新增未知攻击场景下的工业互联网恶意流量识别方法OA北大核心CSTPCD

Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Inter-net,a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to en-hance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic.Firstly,the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior.Secondly,the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors.Finally,the statistical indepen-dence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies,combined with adaptive sample weighting and collaborative loss optimization methods.The experimental re-sults on two benchmark datasets show that compared with the baseline method,the recognition performance of the pro-posed method is increased by more than 2.7%in the new unknown attack scenario,which shows its high efficiency and practicability in the industrial Internet environment.