面向不平衡數(shù)據(jù)的二階段網(wǎng)絡(luò)入侵檢測新方法

打開文本圖片集

中圖分類號： TP393 （204號 文獻(xiàn)標(biāo)志碼：A DOI：10.12305/j.issn.1001-506X.2025.06.34

Abstract：Although many current networks traffic intrusion detection models have relatively high detection rates，there are still problems such as low detection rates and poor generalization for imbalanced abnormal network traffic.Therefore，two-stage network intrusion detection method for imbalance data is proposed.In the first stage，a random forest ensemble model is trained to perform initial normal and abnormal binary clasification on network traffic toaleviate the impact of imbalance of normaland abnormal trafficon model training.In thesecond stage，an initial abnormal traficdata is used to trainanone-dimensional convolutional neural network-bi-directional long short-term memory model to study the key features of abnormal traffic，and thefocallossfunction is introduced during model training.This mechanism enables the model to simultaneously focus ondifficult clasification samples and minority samples inabnormal trafic，further aleviating the impact of dataimbalanceof abnormal traficon detection accuracy.Inorder to verify the effectiveness of the proposed method，experiments are conducted on the UNSW2015 and CIC-IDS20l7 dataset.The experimental results show that the proposed method can beter extract data features and aleviate data imbalance to a certain extent. Compared with other similar methods proposed in recent years，the proposed model has better overal performance，and the weighted F1 score increased by 0.9% and the macro F1 score increased by 2.7% ：

Keywords：intrusion detection；imbalance samples；neural network；focal loss

0 引言

近年來，隨著信息技術(shù)的迅猛發(fā)展，網(wǎng)絡(luò)攻擊手段日益復(fù)雜多變，各種類型的攻擊事件層出不窮，給網(wǎng)絡(luò)安全帶來了嚴(yán)峻挑戰(zhàn)。（剩余18782字）