摘要
随着网络环境与攻击手段的变化,大部分网络攻击检测的方法应用在真实场景中会随着时间的推移逐渐丧失高性能,导致检测结果不稳定.因此本文针对变化的真实网络攻击设计了一种基于极值理论的持续学习异常检测系统E-TCEVT.该系统的构建通过引入一种结合词级和子词级的混合语言模型,用于从Web日志中有效提取特征.在检测阶段,采用基于极值理论和集成学习的思路,通过集成多个基于不同时间点训练的模型防止模型微调时的灾难性遗忘,实现模型对新旧样本的适应性和性能维持.在开源数据集和真实数据集上的实验表明,与单模型微调更新相比,本文提出的方法具有更高的F1分数;与传统的非更新的方法相比,本文方法在召回率和F1分数上都表现更好.
The performance of most Web attack detection systems degrades in real-world scenarios over time due to changes in the network environment and the evolution of attack techniques,resulting in unstable detection results.Therefore,this study designs an E-TCEVT anomaly detection system based on extreme value theory for dynamic realworld network attacks.This system incorporates a hybrid language model that combines word-level and subword-level elements for effective feature extraction from Web logs.In the detection phase,an approach based on extreme value theory and ensemble learning is employed.By integrating multiple models trained at different time points the proposed method prevents catastrophic forgetting during model fine-tuning,thereby maintaining adaptability and performance across both new and old samples.Experiments on open-source and real-world datasets demonstrate that the proposed method achieves higher F1 scores compared to single-model fine-tuning updates;moreover,compared to traditional nonupdating methods,the proposed method shows better performance in both recall and F1 scores.
作者
酆薇
李畅
田征
陈凯
李菁菁
赵静
FENG Wei;LI Chang;TIAN Zheng;CHEN Kai;LI Jing-Jing;ZHAO Jing(National Meteorological Information Center,Beijing 100081,China;Computer Network Information Center,Chinese Academy of Sciences,Beijing 100094,China)
出处
《计算机系统应用》
2025年第7期96-106,共11页
Computer Systems & Applications
关键词
入侵检测
向量化特征
持续学习
网络安全
intrusion detection
vectorized feature
continual learning
network security
