A Network Intrusion Detection Method Based on Dynamic Selective Feature Enhancement

doi:10.19678/j.issn.1000-3428.0260075

Abstract

Abstract: With cyberattacks becoming increasingly sophisticated and covert, improving the representation and recognition of complex traffic patterns has become an important issue in intrusion detection. Although existing methods have improved detection performance, directly modeling complex network traffic still suffers from insufficient feature representation. To enhance local correlations and structural information among features, many studies transform one-dimensional traffic features into two-dimensional image-like representations for deep feature learning. However, limited by feature dimensionality and encoding schemes, such traffic images are usually small and structurally constrained, making fixed enhancement strategies insufficient for capturing differences among attack patterns. Meanwhile, class imbalance further restricts the recognition of minority attack classes. To address these issues, this paper proposes a network intrusion detection method based on dynamic selective feature enhancement. At the representation level, a multi-scale feature enhancement module adaptively fuses features with different receptive fields to alleviate the representation limitations of small traffic images. At the decision level, a dynamic adaptive module combined with minority-class attention selectively strengthens key responses to improve minority-class recognition. Experimental results show that the proposed method achieves 96.49% accuracy, 95.11% precision, 96.32% recall, and 95.50% F1-score on NSL-KDD. It also maintains good detection performance on UNSW-NB15 and shows stable performance in a simulated streaming environment built on TON-IoT-Network.

摘要： 随着网络攻击手段日益复杂和隐蔽，提升入侵检测模型对复杂流量模式的表征与识别能力已成为重要研究问题。现有入侵检测方法虽在一定程度上提升了检测性能，但面对复杂网络流量数据，直接建模仍存在特征表达不足的问题。为强化特征间的局部关联与结构信息，现有研究常将一维流量特征映射为二维类图像表示，以便利用深度模型进行学习。然而，受特征维度及编码方式限制，流量图像通常存在尺寸较小、结构表达受限等问题，固定增强方式难以适应不同攻击模式的表征差异；同时，攻击类别分布不均衡也进一步制约了模型对少数类攻击的识别能力。针对上述问题，本文提出一种基于动态选择性特征增强的网络流量入侵检测方法。该方法以动态选择机制为主线，在表征层通过多尺度特征增强模块按输入内容自适应融合不同感受野特征，以缓解小尺寸流量图像的表征受限问题；在判别层通过动态自适应模块结合少数类注意力，对关键响应进行差异化强化，以提升模型对少数类攻击的识别能力。实验结果表明，该方法在NSL-KDD数据集上取得了96.49%的准确率、95.11%的精确率、96.32%的召回率和95.50%的F1分数；在UNSW-NB15数据集上的实验结果验证了所提方法的良好泛化能力；在TON-IoT-Network数据集构建的模拟流式环境中，模型在连续输入条件下表现出较稳定的检测效果，说明其在在线入侵检测场景中具有一定的适应能力。

Chen Hong, Wang Jinwei, Jin Haibo, Wu Cong, Yang Zi. A Network Intrusion Detection Method Based on Dynamic Selective Feature Enhancement[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0260075.

陈虹, 王金炜, 金海波, 武聪, 杨梓. 基于动态选择性特征增强的网络流量入侵检测方法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0260075.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0260075

