改进生成对抗网络与残差网络的流量异常检测模型  

作　　者：陈虹[1] 杨思文 金海波 武聪 由雨竹 CHEN Hong;YANG Si-wen;JIN Hai-bo;WU Cong;YOU Yu-zhu(School of Software,Liaoning Technical University,Huludao 125105,China;Institute of Science and Technology,Liaoning Technical University,Fuxin 123000,China)

机构地区：[1]辽宁工程技术大学软件学院,辽宁葫芦岛125105 [2]辽宁工程技术大学科学技术研究院,辽宁阜新123000

出　　处：《计算机技术与发展》2025年第4期65-72,共8页Computer Technology and Development

基　　金：国家自然科学基金(62173171);辽宁省教育厅科研项目(LJKFZ20220198)。

摘　　要：针对网络流量异常检测中因数据类别不平衡导致检测率不高、尤其少数类检测率偏低的问题,提出了一种结合改进生成对抗网络和残差网络的流量异常检测模型。首先,采用孤立森林算法对正常类样本进行异常值处理,以减少正常类样本与少数攻击类样本的边界重叠,避免在过采样过程中由于不同类型样本边界相似性而引入新的离群点。其次,利用条件Wasserstein生成对抗网络在保持数据分布一致性的前提下生成新的少数攻击类样本,解决数据失衡问题的同时提高样本多样性。最后,设计了分裂残差融合卷积自编码器-双向门控循环单元的流量异常检测方法,通过分裂残差结构提取多尺度空间特征,结合双向门控循环单元捕捉前后时序信息,并引入锐度感知最小化算法,结合随机梯度下降优化器,进一步提升少数类的检测率。实验结果表明,在NSL-KDD数据集上,该模型的准确率和F1分数分别达到了89.69%和89.71%。与主流方法相比,对U2R和R2L攻击流量的检出率分别提高了至少8.94%和3.39%,并在CICIDS2017场景数据集上进一步验证了该方法的有效性和可行性。To tackle the issue of imbalanced network traffic data leading to low detection rates,particularly for minority classes,an improved traffic anomaly detection model based on generative adversarial network and residual network is proposed.First,the isolation forest algorithm is employed to process outliers within the normal class samples,introduction of new outliers during oversampling caused by boundary similarities between different types of samples.This approach mitigates the risk of introducing new outliers during oversampling due to boundary similarities between different sample types.Next,a conditional Wasserstein generative adversarial network is used to generate new minority attack samples while maintaining data distribution consistency,thereby addressing data imbalance and enhancing sample diversity.Finally,a split residual fusion convolutional autoencoder–bidirectional gated recurrent unit model is designed for traffic anomaly detection.The split residual structure extracts multi-scale spatial features to improve anomaly detection performance,while the bidirectional gated recurrent unit captures bidirectional temporal dependencies.Additionally,sharpness-aware minimization,combined with the stochastic gradient descent optimizer,is incorporated to further improve detection rates for minority classes.Experimental results on the NSL-KDD dataset demonstrate that this model achieves an accuracy of 89.69%and an F1-score of 89.71%.Compared to mainstream methods,the detection rates for U2R and R2L attack traffic improve by at least 8.94%and 3.39%,respectively.The effectiveness and feasibility of this approach are further validated on the CICIDS2017 dataset.

关 键 词：流量异常检测 条件Wasserstein生成对抗网络 自编码器 孤立森林 锐度感知最小化 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]