面向不平衡数据的二阶段网络入侵检测新方法

打开文本图片集

中图分类号： TP393 （204号 文献标志码：A DOI：10.12305/j.issn.1001-506X.2025.06.34

Abstract：Although many current networks traffic intrusion detection models have relatively high detection rates，there are still problems such as low detection rates and poor generalization for imbalanced abnormal network traffic.Therefore，two-stage network intrusion detection method for imbalance data is proposed.In the first stage，a random forest ensemble model is trained to perform initial normal and abnormal binary clasification on network traffic toaleviate the impact of imbalance of normaland abnormal trafficon model training.In thesecond stage，an initial abnormal traficdata is used to trainanone-dimensional convolutional neural network-bi-directional long short-term memory model to study the key features of abnormal traffic，and thefocallossfunction is introduced during model training.This mechanism enables the model to simultaneously focus ondifficult clasification samples and minority samples inabnormal trafic，further aleviating the impact of dataimbalanceof abnormal traficon detection accuracy.Inorder to verify the effectiveness of the proposed method，experiments are conducted on the UNSW2015 and CIC-IDS20l7 dataset.The experimental results show that the proposed method can beter extract data features and aleviate data imbalance to a certain extent. Compared with other similar methods proposed in recent years，the proposed model has better overal performance，and the weighted F1 score increased by 0.9% and the macro F1 score increased by 2.7% ：

Keywords：intrusion detection；imbalance samples；neural network；focal loss

0 引言

近年来，随着信息技术的迅猛发展，网络攻击手段日益复杂多变，各种类型的攻击事件层出不穷，给网络安全带来了严峻挑战。（剩余18782字）