| Network intrusion detection techniques have been playing an important role in ensuring cybersecurity by effectively dealing with network threats.Despite the large flows generated in complex network environments,these flows lack labels,and anomalies are hidden among a large amount of normal activities,resulting in class-imbalanced problem.In addition,network flows are heterogeneous data with high dimensionality and complexity,which pose application challenges for data-driven network intrusion detection methods.To address these issues,this dissertation proposes a network intrusion detection method based on the cotraining of dynamic and static attributes.The main contributions are as follows:(1)For the mobility of network flow and the topology of the network environment,this dissertation proposes a graph comparison learning algorithm based on temporal and graph neural networks.By constructing multiple views for contrast learning,the robustness and adaptiveness of the detection method are improved.The network flow graph is constructed according to the data transmission direction and frequency,which extends network intrusion detection to non-Euclidean space data and makes full use of the timing characteristics to improve the generalisation ability and detection of unknown attacks,meeting the real-time requirements in practical applications.(2)For the label sparsity problem,this dissertation constructs a semi-supervised graph neural network based on attribute and label propagation in the graph contrast learning algorithm.The model adopts a non-message passing framework and combines multi-hop attention to provide variable sensory fields for nodes to propagate attributes and labels,avoiding excessive computational costs and the over-smoothing problem brought about by multiple aggregations.Experiments validate its ability to cope with label sparsity and improve detection in a label-sparse environment.(3)For the network flow’s high-dimensional and complex problem,this dissertation proposes an attribute selection strategy based on probability distribution and cross-entropy.By calculating the probability distribution and cross-entropy of attribute values,the static attributes of network flow can be filtered with interpretability.In the feature space,clearer classification boundaries are obtained and the model’s consumption of computational resources is reduced,improving operational efficiency and detecting abnormal traffic.(4)For the class imbalance problem,this dissertation constructs a semi-supervised variational autoencoder based on label guessing and data augmentation.A small number of labelled samples are used to guide the sample generation of the variational autoencoder,and the number of samples and labelled data of minority class samples are expanded by label guessing to alleviate the class imbalance problem.In addition,an undersampling method based on node behaviour and an oversampling method based on secure selection are proposed to alleviate the class imbalance problem from the perspective of sample sampling.(5)In the complex network environment of label sparsity and class imbalance,the attribute and label propagation-based graph neural network and the semi-supervised variational autoencoder based on label guessing and data augmentation are co-trained by weighted fusion to combine the strengths of both models to improve model generalization and detection capabilities in the complex environment.This dissertation conducts comparative experiments on the UNSW-NB15,NSL-KDD and ToN-IoT datasets and demonstrates that the proposed method can efficiently and accurately detect anomalous flow in complex networks.Meanwhile,the method has high interpretability and can exploit the timing characteristics to meet the real-time requirements.Experimental results show that the proposed method can significantly improve the detection of minority class samples in complex environments with sparse labels and class imbalance,achieving the best results in both binary and multi-classification tasks. |
PDF Full Text Request