基于联邦学习和时空特征融合的网络入侵检测方法

doi:10.3785/j.issn.1008-973X.2025.06.011

浙江大学学报(工学版)

2025, Vol. 59

Issue (6): 1201-1210 DOI: 10.3785/j.issn.1008-973X.2025.06.011

计算机技术

基于联邦学习和时空特征融合的网络入侵检测方法

王立红1(

),刘新倩1,2,*(

),李静1,冯志全2,3

1. 山东理工大学计算机科学与技术学院，山东淄博 255000
2. 山东省网络环境智能计算技术重点实验室，山东济南 250000
3. 济南大学人工智能研究院，山东济南 250000

Network intrusion detection method based on federated learning and spatiotemporal feature fusion

Lihong WANG1(

),Xinqian LIU1,2,*(

),Jing LI1,Zhiquan FENG2,3

1. School of Computer Science and Technology, Shandong University of Technology, Zibo 255000, China
2. Shandong Provincial Key Laboratory of Network Based Intelligent Computing, Jinan 250000, China
3. Artificial Intelligence Institute, University of Jinan, Jinan 250000, China

全文: PDF(1580 KB) HTML

摘要：

针对数据特征提取不全面、传统集中式入侵检测方法存在数据壁垒与隐私泄露的问题，提出基于联邦学习和时空特征融合的入侵检测方法.该方法旨在通过卷积神经网络和长短期记忆网络提取时间和空间特征，将提取的特征“并联”得到融合特征，通过多头注意力机制识别网络流量数据中的重要特征，通过双向门控循环单元进行训练，随后通过Softmax函数进行分类. 在模型训练过程中，为了防止隐私泄露，结合联邦学习的固有特性，允许数据留在本地用于训练神经网络模型.实验结果表明，该模型在数据集CIC-IDS2018、NSL-KDD和UNSW-NB15上的准确率分别达到99.00%、97.64%和75.28%.

关键词： 入侵检测; 深度学习; 联邦学习; 卷积神经网络(CNN); 长短期记忆网络(LSTM)

Abstract:

To address the limitations of incomplete feature extraction and the issues of data silos and privacy leakage in traditional centralized intrusion detection systems, an intrusion detection method based on federated learning and spatio-temporal feature fusion was proposed. Convolutional neural networks and long short-term memory networks were used to extract temporal and spatial features respectively. These extracted features were then concatenated in parallel to generate fused features. A multi-head attention mechanism was employed to identify critical characteristics within the network traffic data, followed by training through bidirectional gated recurrent units and final classification via Softmax function. During the model training process, in order to prevent privacy leakage, the inherent characteristics of federated learning were leveraged to enable data to remain local for neural network model training. Experimental results demonstrated that the proposed model achieved accuracy rates of 99.00%, 97.64%, and 75.28% on the CIC-IDS2018, NSL-KDD, and UNSW-NB15 datasets, respectively.

Key words: intrusion detection deep learning federated learning convolutional neural network (CNN) long short-term memory network (LSTM)

收稿日期: 2024-04-11 出版日期: 2025-05-30

CLC:

TP 399

基金资助: 山东省网络环境智能计算技术重点实验室开放基金资助项目.

通讯作者: 刘新倩 E-mail: 1872897112@qq.com;lxq@sdut.edu.cn

作者简介: 王立红（ 1994—），女，硕士生，从事网络服务和信息安全研究. orcid.org/0009-0007-2712-669X. E-mail：1872897112@qq.com

	服务
	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	作者相关文章
	王立红
	刘新倩
	李静
	冯志全

引用本文:

王立红,刘新倩,李静,冯志全. 基于联邦学习和时空特征融合的网络入侵检测方法[J]. 浙江大学学报(工学版), 2025, 59(6): 1201-1210.

Lihong WANG,Xinqian LIU,Jing LI,Zhiquan FENG. Network intrusion detection method based on federated learning and spatiotemporal feature fusion. Journal of ZheJiang University (Engineering Science), 2025, 59(6): 1201-1210.

链接本文:

https://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2025.06.011 或 https://www.zjujournals.com/eng/CN/Y2025/V59/I6/1201

