum M, François J, Ghogho M, et al. Self-supervised latent representations of network flows and application to darknet traffic classification[J]. IEEE Access, 2023, 26(4):74-83.

预测	真实
预测	True	False
Positive	TP	FP
Negative	TN	FN

参数	数值
node_features	[39,1,39]
edge_features	[33 464,1,39]
ndim_in	39
ndim_out	128
edim	33 464
全连接层神经元	128

模型	NF-ToN-IoT-v2			NF-UNSW-NB15-v2
模型	Precision/%	Recall/%	F1/%	Precision/%	Recall/%	F1/%
CNN-BiLSTM	73.65	80.63	76.98	70.99	71.56	71.27
E-GraphSAGE	84.95	69.03	74.43	76.57	89.79	81.11
E-ResGAT	87.26	94.76	90.63	85. 05	87.65	86.28
BYOL-NIDS	80.76	82.88	81.77	87.05	88.72	87.86
RUIDS	87.93	93.58	90.67	90.91	89.26	90.08
VGAE	87.16	86.63	86.89	87.63	90.32	88.96
本文	87.69	99.32	92.64	87.25	95.65	90.97

模型	参数量/10⁶
CNN-BiLSTM	0.03
E-GraphSAGE	0.01
E-ResGAT	0.03
BYOL-NIDS	0.18
RUIDS	0.3
VGAE	0.68
本文	0.23

方案	Precision/%	Recall/%	F1/%
w/o图对比学习	84.95	69.03	74.43
w/o对比损失	86.52	87.66	87.08
w/o知识跳跃网络	85.75	72.97	77.84
本文模型	87.69	99.32	92.64

基于图对比学习的自监督网络流量检测模型

Self-Supervised Network Intrusion Detection Model Based on Graph Contrastive Learning

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 16

参考文献 25

相关文章 15

Metrics

本文评价

推荐阅读 0

方法	NF-ToN-IoT-v2/%	NF-UNSW-NB15-v2/%
BCE Loss	90.23	90.61
Focal Loss	89.18	88.96
InfoNCE Loss	92.64	90.97

[1]	赵云飞, 薛存金. 一种融合空洞卷积与池化模型的遥感影像水体提取方法[J]. 电子科技, 2025, 38(3): 40-46.
[2]	郑方亮, 王延年, 廉继红, 阮佩. 基于条件先验Swin Transformer的人脸图像超分辨重建[J]. 电子科技, 2025, 38(2): 35-41.
[3]	赖颖, 巨志勇, 叶雨新. 基于改进YOLOv4的车辆检测算法[J]. 电子科技, 2025, 38(1): 81-87.
[4]	何志强, 孙占全. 基于Swin-Transformer的颈动脉超声图像斑块分割[J]. 电子科技, 2024, 37(9): 48-56.
[5]	杨潇, 李高磊. 半监督图节点分类任务的清洁标签后门植入[J]. 电子科技, 2024, 37(9): 57-63.
[6]	何幸, 黄永明, 朱勇. 基于改进YOLOv5的路面坑洼检测方法[J]. 电子科技, 2024, 37(7): 53-59.
[7]	叶雨新, 巨志勇, 赖颖. 融合感受野增强和注意力机制的交通标志检测算法[J]. 电子科技, 2024, 37(6): 8-16.
[8]	袁傲, 齐金鹏, 贾灿, 薛宇鑫, 郭阳阳. 一种基于深度学习的时序病变数据段分类方法[J]. 电子科技, 2024, 37(6): 84-91.
[9]	朱子豪, 宋燕. 融合注意力和胶囊池化的轻量型胶囊网络[J]. 电子科技, 2024, 37(5): 1-8.
[10]	夏榕成, 刘德儿. 基于深度学习的城市内涝区域车辆检测与分析[J]. 电子科技, 2024, 37(5): 18-24.
[11]	马文杰, 张轩雄. 基于深度学习的盲道和盲道障碍物识别算法[J]. 电子科技, 2024, 37(3): 75-83.
[12]	崔晶楠, 黄春艳, 李艳玲. 改进YOLOv5s算法的钢材表面缺陷检测[J]. 电子科技, 2024, 37(12): 48-55.
[13]	梁水芬, 郭志勇. 深度学习在肾结石影像诊断的应用进展[J]. 电子科技, 2024, 37(12): 67-72.
[14]	李云鹏, 席志红. 基于RetinaFace与FaceNet的动态人脸识别系统设计[J]. 电子科技, 2024, 37(12): 79-86.
[15]	廉悦, 刘德儿. 户外导盲动态障碍目标RGB-D视觉感知与探测[J]. 电子科技, 2024, 37(12): 9-16.