References

[1]. 李海龙,崔治安,沈燮阳.网络流量特征的异常分析与检测方法综述[J].信息网络安全,2025,25(02):194-214.(Hailong Li, Zhian Cui, Xieyang Shen. A Survey on Anomaly Analysis and Detection Methods of Network Traffic Features [J]. Information Network Security, 2025, 25(02): 194–214.)
[2]. DISHA H A, VUTTARAD R. A novel intrusion detection system using Gini impurity weighted random forest feature selection technique [J]. Cybersecurity, 2022, 5(1): 1–14. DOI: 10.1186/s42400-021-00103-8.
[3]. KOSTAS K, JUST M, LONES M A. Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection[J]. IEEE Letters of the Computer Society, 2024. DOI: 10.1109/LNET.2025.3525901.
[4]. LIU Y, ZHANG H, WANG Z. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey [J]. Applied Sciences, 2024, 15(4): 1903. DOI: 10.3390/app15041903.
[5]. Shyaa M A , Ibrahim N F , Zainol Z ,et al.Evolving cybersecurity frontiers: A comprehensive survey on concept drift and feature dynamics aware machine and deep learning in intrusion detection systems[J].Engineering Applications of Artificial Intelligence, 2024, 137(PartA).DOI:10.1016/j.engappai.2024.109143.
[6]. Mohammadpour L, Ling T C, Liew C S, Aryanfar A. A survey of CNN-based network intrusion detection[J]. Applied Sciences, 2022, 12(16): 8162. DOI: 10.3390/app12168162.
[7]. BAMBER S S, Katkuri A V R, Sharma S, A hybrid CNN-LSTM approach for intelligent cyber intrusion detection system[J]. Computers & Security, 2025, 148: 104146.
[8]. ZULFIQAR Z , MALIK S U R , Moqurrab S A ,etal.DeepDetect: An innovative hybrid deep learning framework for anomaly detection in IoT networks[J].Journal of computational science, 2024(Dec.):83.
[9]. YIN Y, JANG-JACCARD J, XU W, et al. IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset[J]. Journal of Big Data, 2023, 10(1): 15. https://doi.org/10.1186/s40537-023-00694-8.
[10]. ZHANG T, CHEN W, LIU Y, et al. An intrusion detection method based on stacked sparse autoencoder and improved Gaussian mixture model[J]. Computers & Security, 2023, 128: 103144. DOI: 10.1016/j.cose.2023.103144.
[11]. Choi D S, Kim S, Im E G. Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach[J]. Applied Sciences, 2025, 15(12): 6546. DOI: 10.3390/app15126546.
[12]. KIM T, PAK W. Deep learning-based network intrusion detection using multiple image transformers[J]. Applied Sciences, 2023, 13(5): 2754. DOI: 10.3390/app13052754.
[13]. 魏忠达.基于深度强化学习的网络流量异常检测研究[D].北京化工大学,2021.DOI:10.26939/d.cnki.gbhgu.2021.000662.(Zhongda Wei. Research on Network Traffic Anomaly Detection Based on Deep Reinforcement Learning [D]. Beijing University of Chemical Technology, 2021. DOI: 10.26939/d.cnki.gbhgu.2021.000662.)
[14]. JOSHI P, GURUSAMY M. Time Series Based Network Intrusion Detection using MTF-Aided Transformer[C]//2025 5th Intelligent Cybersecurity Conference (ICSC). 2025. DOI:10.1109/ICSC65596.2025.11140304.
[15]. He K , Zhang W , Zong X ,et al.Network Intrusion Detection Based on Feature Image and Deformable Vision Transformer Classification[J].IEEE Access, 2024:12.DOI:10.1109/ACCESS.2024.3376434.
[16]. Szegedy C, Liu W, Jia Y, et al. Going Deeper with Convolutions[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015.
[17]. Li X, Wang W, Hu X, et al. Selective Kernel Networks[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2019: 510-519.
[18]. FU YANFANG, DU YISHUAI, CAO ZIJIAN, LI QIANG, XIANG WEI.A Deep Learning Model for Network Intrusion Detection with Imbalanced Data[J]. Electronics, 2022, 11(6): 898.DOI:10.3390/electronics11060898.
[19]. 张万琪,宋振峰.融合过采样与Bi-GRU的残差卷积流量异常检测方法[J].现代电子技术,2025,48(21):77-82.DOI:10.16652/j.issn.1004-373x.2025.21.014.(Zhang W Q, Song Z F. Residual Convolutional Traffic Anomaly Detection Method Integrating Oversampling and Bi-GRU[J]. Modern Electronics Technique, 2025, 48(21): 77-82. DOI: 10.16652/j.issn.1004-373x.2025.21.014.)
[20]. AL-AJLAN M, YKHLEF M. A Review of Generative Adversarial Networks for Intrusion Detection Systems: Advances, Challenges, and Future Directions[J]. Computers, Materials & Continua, 2024, 81(2): 2053-2076. DOI:10.32604/cmc.2024.055891.
[21]. YANG Y, LIU X, WANG D, et al. A CE-GAN based approach to address data imbalance in network intrusion detection systems[J]. Scientific Reports, 2025, 15(1): 7916. DOI:10.1038/s41598-025-90815-5.
