Intrusion Detection Based on Multi-Scale Graph Diffusion Contrastive Learning

doi:10.19678/j.issn.1000-3428.0252938

Abstract

Abstract: With the increasing frequency and stealth of network attacks, traditional defense mechanisms struggle to timely identify unknown threats. Network intrusion detection, as a core component of cybersecurity, enables early anomaly identification and alerting, playing a crucial role in building intelligent and proactive defense systems. Existing intrusion detection methods still face limitations in modeling higher-order topological dependencies, coordinating global and local information, and maintaining robustness under adversarial perturbations, making it challenging to balance detection accuracy and generalization capability. To address these issues, this paper proposes a Multi-Scale Graph Diffusion Contrastive Learning-based Network Intrusion Detection model (MGDCL-IDS). The model establishes a task-oriented multi-scale graph representation learning framework and designs feature enhancement and information coordination mechanisms tailored to the characteristics of attack patterns. By leveraging topology-aware feature optimization and hierarchical contrastive learning, MGDCL-IDS achieves unified structural and semantic representations with high robustness. On a private real-world network intrusion dataset, the model achieves an accuracy of 98.57%, F1-score of 98.68%, precision of 98.41%, and area under the ROC curve (AUC) of 98.75%. On the NF_CSE_CIC_IDS2018 dataset, it outperforms recent methods by improving accuracy by 2.21%, F1-score by 2.08%, precision by 1.79%, and AUC by 0.74%. Experimental results demonstrate that MGDCL-IDS effectively enhances higher-order dependency modeling and structural robustness, achieving superior detection accuracy and false positive control, providing a viable solution for building efficient and reliable intrusion detection systems.

摘要： 随着网络攻击的频发与隐蔽性增强，传统防御机制难以及时识别未知威胁，网络入侵检测作为安全防护体系的核心环节，可在攻击早期实现异常识别与预警，对构建智能化主动防御体系具有重要意义。现有网络入侵检测方法在高阶拓扑依赖建模、全局与局部信息协同以及对抗扰动下的鲁棒性方面仍存在不足，难以同时兼顾检测准确性与泛化能力。针对这些问题，本文提出了一种基于多尺度图扩散对比学习的网络入侵检测模型（MGDCL-IDS）。模型构建了一个面向网络入侵检测任务的多尺度图表示学习框架，针对攻击模式的特质，设计了具有任务导向特征增强与信息协同机制的模型结构。通过拓扑感知的特征优化与多层级对比建模，模型在结构与语义两方面实现了统一表征与高鲁棒检测性能。模型在私有的真实网络入侵检测数据集上准确率达到98.57%，F1分数达到98.68%，精确度达到98.41%，曲线下面积（AUC）达到98.75%；在NF_CSE_CIC_IDS2018数据集上较近期方法准确率提升2.21%，F1分数提升2.08%，精确率提升1.79%，AUC提升0.74%。实验表明，该方法在高阶依赖建模和结构鲁棒性方面均取得有效改进，在检测准确率与误报控制上表现出显著优势，为构建高效、可靠的入侵检测系统提供了可行思路。

Zhang Anqin, Li Zijian , Xue Mei. Intrusion Detection Based on Multi-Scale Graph Diffusion Contrastive Learning[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0252938.

张安勤, 李梓健, 薛梅. 基于多尺度图扩散对比学习的入侵检测[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0252938.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0252938

