Regarding the issue of being unable to simultaneously achieve high detection accuracy for both resource-consuming high-traffic attacks and stealth-based dormant attacks, a spatiotemporal network traffic detection framework (CLA+SubModule) tailored for asymmetric attack scenarios is proposed, which is designed to enhance detection accuracy for both attack types. Firstly, issues related to data quality and scale differences are addressed through data preprocessing, thereby minimizing the impact of class imbalance on model performance. Secondly, spatiotemporal features of network traffic are jointly learned at multiple levels through the integration of CNN, LSTM networks, and AM. Additionally, a small-sample detection branch (SubModule) based on adaptive weighting is constructed to enhance the model’s focus on small-sample attacks. Finally, model performance is validated using a test set. Experimental results show that the proposed framework is shown to effectively capture spatiotemporal features of attack sources, achieving detection accuracies exceeding 99.85% for resource-consuming attacks and 92.72% for stealth dormant attacks, significantly outperforming traditional machine learning methods and mainstream deep learning models.
本文选用公开的网络入侵检测数据集CIC-IDS-2017和CSE-CIC-IDS2018 on AWS进行实验和评估,数据集样本统计情况如表1和表2所示。
CIC-IDS-2017数据集是由加拿大网络安全研究所(CIC)精心构建,涵盖拒绝服务(DoS)、分布式拒绝服务(DDoS)、端口扫描、恶意软件传播和僵尸网络活动等攻击类型,同时也包含丰富的正常网络行为样本。CSE-CIC-IDS2018 on AWS数据集是由加拿大安全、取证和渗透测试研究组(CSE)与加拿大网络安全研究所合作创建,包括暴力攻击、心脏出血、僵尸网络、DoS、DDoS、Web攻击和网络内部渗透等7种不同的攻击场景。两类数据集具有高度的相似性,正常流量样本中均包含有资源消耗型攻击和隐蔽蛰伏型攻击,符合实验要求。
考虑到两个数据集的样本数据量悬殊巨大,本文在实验时对CSE-CIC-IDS2018 on AWS数据集采用分层抽样方法,即按定预设比例(70%)从不同样本类别中随机抽取样本构成数据子集代表原数据集进行训练和评估。其数据集划分情况如表6所示。
模型在CSE-CIC-IDS2018 on AWS数据集不同攻击类型上的检测性能如图6所示。面向非对称攻击场景网络流的时空检测技术模型共对数据集样本进行了6分类。图6展示了模型在不同攻击类别上的检测准确率,其中,DDoS攻击的检测准确率最高,达到了99.9%,而DoS攻击的准确率最低,为88.1%。总体而言,模型在所有攻击类别上的检测准确率均超过了88.1%,表现稳健。尽管模型在DoS攻击的识别上还有提升空间,但实验结果表明,模型具有一定的健壮性和适应性,能够有效区分和识别各类网络攻击,可以用于识别资源消耗型攻击以及隐蔽蛰伏型攻击。
本文提出一种面向非对称攻击场景网络流的时空检测技术架构,通过融合CNN、LSTM和AM,构建基于自适应权重调整的小样本检测分支(SubModule),进一步提高模型对小样本的关注能力。实验结果表明,该模型在CIC-IDS-2017数据集和CSE-CIC-IDS2018 on AWS数据集上能够有效聚焦攻击源的时空特征,不仅能高效检测以消耗服务资源、毁瘫关键基础设施为目的的拒绝服务型攻击,对以隐蔽为主的蛰伏攻击也有较好的检测能力。需要指出的是,本文模型未对显存占用、模型开销等进行系统评估,在实际部署中或将制约模型性能。
YANGL, SHAMIA. IDS-ML: an open source code for Intrusion Detection System development using Machine Learning[J]. Software Impacts, 2022,14:No.100446.
[9]
ROESCHM. Snort:lightweight intrusion detection for networks[C]∥Proceedings of the 13th Systems Administration Conference. Berkeley, USA: USENIX, 1999,99(1):229-238.
[10]
WAGHMODEP, KANUMURIM, EL-OCLAH, et al. Intrusion detection system based on machine learning using least square support vector machine[J]. Scientific Reports, 2025,15:No.12066.
[11]
IMANBAYEVA, TYNYMBAYEVS, ODARCHENKOR, et al. Research of machine learning algorithms for the development of intrusion detection systems in 5G mobile networks and beyond[J]. Sensors, 2022,22(24):No.9957.
[12]
LONGZ Y, YANH R, SHENG Q, et al. A Transformer-based network intrusion detection approach for cloud security[J]. Journal of Cloud Computing, 2024,13(1):No.5.
[13]
AHMIMA, MAAZOUZIF, AHMIMM, et al. Distributed denial of service attack detection for the Internet of Things using hybrid deep learning model[J]. IEEE Access, 2023,11:119862-119875.
[14]
ALIM L, THAKURK, SCHMEELKS, et al. Deep learning vs. machine learning for intrusion detection in computer networks: a comparative study[J]. Applied Sciences, 2025,15(4):No.1903.
[15]
SAJIDM, MALIKK R, ALMOGRENA, et al. Enhancing intrusion detection: a hybrid machine and deep learning approach[J]. Journal of Cloud Computing, 2024,13(1):No.123.
VAN HOUDTG, MOSQUERAC, NÁPOLESG. A review on the long short-term memory model[J]. Artificial Intelligence Review, 2020,53(8):5929-5955.
[25]
GUOM H, XUT X, LIUJ J, et al. Attention mechanisms in computer vision: a survey[J]. Computational Visual Media, 2022,8(3):331-368.
[26]
XIEX, WANGB, WANT C, et al. Multivariate abnormal detection for industrial control systems using 1D CNN and GRU[J]. IEEE Access, 2020,8:88348-88359.
[27]
WANGS Y, XUW X, LIUY W. Res-TranBiLSTM: an intelligent approach for intrusion detection in the Internet of Things[J]. Computer Networks, 2023,235:No.109982.
[28]
THAKKARA, KIKANIN, GEDDAMR. Fusion of linear and non-linear dimensionality reduction techniques for feature reduction in LSTM-based Intrusion Detection System[J]. Applied Soft Computing, 2024,154:No.111378