基于集成学习与异常检测的对抗流量检测方法

doi:10.19678/j.issn.1000-3428.0069846

计算机工程 ›› 2026, Vol. 52 ›› Issue (2): 275-286. doi: 10.19678/j.issn.1000-3428.0069846

基于集成学习与异常检测的对抗流量检测方法

董方和, 石琼*(), 师智斌

中北大学计算机科学与技术学院，山西太原 030051

收稿日期:2024-05-14 修回日期:2024-07-31 出版日期:2026-02-15 发布日期:2024-10-31
通讯作者: 石琼
作者简介:
董方和(CCF学生会员)，男，硕士研究生，主研方向为网络入侵检测
石琼(通信作者)，讲师、博士
师智斌，副教授、博士
基金资助:
山西省应用基础研究计划项目(自由探索类面上项目)(20210302123075)

Adversarial Traffic Detection Method Based on Ensemble Learning and Anomaly Detection

DONG Fanghe, SHI Qiong*(), SHI Zhibin

School of Computer Science and Technology, North University of China, Taiyuan 030051, Shanxi, China

Received:2024-05-14 Revised:2024-07-31 Online:2026-02-15 Published:2024-10-31
Contact: SHI Qiong

摘要/Abstract

摘要：

近年来，深度学习技术在恶意流量检测方面的应用越来越广泛。然而，对抗样本攻击给基于深度学习的恶意流量检测带来了巨大挑战。针对这一问题，提出一种基于集成学习与异常检测的对抗流量检测方法，用于发现针对恶意流量检测系统的对抗样本攻击。首先，为每一类恶意流量类别训练一个二分类集成学习器。对于集成学习器的每一个基模型，采用不同数据子集和特征子集训练，扩大基模型之间的差异性，以增加对抗样本跨越所有模型决策边界的难度。其次，将不同二分类集成学习器中基模型预测输入样本为正常样本的比例作为集成学习模型的信心得分，并将不同二分类集成学习器的信心得分输入孤立森林模型，通过孤立森林模型进行异常检测获得异常得分。最后，将获得的异常得分与在正常样本上获得的异常得分的阈值进行比较，判断样本是否为对抗样本。实验结果表明，该方法在NSL-KDD和CICIDS2017数据集的特征空间和受限空间上分别取得了最高0.986 9、0.989 6、0.999 1、0.999 8的受试者工作特征曲线下面积(AUC)值，优于对比方法。

关键词: 对抗样本, 网络入侵检测, 对抗检测, 集成学习, 异常检测

Abstract:

In recent years, deep learning technology has been increasingly used for malicious traffic detection. However, adversarial example attacks pose challenges to deep learning-based malicious traffic detection. To address this problem, this study proposes an adversarial traffic detection method based on ensemble learning and anomaly detection to detect adversarial example attacks against malicious traffic detection. First, a binary ensemble learner is trained for each malicious traffic category. For each base model, different data and feature subsets are used during training to increase the differences between the base models and increase the difficulty for adversarial examples crossing the decision boundaries of all models. Second, the proportion of base models that predict the input sample as normal traffic is used as the confidence score of the learning model; the confidence scores from different binary ensemble learners are then input into the isolated forest model, and anomaly detection is conducted using the isolated forest model to obtain the anomaly score. Finally, a comparison of the obtained anomaly score with the threshold of the anomaly score obtained for a normal example determines whether the example is adversarial. The experimental results show that the proposed method achieves the highest Area Under the Receiver Operating Characteristic Curve (AUC) values of 0.986 9 and 0.989 6 in the feature and restricted spaces, respectively, of the NSL-KDD dataset, and those of 0.999 1 and 0.999 8 in those spaces, respectively, of the CICIDS2017 dataset, which are better than those obtained using the comparative method.

Key words: adversarial example, network intrusion detection, adversarial detection, ensemble learning, anomaly detection

董方和, 石琼, 师智斌. 基于集成学习与异常检测的对抗流量检测方法[J]. 计算机工程, 2026, 52(2): 275-286.