References

[1] Yang, Y., Liu, X., Wang, D., et al. A CE-GAN based approach to address data imbalance in network intrusion detection systems[J]. Scientific Reports, 2025, 15: 7916.
[2] Park, C., Lee, J., Kim, Y., et al. An Enhanced AI-Based Network Intrusion Detection System Using Generative Adversarial Networks[J]. IEEE Internet of Things Journal, 2023, 10(3): 2330-2345.
[3] Awad, Z., Zakaria, M., Hassan, R. An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems[J]. Scientific Reports, 2025, 15: 14177.
[4] Xi, C., Wang, H., Wang, X. A novel multi-scale network intrusion detection model with transformer[J]. Scientific Reports, 2024, 14: 23239.
[5] 王振东，徐振宇，李大海，等。面向入侵检测的元图神经网络构建与分析 [J]. 自动化学报，2023, 49 (7): 1530-1548. Wang, Z. D., Xu, Z. Y., Li, D. H., & et al. (2023). Metagraph Neural Network Construction and Analysis for Intrusion Detection. Acta Automatica Sinica, 49(7), 1530-1548.
[6] Farzaneh, B., Shahriar, N., Al Muktadir, A.H., Towhid, M.S. DTL-IDS: Deep Transfer Learning-Based Intrusion Detection System in 5G Networks[C]//2023 19th International Conference on Network and Service Management (CNSM). 2023: 1-5.
[7] Zhou, J., Xu, Z., Rush, A.M., Yu, M. Automating Botnet Detection with Graph Neural Networks[EB/OL]. (2020-03-13)[2025-06-20]. https://arxiv.org/abs/2003.06344.
[8] 郭嘉琰，李荣华，张岩，等。基于图神经网络的动态网络异常检测算法 [J]. 软件学报，2020, 31 (3): 748-762. Guo, J. Y., Li, R. H., Zhang, Y., & et al. (2020). Graph Neural Network-Based Anomaly Detection Algorithm for Dynamic Networks. Journal of Software, 31(3), 748-762.
[9] Zhang, Y., Yang, C., Huang, K., Li, Y. Intrusion Detection of Industrial Internet-of-Things Based on Reconstructed Graph Neural Networks[J]. IEEE Transactions on Network Science and Engineering, 2023, 10(5): 2894-2905.
[10] 张子宜，宗学军，何战，等。基于 CVAE-CatBoost 的工业控制网络异常流量检测研究 [J]. 计算机工程，2023, 49 (5): 173-180.Zhang, Z. Y., Zong, X. J., He, Z., & et al. (2023). Research on Abnormal Traffic Detection in Industrial Control Network Based on CVAE-CatBoost. Computer Engineering, 49(5), 173-180.
[11] Mondragon, J.C., Branco, P., Jourdan, G.V., et al. Advanced IDS: a comparative study of datasets and machine learning algorithms for network flow-based intrusion detection systems[J]. Appl Intell, 2025, 55: 608.
[12] da Silva Ruffo, V.G., Lent, D.M.B., Komarchesqui, M.,et al. Anomaly and intrusion detection using deep learning for software-defined networks: A survey[J]. Expert Systems with Applications, 2024, 256: 124982.
[13] 郑海潇，马梦帅，文斌，等。基于GATv2的网络入侵异常检测方法 [J]. 数据与计算发展前沿，2024, 6 (1): 179-190. Zheng, H. X., Ma, M. S., Wen, B., & et al. (2024). Network Intrusion Anomaly Detection Based on GATv2. Frontiers of Data and Computing, 6(1), 179-190.
[14] Louk, M.H.L., Tama, B.A. Dual-IDS: A bagging-based gradient boosting decision tree model for network anomaly intrusion detection system[J]. Expert Systems with Applications, 2023, 213: 119030.
[15] Turukmane, A.V., Devendiran, R. M-MultiSVM: An efficient feature selection assisted network intrusion detection system using machine learning[J]. Computers & Security, 2024, 137: 103587.
[16] Huang, H., Li, T., Li, B., Wang, W., Sun, Y. A Bidirectional Differential Evolution-Based Unknown Cyberattack Detection System[J]. IEEE Transactions on Evolutionary Computation, 2025, 29(2): 459-473.
[17] Ho,J.,Jain, A., Abbeel, P. Denoising Diffusion Probabilistic Models[C]//Advances in Neural Information Processing Systems. Red Hook, NY: Curran Associates, Inc., 2020: 6840–6851.
[18] Wang, Y., Bai, W., Zhang, C., Zhang, D., Luo, W., Sun, H. Uni-Instruct: One-step Diffusion Model through Unified Diffusion Divergence Instruction[EB/OL]. (2025)[2025-06-20]. https://arxiv.org/abs/2505.20755.
[19] Liu, J., Wang, Q., Fan, H. , et al，L. Residual Denoising Diffusion Models[EB/OL]. (2024)[2025-06-20]. https://arxiv.org/abs/2308.13712.
[20] Tang B, Lu Y, Li Q, Bai Y Y, Yu J, Yu X. A Diffusion Model Based on Network Intrusion Detection Method for Industrial Cyber-Physical Systems [J]. Sensors, 2023, 23(3): 1141.
[21] Yang Y, Tang X Y, Liu Z W, Cheng J R, Fang H Z, Zhang C Y. Diff-IDS: A Network Intrusion Detection Model Based on Diffusion Model for Imbalanced Data Samples [J]. Computers, Materials & Continua, 2025, 82(3): 4389-4408.
[22] Zhu, Y., Xu, Y., Yu, F. , et al. Graph Contrastive Learning with Adaptive Augmentation[C]//Proceedings of the Web Conference 2021. New York, NY: ACM, 2021: 2069–2080. doi: 10.1145/3442381.3449802.
[23] Chen, B., Zhang, J., Zhang, X., et al. Graph Contrastive Learning for Anomaly Detection[EB/OL]. (2022)[2025-06-20]. https://arxiv.org/abs/2108.07516.
[24] Liu, Z., Cao, C., Tao, F., et al. Revisiting Graph Contrastive Learning for Anomaly Detection[C]//Proceedings of the European Conference on Artificial Intelligence. 2023.
[25] 郭盈盈, 张冬梅, 李成龙. 基于深度聚类与对比学习的网络入侵检测[J]. 软件导刊, 2025, 24(03): 119-126. DOI: 10.11907/rjdk.241257. GUO Yingying, ZHANG Dongmei, LI Chenglong. Network Intrusion Detection Based on Deep Clustering and Contrastive Learning[J]. Software Guide, 2025, 24(03): 119-126. DOI: 10.11907/rjdk.241257.
[26] Duraz R, Espes D, Francq J, Vaton S. SECL: A Zero-Day Attack Detector and Classifier Based on Contrastive Learning and Strong Regularization[C]// Proceedings of the 19th International Conference on Availability, Reliability and Security. New York, NY, USA: Association for Computing Machinery, 2024:22(1-12). DOI: 10.1145/3664476.3664505.
[27] Luo J, Zhang Y, Wu Y, Xu Y, Guo X, Shang B. A Multi-Channel Contrastive Learning Network Based Intrusion Detection Method[J]. Electronics, 2023, 12(4): 949. DOI: 10.3390/electronics12040949.
[28] Jiang, Z. Multi-Scale Contrastive Learning Networks for Graph Anomaly Detection[C]//2024 4th Asia-Pacific Conference on Communications Technology and Computer Science (ACCTCS). 2024: 618-625.
[29] Li, J., Jin, Y., Gao, H., et al. Hierarchical Topology Isomorphism Expertise Embedded Graph Contrastive Learning[C]//Proceedings of the AAAI Conference on Artificial Intelligence, 2024, 38(12): 13518-13527.

Please choose a citation manager

Content to export