摘要
针对现有的异常加密流量检测方法存在特征提取效果不好、拓扑特征不明显、类不平衡、缺乏可解释性等问题,提出一种融合图注意力网络、边特征嵌入的残差网络加密流量检测模型E-GA-RNet.首先,对流量进行预处理,基于网络五元组信息组合图的节点,将剩余的流特征作为边特征,使加密流量数据转化为图数据.为了适应图注意力网络算法,构建新的网络流量图,新节点对应于原图的边,原图中共享顶点对应2个节点之间的边,流量检测问题转化为节点分类问题.其次,通过图注意力网络算法,计算出每个节点的注意力系数,聚合和更新特征.最后,在算法中添加原始节点的残差连接,提高少数分类的性能.在数据集CIC-DarkNet上的实验结果表明,该方法可以有效处理异常加密流量检测中类不平衡问题,在2分类和多分类场景下各项检测指标均有明显提升.
In response to the limitations of poor feature extraction,insufficient consideration of topological features,class imbalance,and lack of interpretability in existing anomaly encrypted traffic detection methods,this paper proposes an encrypted traffic detection model E-GA-RNet that integrates a graph attention network(GAT)with edge feature embedding and residual networks.First,traffic data is preprocessed,and the network's five-tuple information is used to construct graph nodes,with the remaining flow features treated as edge features,transforming encrypted traffic data into graph data.To adapt to the GAT algorithm,a new network traffic graph is constructed where new nodes correspond to edges in the original graph,and shared vertices in the original graph correspond to edges between two nodes,transforming the traffic detection problem into a node classification problem.Next,the attention coefficient for each node is calculated through the GAT algorithm to aggregate and update features.Finally,residual connections of the original nodes are added to the algorithm to improve the performance for minority classes.Experimental results on the CIC-DarkNet dataset demonstrate that the method effectively addresses the class imbalance issue in anomaly detection of encrypted traffic,with significant improvements in detection metrics for both binary and multi-class scenarios.
作者
赵一琳
贾慰心
陈伟
Zhao Yilin;Jia Weixin;Chen Wei(School of Com puter Science,Nanjing University of Posts and Telecommunications,Nanjing 210023)
出处
《信息安全研究》
北大核心
2026年第3期237-245,共9页
Journal of Information Security Research
基金
江苏省重点研发计划项目(BE2022065-5)
江苏省网络与信息安全重点实验室项目(BM2003201)。
关键词
网络安全
加密流量检测
图神经网络
图注意力网络
残差网络
cybersecurity
encrypted traffic detection
graph neural network
graph attention network(GAT)
residual network
