信息安全研究2026,Vol.12Issue(3):237-245,9.DOI:10.12379/j.issn.2096-1057.2026.03.05
融合图注意力网络的异常加密流量检测方法
Anomaly Encrypted Traffic Detection Method Based on Graph Attention Network
摘要
Abstract
In response to the limitations of poor feature extraction,insufficient consideration of topological features,class imbalance,and lack of interpretability in existing anomaly encrypted traffic detection methods,this paper proposes an encrypted traffic detection model E-GA-RNet that integrates a graph attention network(GAT)with edge feature embedding and residual networks.First,traffic data is preprocessed,and the network's five-tuple information is used to construct graph nodes,with the remaining flow features treated as edge features,transforming encrypted traffic data into graph data.To adapt to the GAT algorithm,a new network traffic graph is constructed where new nodes correspond to edges in the original graph,and shared vertices in the original graph correspond to edges between two nodes,transforming the traffic detection problem into a node classification problem.Next,the attention coefficient for each node is calculated through the GAT algorithm to aggregate and update features.Finally,residual connections of the original nodes are added to the algorithm to improve the performance for minority classes.Experimental results on the CIC-DarkNet dataset demonstrate that the method effectively addresses the class imbalance issue in anomaly detection of encrypted traffic,with significant improvements in detection metrics for both binary and multi-class scenarios.关键词
网络安全/加密流量检测/图神经网络/图注意力网络/残差网络Key words
cybersecurity/encrypted traffic detection/graph neural network/graph attention network(GAT)/residual network分类
信息技术与安全科学引用本文复制引用
赵一琳,贾慰心,陈伟..融合图注意力网络的异常加密流量检测方法[J].信息安全研究,2026,12(3):237-245,9.基金项目
江苏省重点研发计划项目(BE2022065-5) (BE2022065-5)
江苏省网络与信息安全重点实验室项目(BM2003201) (BM2003201)
