基于无监督对抗模型的网络异常检测算法  

作　　者：杨斌 李健 胡慧文 刘义英 陈文之 YANG Bin;LI Jian;HU Huiwen;LIU Yiying;CHEN Wenzhi(NARI Group Corporation(State Grid Electric Power Research Institute),Nanjing 211003,China)

机构地区：[1]南瑞集团有限公司(国网电力科学研究院有限公司),南京211003

出　　处：《河南科学》2025年第3期330-336,共7页Henan Science

基　　金：国网福建电力有限公司资助项目(SGFJXT00XXXX2000276)。

摘　　要：近年来,随着互联网和云计算的发展,网络环境日益复杂化,传统的网络异常检测方法证明不足以解决大规模、多样化的网络攻击行为。保障网络的稳定性和安全性,需要高效的检测机制。本文提出了一种基于无监督对抗模型的网络异常检测算法,旨在应对复杂的网络异常行为。首先采用无监督学习方法进行网络异常检测,不依赖于严格的标准数据集进行训练,从而提高了算法的泛化能力并降低了网络训练的难度。其次,设计了一种编码-解码结构的生成对抗网络作为算法的主要框架,以提升网络异常识别的准确度。最后,将改进后的长短时记忆网络嵌入到生成对抗网络中,以增强算法对数据长期依赖的处理能力,进而提升整体的稳定性。实验结果表明,所提方法能够稳定且准确地识别出网络异常行为,在标准数据集中的准确度和召回率分别达到了0.830和0.832,优于所对比的相关算法,更适用于真实网络环境的安全保障任务。In recent years,with the development of the Internet and cloud computing,the network environment has become increasingly complex,and traditional network anomaly detection methods have proven inadequate in addressing large-scale and diversified network attacks.To ensure network stability and security,efficient detection mechanisms has become imperative.Therefore,this paper proposes a network anomaly detection algorithm based on an unsupervised adversarial model,aiming to address complex network anomaly behaviors.Firstly,an unsupervised learning approach is employed for network anomaly detection,which does not rely on strict standard datasets for training,thereby improving the algorithm’s generalization ability and reducing the complexity of network training.Secondly,an encoder-decoder structured Generative Adversarial Network(GAN)is designed as the main framework of the algorithm to enhance the accuracy of network anomaly identification.Finally,an improved Long Short-Term Memory(LSTM)network is embedded into the GAN to strengthen the algorithm’s capability to handle long-term dependencies in the data,thereby improving overall stability.Experimental results show that the proposed method can stably and accurately identify network anomalies,achieving an accuracy and recall rate of 0.830 and 0.832,respectively,on standard datasets,outperforming the compared algorithms and making it more suitable for real-world network security tasks.

关 键 词：网络异常检测 无监督学习 生成对抗网络 长短时记忆网络 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]