DONG Fanghe, SHI Qiong, SHI Zhibin. Adversarial Traffic Detection Method Based on Ensemble Learning and Anomaly Detection[J]. Computer Engineering, 2026, 52(2): 275-286.

https://www.ecice06.com/CN/Y2026/V52/I2/275

图/表 12

图1 基于深度学习的网络IDS

Fig.1 Deep learning-based network IDS

图2 集成学习防御

Fig.2 Ensemble learning defense

图3 集成学习模块

Fig.3 Ensemble learning module

图4 孤立森林模型

Fig.4 Isolation forest model

图5 NSL-KDD受限空间CW攻击防御结果

Fig.5 NSL-KDD defense results of CW attack in restricted space

图6 CICIDS2017受限空间CW攻击防御结果

Fig.6 CICIDS2017 defense results of CW attack in restricted space

参考文献 27

1	蹇诗婕, 刘岳, 姜波, 等. 基于聚类过采样和自动编码器的网络入侵检测方法. 信息安全学报, 2023, 8(6): 121- 134.
	JIAN S J , LIU Y , JIANG B , et al. Network intrusion detection using cluster oversampling and auto-encoder. Journal of Cyber Security, 2023, 8(6): 121- 134.
2	陈虹, 王瀚文, 金海波. 融合改进自编码器和残差网络的入侵检测模型. 计算机工程, 2024, 50(2): 188- 195. doi: 10.19678/j.issn.1000-3428.0066984
	CHEN H , WANG H W , JIN H B . Intrusion detection model combining improved self-encoder and residual network. Computer Engineering, 2024, 50(2): 188- 195. doi: 10.19678/j.issn.1000-3428.0066984
3	郝劭辰, 卫孜钻, 马垚, 等. 基于高效联邦学习算法的网络入侵检测模型. 计算机应用, 2023, 43(4): 1169- 1175.
	HAO S C , WEI Z Z , MA Y , et al. Network intrusion detection model based on efficient federated learning algorithm. Journal of Computer Applications, 2023, 43(4): 1169- 1175.
4	YANG L , MOUBAYED A , SHAMI A . MTH-IDS: a multitiered hybrid intrusion detection system for Internet of Vehicles. IEEE Internet of Things Journal, 2022, 9(1): 616- 632.
5	SABA T , REHMAN A , SADAD T , et al. Anomaly-based intrusion detection system for IoT networks through deep learning model. Computers and Electrical Engineering, 2022, 99, 107810.
6	SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[EB/OL]. [2024-04-13]. https://arxiv.org/abs/1312.6199v4.
7	GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples[EB/OL]. [2024-04-13]. https://arxiv.org/abs/1412.6572v3.
8	WANG Z . Deep learning based intrusion detection with adversaries. IEEE Access, 2018, 6, 38367- 38384.
9	LIN Z L, SHI Y, XUE Z. IDSGAN: generative adversarial networks for attack generation against intrusion detection[C]//Proceedings of Pacific-Asia Conference on Knowledge Discovery and Data Mining. Berlin, Germany: Springer International Publishing, 2022: 79-91.
10	SHARON Y , BEREND D , LIU Y , et al. TANTRA: timing-based adversarial network traffic reshaping attack. IEEE Transactions on Information Forensics and Security, 2022, 17, 3225- 3237.
11	HE K , KIM D D , ASGHAR M R . Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Communications Surveys & Tutorials, 2023, 25(1): 538- 566.
12	PAWLICKI M , CHORAŚ M , KOZIK R . Defending network intrusion detection systems against adversarial evasion attacks. Future Generation Computer Systems, 2020, 110, 148- 154.
13	YUAN X W , HAN S , HUANG W , et al. A simple framework to enhance the adversarial robustness of deep learning-based intrusion detection system. Computers & Security, 2024, 137, 103644.
14	WANG N, CHEN Y M, HU Y, et al. MANDA: on adversarial example detection for network intrusion detection system[C]//Proceedings of the IEEE Conference on Computer Communications. Washington D.C., USA: IEEE Press, 2021: 1-10.
15	ZHANG R Q , LUO S L , PAN L M , et al. Generating adversarial examples via enhancing latent spatial features of benign traffic and preserving malicious functions. Neurocomputing, 2022, 490, 413- 430.
16	HASHEMI M J, CUSACK G, KELLER E. Towards evaluation of NIDSs in adversarial setting[C]//Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks. New York, USA: ACM Press, 2019: 14-21.
17	HAN D Q , WANG Z L , ZHONG Y , et al. Evaluating and improving adversarial robustness of machine learning-based network intrusion detectors. IEEE Journal on Selected Areas in Communications, 2021, 39(8): 2632- 2647.
18	YANG F , CHEN Z Y , GANGOPADHYAY A . Using randomness to improve robustness of tree-based models against evasion attacks. IEEE Transactions on Knowledge and Data Engineering, 2022, 34(2): 969- 982.
19	DING Y , ZHU G Q , CHEN D J , et al. Adversarial sample attack and defense method for encrypted traffic data. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(10): 18024- 18039.
20	ATHALYE A, CARLINI N, WAGNER D. Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples[C]//Proceedings of International Conference on Machine Learning. New York, USA: ACM Press, 2018: 274-283.
21	APRUZZESE G , ANDREOLINI M , COLAJANNI M , et al. Hardening random forest cyber detectors against adversarial attacks. IEEE Transactions on Emerging Topics in Computational Intelligence, 2020, 4(4): 427- 439.
22	KURAKIN A, GOODFELLOW I J, BENGIO S. Adversarial examples in the physical world[EB/OL]. [2024-04-13]. https://arxiv.org/pdf/1607.02533.
23	CARLINI N, WAGNER D. Towards evaluating the robustness of neural networks[C]// Proceedings of the IEEE Symposium on Security and Privacy (SP). Washington D.C., USA: IEEE Press, 2017: 39-57.
24	FAWZI A, MOOSAVI-DEZFOOLI S M, FROSSARD P, et al. Empirical study of the topology and geometry of deep networks[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. Washington D.C., USA: IEEE Press, 2018: 3762-3770.
25	LIU F T , TING K M , ZHOU Z H . Isolation-based anomaly detection. ACM Transactions on Knowledge Discovery from Data, 2012, 6(1): 1- 39.
26	TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications. Washington D.C., USA: IEEE Press, 2009: 1-6.
27	SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy. Funchal, Portugal: Science and Technology Publications, 2018: 108-116.

