信息安全研究2026,Vol.12Issue(3):265-273,9.DOI:10.12379/j.issn.2096-1057.2026.03.08
面向分布外流量数据的2阶段式网络入侵检测方法研究
Research on Two-stage Network Intrusion Detection Method for Out-of-distribution Traffic Data
摘要
Abstract
Existing network intrusion detection systems are typically trained under a closed-set setting,and are prone to misclassification in practical applications for new attacks that do not appear in the training data.In order to improve the accuracy of unknown attack detection and known attack classification,a two-stage intrusion detection method based on the combination of convolutional neural network and bidirectional long and short-term memory network is proposed on the basis of existing network intrusion detection systems—two-stage confidence intrusion detection(TSCID)method.In the first stage,the out-of-distribution data detector categorizes input data into in-distribution and out-of-distribution samples by evaluating their confidence scores;in the second stage,the m+1 classifier performs open intrusion detection on the in-distribution data as well as part of the out-of-distribution data obtained in the first stage,which can realize the fine classification of the known attacks and the further identification of the unknown attacks.The method is experimentally evaluated on the KDDCUP'99 dataset and the CICIDS2017 dataset.The experimental results show that the AUROC and AUPR of the model on the data have increased and the false positive rate has decreased when compared with other methods for open intrusion detection.The study shows that the two-stage network intrusion detection method that introduces an out-of-distribution data detector ensures the fine classification of known attacks and effectively improves the identification capability of the intrusion detection system for unknown threats,providing a new idea for building a comprehensive network security defense system.关键词
网络入侵检测/分布外数据检测/卷积神经网络/双向长短时记忆网络/深度学习Key words
network intrusion detection/out-of-distribution detection/convolutional neural network/bidirectional long short-term memory/deep learning分类
信息技术与安全科学引用本文复制引用
陈颖,王沁,秦晓宏..面向分布外流量数据的2阶段式网络入侵检测方法研究[J].信息安全研究,2026,12(3):265-273,9.基金项目
中央高校基本科研业务费资金项目(3282024054) (3282024054)