图 1 入侵检测框架

图 2 FL-CNN-LSTM方法概述

图 3 CNN结构模型图

图 4 FL结构模型图

图 5 CNN-LSTM串联结构模型图

表 1 不同连接方式的准确率和F1分数

表 2 有无注意力机制的准确率和F1分数

表 3 联邦和集中式学习的准确率和F1分数

图 6 CIC-IDS2018数据集检测效果对比图

图 7 NSL-KDD数据集检测效果对比图

图 8 UNSW-NB15数据集检测效果对比图

1	AMARAL A A, DE SOUZA MENDES L, ZARPELÃO B B, et al Deep IP flow inspection to detect beyond network anomalies[J]. Computer Communications, 2017, 98: 80- 96 doi: 10.1016/j.comcom.2016.12.007
2	HINDY H, ATKINSON R, TACHTATZIS C, et al Utilising deep learning techniques for effective zero-day attack detection[J]. Electronics, 2020, 9 (10): 1684 doi: 10.3390/electronics9101684
3	SAID R B, ASKERZADE I. Attention-based CNN-BiLSTM deep learning approach for network intrusion detection system in software defined networks [C]// 5th International Conference on Problems of Cybernetics and Informatics. Baku: IEEE, 2023: 1–5.
4	KHAN M A HCRNNIDS: hybrid convolutional recurrent neural network-based network intrusion detection system[J]. Processes, 2021, 9 (5): 834 doi: 10.3390/pr9050834
5	WISANWANICHTHAN T, THAMMAWICHAI M A double-layered hybrid approach for network intrusion detection system using combined naive Bayes and SVM[J]. IEEE Access, 2021, 9: 138432- 138450 doi: 10.1109/ACCESS.2021.3118573
6	SAADAT H, ABOUMADI A, MOHAMED A, et al. Hierarchical federated learning for collaborative IDS in IoT applications [C]// 10th Mediterranean Conference on Embedded Computing. Budva: IEEE, 2021: 1–6.
7	ZHAO R, WANG Y, XUE Z, et al Semisupervised federated-learning-based intrusion detection method for Internet of Things[J]. IEEE Internet of Things Journal, 2023, 10 (10): 8645- 8657 doi: 10.1109/JIOT.2022.3175918
8	OKEY O D, MELGAREJO D C, SAADI M, et al Transfer learning approach to IDS on cloud IoT devices using optimized CNN[J]. IEEE Access, 2023, 11: 1023- 1038 doi: 10.1109/ACCESS.2022.3233775
9	SONG J, WANG X, HE M, et al CSK-CNN: network intrusion detection model based on two-layer convolution neural network for handling imbalanced dataset[J]. Information, 2023, 14 (2): 130 doi: 10.3390/info14020130
10	AZIZJON M, JUMABEK A, KIM W. 1D CNN based network intrusion detection with normalization on imbalanced data [C]// International Conference on Artificial Intelligence in Information and Communication. Fukuoka: IEEE, 2020: 218–224.
11	缪祥华, 单小撤基于密集连接卷积神经网络的入侵检测技术研究[J]. 电子与信息学报, 2020, 42 (11): 2706- 2712 MIAO Xianghua, SHAN Xiaoche Research on intrusion detection technology based on densely connected convolutional neural networks[J]. Journal of Electronics and Information Technology, 2020, 42 (11): 2706- 2712 doi: 10.11999/JEIT190655
12	ALKADI O, MOUSTAFA N, TURNBULL B, et al A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks[J]. IEEE Internet of Things Journal, 2021, 8 (12): 9463- 9472 doi: 10.1109/JIOT.2020.2996590
13	SIVAMOHAN S, SRIDHAR S S, KRISHNAVENI S. An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory [C]// International Conference on Intelligent Technologies. Hubli: IEEE, 2021: 1–5.
14	TANG T A, MHAMDI L, MCLERNON D, et al. Deep recurrent neural network for intrusion detection in SDN-based networks [C]// 4th IEEE Conference on Network Softwarization and Workshops. Montreal: IEEE, 2018: 202–206.
15	THILAGAM T, ARUNA R Intrusion detection for network based cloud computing by custom RC-NN and optimization[J]. ICT Express, 2021, 7 (4): 512- 520 doi: 10.1016/j.icte.2021.04.006
16	WANG W, SHENG Y, WANG J, et al HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2017, 6: 1792- 1806
17	HALBOUNI A, GUNAWAN T S, HABAEBI M H, et al CNN-LSTM: hybrid deep neural network for network intrusion detection system[J]. IEEE Access, 2022, 10: 99837- 99849 doi: 10.1109/ACCESS.2022.3206425
18	MYNHOFF P A, MOCANU E, GIBESCU M. Statistical learning versus deep learning: performance comparison for building energy prediction methods [C]// IEEE/PES Innovative Smart Grid Technologies Conference Europe. Piscataway: IEEE, 2018: 1–6.
19	SHISRUT R, AISHWARYA S, VINAYAKUMAR R, et al Intrusion detection systems using classical machine learning techniques vs integrated unsupervised feature learning and deep neural network[J]. Internet Technology Letters, 2020, 5 (1): e232
20	MOTHUKURI V, KHARE P, PARIZI R M, et al Federated-learning-based anomaly detection for IoT security attacks[J]. IEEE Internet of Things Journal, 2022, 9 (4): 2545- 2554 doi: 10.1109/JIOT.2021.3077803
21	ZHAO Y, CHEN J, WU D, et al. Multi-task network anomaly detection using federated learning [C]// 10th International Symposium on Information and Communication Technology. NewYork: ACM, 2019: 273–279.
22	FRIHA O, FERRAG M A, SHU L, et al FELIDS: federated learning-based intrusion detection system for agricultural Internet of Things[J]. Journal of Parallel and Distributed Computing, 2022, 165: 17- 31 doi: 10.1016/j.jpdc.2022.03.003
23	ANASTASAKIS Z, PSYCHOGYIOS K, VELIVASSAKI T, et al. Enhancing cyber security in IoT systems using FL-based IDS with differential privacy [C]// Global Information Infrastructure and Networking Symposium. Argostoli: IEEE, 2022: 30–34.
24	ALI AL-ATHBA AL-MARRI N, CIFTLER B S, ABDALLAH M M. Federated mimic learning for privacy preserving intrusion detection [C]// IEEE International Black Sea Conference on Communications and Networking. Odessa: IEEE, 2020: 1–6.
25	SHARAFALDIN I, LASHKARI A H, GHORBANI A Toward generating a new intrusion detection dataset and intrusion traffic characterization[J]. ICISSp, 2018, 1: 108- 116
26	CHAE H, JO B, CHOI S H, et al Feature selection for intrusion detection using NSL-KDD[J]. Recent Advances in Computer Science, 2013, 20132: 184- 187