[22]. Al-Qarni E A, Al-Asmari G A. Addressing Imbalanced Data in Network Intrusion Detection: A Review and Survey[J]. International Journal of Advanced Computer Science and Applications, 2024, 15(2). DOI: 10.14569/IJACSA.2024.0150215.
[23]. CAI Z Y, DAI Y M, ZHANG J W, et al. SA-ResNet: An Intrusion Detection Method Based on Spatial Attention Mechanism and Residual Neural Network Fusion[J]. Computers, Materials & Continua, 2025, 83(2): 3335–3350. DOI: 10.32604/cmc.2025.061206.
[24]. Alrayes F S, Zakariah M, Amin S U, et al. CNN Channel Attention Intrusion Detection System Using NSL-KDD Dataset[J]. Computers, Materials & Continua, 2024, 79(3): 4319-4347. DOI: 10.32604/cmc.2024.050586.
[25]. LIU D, ZHENG X, WANG P, et al. Deep Learning-Based Intrusion Detection: A CNN-LSTM-Transformer Approach for Enhanced Network Security[C]//Proceedings of the 10th International Conference on Cyber Security and Information Engineering. New York: Association for Computing Machinery, 2025: 318-325. DOI:10.1145/3759179.3760451.
[26]. BASUMATARY N, JANA A, MATAM R. An Approach to Classify Intrusion in IoT System Using Neural Architecture Search[C]//2025 IEEE Guwahati Subsection Conference (GCON). 2025. DOI:10.1109/GCON65540.2025.11173344.
[27]. Liu Y, Liu M, Jiang S, et al. Searching Efficient Semantic Segmentation Architectures via Dynamic Path Selection[C/OL]//NeurIPS 2025. NeurIPS 2025 poster.
[28]. Veit A, Belongie S J. Convolutional Networks with Adaptive Inference Graphs[J]. International Journal of Computer Vision, 2020, 128(3): 730-741.
[29]. Chen L, Gu L, Li L, et al. Frequency Dynamic Convolution for Dense Image Prediction[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2025: 30178-30188.
[30]. Quan Z, Sun J. A Feature-Enhanced Small Object Detection Algorithm Based on Attention Mechanism[J]. Sensors, 2025, 25(2): 589.
[31]. Yan X, et al. DMF-YOLO: Dynamic Multi-Scale Feature Fusion Network[J]. Remote Sensing, 2025, 17(14): 2385.
[32]. TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA). Ottawa, Canada: IEEE, 2009.
[33]. Moustafa N, Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems[C]//MilCIS 2015. IEEE, 2015.
[34]. Moustafa D. A new generation of IoT traffic datasets for anomalous intrusion detection based on unsupervised feature selection[J]. IEEE Access, 2020, 8: 165130–165150.
[35]. LV H, DING Y. A hybrid intrusion detection system with K-means and CNN+LSTM[J]. EAI Endorsed Transactions on Scalable Information Systems, 2024, 11(6). DOI:10.4108/eetsis.5667.
[36]. 王泽辉,郝秦霞.基于SAE-MSCNN的网络入侵检测[J].计算机工程与设计,2025,46(10):2858-2865.DOI:10.16208/j.issn1000-7024.2025.10.016.(Wang Z H, Hao Q X. Network Intrusion Detection Based on SAE-MSCNN[J]. Computer Engineering and Design, 2025, 46(10): 2858-2865. DOI: 10.16208/j.issn1000-7024.2025.10.016.)
[37]. SALLOUM S, NOROZPOUR S. XAI-IDS: A Transparent and Interpretable Framework for Robust Cybersecurity Using Explainable Artificial Intelligence[J]. SHIFRA, 2025: 69-80. DOI:10.70470/SHIFRA/2025/004.
[38]. HE K, ZHANG X, REN S, et al. Deep Residual Learning for Image Recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2016: 770–778.
[39]. SANDLER M, HOWARD A, ZHU M, et al. MobileNetV2: Inverted Residuals and Linear Bottlenecks[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2018: 4510–4520.
[40]. CHEN H, WANG Y, GUO J, et al. VanillaNet: the Power of Minimalism in Deep Learning[C]//Advances in Neural Information Processing Systems. 2023: 7050-7064.
[41]. WANG A, CHEN H, LIN Z, et al. RepViT: Revisiting Mobile CNN From ViT Perspective[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2024: 15909-15920.
[42]. CUI J Y, ZONG L S, XIE J H, et al. A novel multi-module integrated intrusion detection system for high-dimensional imbalanced data[J]. Applied Intelligence, 2023, 53(1): 272-288.
[43]. ABBAS Q, HINA S, SAJJAD H, et al. Optimization of predictive performance of intrusion detection system using hybrid ensemble model for secure systems. PeerJ Comput Sci, 2023, 9: 1552
[44]. 叶青,张延年,吴昊.基于深度学习和SVM-RFE的网络入侵检测模型[J].电信科学,2025,41(07):108-119.(Ye Q, Zhang Y N, Wu H. Network Intrusion Detection Model Based on Deep Learning and SVM-RFE[J]. Telecommunications Science, 2025, 41(7): 108-119.)

Please choose a citation manager

Content to export