[1]	秦颖鑫, 张可佳, 潘海为, 巨亚昊. 计算机视觉对抗攻击研究综述[J]. 计算机工程, 2026, 52(2): 46-68.
[2]	王熠, 李智, 张丽, 石雪丽, 刘登波, 卢妤. 基于遥感图像场景分类的频域量化对抗攻击[J]. 计算机工程, 2026, 52(1): 266-281.
[3]	谢久超, 苌道方. 基于AGSCOA-Stacking特征加权的船用钢板焊接余量预测[J]. 计算机工程, 2026, 52(1): 414-426.
[4]	耿荣, 孙钦东, 曹晗, 王艳. 空频域联合优化的通用对抗扰动生成方法[J]. 计算机工程, 2026, 52(1): 176-187.
[5]	王春东, 赵智航, 杨伟杰, 方顺尧. 基于字词重现的中文文本对抗样本生成方法[J]. 计算机工程, 2026, 52(1): 303-313.
[6]	徐式芃, 王雷, 盛捷. 基于知识图谱的异常个体提前识别模型研究[J]. 计算机工程, 2025, 51(9): 59-70.
[7]	吴杰辉, 柳毅. 面向多元时间序列的联合优化异常检测模型[J]. 计算机工程, 2025, 51(9): 166-176.
[8]	夏倪明, 张洁. 基于自适应集束搜索算法的中文对抗样本生成[J]. 计算机工程, 2025, 51(8): 131-140.
[9]	王光明, 李冬青, 蒋从锋. 不平衡数据集下的数据中心网络流量异常检测[J]. 计算机工程, 2025, 51(8): 227-237.
[10]	周莎, 车生兵, 考友琛, 张旭, 郭甚驿. 基于特征选择和时空特征的网络入侵检测[J]. 计算机工程, 2025, 51(7): 223-231.
[11]	侯彦, 车蕾, 李慧. 面向中文的多层次扰动定位文本对抗样本生成方法[J]. 计算机工程, 2025, 51(7): 232-243.
[12]	张安勤, 丁志锋. 融合动态图嵌入和Transformer自编码器的网络异常检测[J]. 计算机工程, 2025, 51(4): 47-56.
[13]	张肇鑫, 黄世泽, 张兵杰, 沈拓. 面向交通场景的运动模糊伪装对抗样本生成方法[J]. 计算机工程, 2025, 51(3): 45-53.
[14]	赵宏, 宋馥荣, 李文改. 基于SE-AdvGAN的图像对抗样本生成方法研究[J]. 计算机工程, 2025, 51(2): 300-311.
[15]	牛渲文, 杜晔, 杨明松, 李昂, 黎妹红. 基于层次联邦与动态权重的卫星网络异常检测方法[J]. 计算机工程, 2025, 51(12): 210-220.

选择文件类型/文献管理软件名称

选择包含的内容

基于集成学习与异常检测的对抗流量检测方法

Adversarial Traffic Detection Method Based on Ensemble Learning and Anomaly Detection

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 27

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于集成学习与异常检测的对抗流量检测方法

Adversarial Traffic Detection Method Based on Ensemble Learning and Anomaly Detection

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 27

相关文章 15

编辑推荐

Metrics

本文评价