Wasserstein距离引导特征标记器变压器域自适应网络入侵检测

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-06-21 DOI:10.1016/j.cose.2025.104562

Hongpo Zhang, Zhaozhe Zhang, Haizhaoyang Huang, Hehe Yang

{"title":"Wasserstein距离引导特征标记器变压器域自适应网络入侵检测","authors":"Hongpo Zhang, Zhaozhe Zhang, Haizhaoyang Huang, Hehe Yang","doi":"10.1016/j.cose.2025.104562","DOIUrl":null,"url":null,"abstract":"<div><div>When deploying a machine learning-based network intrusion detection system in an environment with significantly different feature distribution from the training dataset, its performance is substantially degraded. This paper presents a domain adaptation approach (WDFT-DA) that utilizes Wasserstein Distance and Feature Tokenizer Transformer to address this issue. The proposed method employs Wasserstein distance to measure the dissimilarity between the source and target domains and mitigates it through adversarial training for achieving domain-invariant feature learning. Simultaneously, a feature token converter acts as a feature extractor to obtain domain-invariant representations of network traffic data with rich information content. This facilitates mapping of both source and target domain data into a shared domain-invariant space, promoting feature alignment and representation consistency. As a result, it enhances generalization capability and performance across the target domain. Experimental validation is conducted on diverse intrusion detection datasets, demonstrating that the proposed model outperforms existing domain adaptation methods by effectively training highly accurate intrusion detection classification models without relying on labeled data within the target domain.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104562"},"PeriodicalIF":5.4000,"publicationDate":"2025-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Wasserstein distance guided feature Tokenizer transformer domain adaptation for network intrusion detection\",\"authors\":\"Hongpo Zhang, Zhaozhe Zhang, Haizhaoyang Huang, Hehe Yang\",\"doi\":\"10.1016/j.cose.2025.104562\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>When deploying a machine learning-based network intrusion detection system in an environment with significantly different feature distribution from the training dataset, its performance is substantially degraded. This paper presents a domain adaptation approach (WDFT-DA) that utilizes Wasserstein Distance and Feature Tokenizer Transformer to address this issue. The proposed method employs Wasserstein distance to measure the dissimilarity between the source and target domains and mitigates it through adversarial training for achieving domain-invariant feature learning. Simultaneously, a feature token converter acts as a feature extractor to obtain domain-invariant representations of network traffic data with rich information content. This facilitates mapping of both source and target domain data into a shared domain-invariant space, promoting feature alignment and representation consistency. As a result, it enhances generalization capability and performance across the target domain. Experimental validation is conducted on diverse intrusion detection datasets, demonstrating that the proposed model outperforms existing domain adaptation methods by effectively training highly accurate intrusion detection classification models without relying on labeled data within the target domain.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"157 \",\"pages\":\"Article 104562\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825002512\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002512","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

当将基于机器学习的网络入侵检测系统部署在与训练数据集特征分布明显不同的环境中时，其性能会大大降低。本文提出了一种领域自适应方法（WDFT-DA），该方法利用Wasserstein距离和特征标记器转换器来解决这个问题。该方法采用Wasserstein距离来度量源域和目标域之间的不相似性，并通过对抗性训练来缓解这种不相似性，从而实现域不变特征学习。同时，利用特征令牌转换器作为特征提取器，获得具有丰富信息内容的网络流量数据的域不变表示。这有助于将源和目标领域数据映射到共享的领域不变空间，从而促进特征对齐和表示一致性。因此，它增强了跨目标域的泛化能力和性能。在不同的入侵检测数据集上进行了实验验证，结果表明，该模型可以有效地训练出高精度的入侵检测分类模型，而不依赖于目标域中的标记数据，优于现有的领域自适应方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Wasserstein distance guided feature Tokenizer transformer domain adaptation for network intrusion detection

When deploying a machine learning-based network intrusion detection system in an environment with significantly different feature distribution from the training dataset, its performance is substantially degraded. This paper presents a domain adaptation approach (WDFT-DA) that utilizes Wasserstein Distance and Feature Tokenizer Transformer to address this issue. The proposed method employs Wasserstein distance to measure the dissimilarity between the source and target domains and mitigates it through adversarial training for achieving domain-invariant feature learning. Simultaneously, a feature token converter acts as a feature extractor to obtain domain-invariant representations of network traffic data with rich information content. This facilitates mapping of both source and target domain data into a shared domain-invariant space, promoting feature alignment and representation consistency. As a result, it enhances generalization capability and performance across the target domain. Experimental validation is conducted on diverse intrusion detection datasets, demonstrating that the proposed model outperforms existing domain adaptation methods by effectively training highly accurate intrusion detection classification models without relying on labeled data within the target domain.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.