[1]	蔡永青,韩成,权巍,陈兀迪. 基于注意力机制的视觉诱导晕动症评估模型[J]. 浙江大学学报(工学版), 2025, 59(6): 1110-1118.
[2]	陈赞,李冉,冯远静,李永强. 基于时间维超分辨率的视频快照压缩成像重构[J]. 浙江大学学报(工学版), 2025, 59(5): 956-963.
[3]	马莉,王永顺,胡瑶,范磊. 预训练长短时空交错Transformer在交通流预测中的应用[J]. 浙江大学学报(工学版), 2025, 59(4): 669-678.
[4]	陈巧红,郭孟浩,方贤,孙麒. 基于跨模态级联扩散模型的图像描述方法[J]. 浙江大学学报(工学版), 2025, 59(4): 787-794.
[5]	顾正宇,赖菲菲,耿辰,王希明,戴亚康. 基于知识引导的缺血性脑卒中梗死区分割方法[J]. 浙江大学学报(工学版), 2025, 59(4): 814-820.
[6]	姚明辉,王悦燕,吴启亮,牛燕,王聪. 基于小样本人体运动行为识别的孪生网络算法[J]. 浙江大学学报(工学版), 2025, 59(3): 504-511.
[7]	梁礼明,龙鹏威,金家新,李仁杰,曾璐. 基于改进YOLOv8s的钢材表面缺陷检测算法[J]. 浙江大学学报(工学版), 2025, 59(3): 512-522.
[8]	杨凯博,钟铭恩,谭佳威,邓智颖,周梦丽,肖子佶. 基于半监督学习的多场景火灾小规模稀薄烟雾检测[J]. 浙江大学学报(工学版), 2025, 59(3): 546-556.
[9]	陈智超,杨杰,李凡,冯志成. 基于深度学习的列车运行环境感知关键算法研究综述[J]. 浙江大学学报(工学版), 2025, 59(1): 1-17.
[10]	刘登峰,陈世海,郭文静,柴志雷. 基于轻量残差网络的高效半色调算法[J]. 浙江大学学报(工学版), 2025, 59(1): 62-69.
[11]	赵顗,安醇,李铭浩,马健霄,怀硕. 城市快速路互通交织区车辆的换道持续距离选择[J]. 浙江大学学报(工学版), 2025, 59(1): 205-212.
[12]	李凡,杨杰,冯志成,陈智超,付云骁. 基于图像识别的弓网接触点检测方法[J]. 浙江大学学报(工学版), 2024, 58(9): 1801-1810.
[13]	肖力,曹志刚,卢浩冉,黄志坚,蔡袁强. 基于深度学习和梯度优化的弹性超材料设计[J]. 浙江大学学报(工学版), 2024, 58(9): 1892-1901.
[14]	吴书晗,王丹,陈远方,贾子钰,张越棋,许萌. 融合注意力的滤波器组双视图图卷积运动想象脑电分类[J]. 浙江大学学报(工学版), 2024, 58(7): 1326-1335.
[15]	李林睿,王东升,范红杰. 基于法条知识的事理型类案检索方法[J]. 浙江大学学报(工学版), 2024, 58(7): 1357-1365.

Viewed

Full text

Abstract

Cited

Shared

Discussed