MTRC：一个基于多个transformer的自监督网络入侵检测框架，支持对比学习的数据重建

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-08-25 DOI:10.1016/j.jnca.2025.104300

Yufeng Wang , Hao Xu , Jianhua Ma , Qun jin

{"title":"MTRC：一个基于多个transformer的自监督网络入侵检测框架，支持对比学习的数据重建","authors":"Yufeng Wang , Hao Xu , Jianhua Ma , Qun jin","doi":"10.1016/j.jnca.2025.104300","DOIUrl":null,"url":null,"abstract":"<div><div>Nowadays, Network Intrusion Detection System (NIDS) is essential for identifying and mitigating network threats in increasingly complex and dynamic network environments. Due to the benefits of automatic feature extraction and powerful expressive capability, Deep Neural Networks (DNN) based NIDS has witnessed great deployment. Considering the extremely high annotation cost, i.e., the extreme difficulty of labeling anomalous samples in supervised DNN based NIDS schemes, practically, many NIDS schemes are unsupervised. which either use generative-based approaches, such as encoder-decoder structure to identify deviated samples without the labeled intrusion data, or employ discriminative-based methods by designing pretext tasks to construct additional supervisory signals from the given data. However, the former only generates a single reconstruction version for each input sample, lacking a holistic view of the latent distribution of input sample, while the latter focuses on learning the global perspective of samples, often neglecting internal structures. To address these issues, this paper proposes a novel self-supervised NIDS framework based on multiple Transformers enabled data reconstruction with contrastive learning, MTRC, through combining generative-based and discriminative-based paradigms. In detail, our paper's contributions are threefold. First, a cross-feature correlation module is proposed to convert each tabular network traffic record into an original data view that effectively captures the cross-feature correlations. Second, inspired by the idea of the multiple-view reconstruction and contrastive learning, multiple Encoder-Decoder structured Transformers are used to generate different views for each original data view, which intentionally make each reconstructed view semantically similar to the original data view, and while these reconstructed views diversified between each other, aiming to holistically capture the latent features of normal data samples. Experimental results on multiple real network traffic datasets demonstrate that MTRC outperforms state-of-the-art unsupervised and self-supervised NIDS schemes, achieving superior performance in terms of AUC-ROC, AUC-PR, and F1-score metrics. The MTRC source code is publicly available at: <span><span>https://github.com/sunyifen/MTRC</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104300"},"PeriodicalIF":8.0000,"publicationDate":"2025-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MTRC: A self-supervised network intrusion detection framework based on multiple Transformers enabled data reconstruction with contrastive learning\",\"authors\":\"Yufeng Wang , Hao Xu , Jianhua Ma , Qun jin\",\"doi\":\"10.1016/j.jnca.2025.104300\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Nowadays, Network Intrusion Detection System (NIDS) is essential for identifying and mitigating network threats in increasingly complex and dynamic network environments. Due to the benefits of automatic feature extraction and powerful expressive capability, Deep Neural Networks (DNN) based NIDS has witnessed great deployment. Considering the extremely high annotation cost, i.e., the extreme difficulty of labeling anomalous samples in supervised DNN based NIDS schemes, practically, many NIDS schemes are unsupervised. which either use generative-based approaches, such as encoder-decoder structure to identify deviated samples without the labeled intrusion data, or employ discriminative-based methods by designing pretext tasks to construct additional supervisory signals from the given data. However, the former only generates a single reconstruction version for each input sample, lacking a holistic view of the latent distribution of input sample, while the latter focuses on learning the global perspective of samples, often neglecting internal structures. To address these issues, this paper proposes a novel self-supervised NIDS framework based on multiple Transformers enabled data reconstruction with contrastive learning, MTRC, through combining generative-based and discriminative-based paradigms. In detail, our paper's contributions are threefold. First, a cross-feature correlation module is proposed to convert each tabular network traffic record into an original data view that effectively captures the cross-feature correlations. Second, inspired by the idea of the multiple-view reconstruction and contrastive learning, multiple Encoder-Decoder structured Transformers are used to generate different views for each original data view, which intentionally make each reconstructed view semantically similar to the original data view, and while these reconstructed views diversified between each other, aiming to holistically capture the latent features of normal data samples. Experimental results on multiple real network traffic datasets demonstrate that MTRC outperforms state-of-the-art unsupervised and self-supervised NIDS schemes, achieving superior performance in terms of AUC-ROC, AUC-PR, and F1-score metrics. The MTRC source code is publicly available at: <span><span>https://github.com/sunyifen/MTRC</span><svg><path></path></svg></span>.</div></div>\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"243 \",\"pages\":\"Article 104300\"},\"PeriodicalIF\":8.0000,\"publicationDate\":\"2025-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1084804525001973\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525001973","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

在日益复杂和动态的网络环境中，网络入侵检测系统（NIDS）是识别和缓解网络威胁的重要手段。基于深度神经网络（Deep Neural Networks， DNN）的网络入侵检测由于具有自动特征提取和强大的表达能力，得到了广泛的应用。考虑到极高的标注成本，即基于监督DNN的NIDS方案异常样本标注极其困难，实际上，许多NIDS方案都是无监督的。它们要么使用基于生成的方法，如编码器-解码器结构来识别没有标记入侵数据的偏离样本，要么采用基于判别的方法，通过设计借口任务来从给定数据构建额外的监督信号。然而，前者只对每个输入样本生成一个单一的重建版本，缺乏对输入样本潜在分布的整体视图，而后者侧重于学习样本的全局视图，往往忽略了内部结构。为了解决这些问题，本文通过结合基于生成和基于判别的范式，提出了一种新的自监督NIDS框架，该框架基于具有对比学习的多个transformer支持的数据重建，即MTRC。具体来说，我们论文的贡献有三个方面。首先，提出了一个跨特征关联模块，将每个表格网络流量记录转换为原始数据视图，有效捕获跨特征相关性。其次，受多视图重构和对比学习思想的启发，使用多个Encoder-Decoder结构化的transformer对每个原始数据视图生成不同的视图，有意使每个重构视图在语义上与原始数据视图相似，同时这些重构视图之间相互多样化，旨在整体捕捉正常数据样本的潜在特征。在多个真实网络流量数据集上的实验结果表明，MTRC优于最先进的无监督和自监督NIDS方案，在AUC-ROC、AUC-PR和f1得分指标方面取得了卓越的性能。MTRC的源代码可在：https://github.com/sunyifen/MTRC公开获取。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MTRC: A self-supervised network intrusion detection framework based on multiple Transformers enabled data reconstruction with contrastive learning

Nowadays, Network Intrusion Detection System (NIDS) is essential for identifying and mitigating network threats in increasingly complex and dynamic network environments. Due to the benefits of automatic feature extraction and powerful expressive capability, Deep Neural Networks (DNN) based NIDS has witnessed great deployment. Considering the extremely high annotation cost, i.e., the extreme difficulty of labeling anomalous samples in supervised DNN based NIDS schemes, practically, many NIDS schemes are unsupervised. which either use generative-based approaches, such as encoder-decoder structure to identify deviated samples without the labeled intrusion data, or employ discriminative-based methods by designing pretext tasks to construct additional supervisory signals from the given data. However, the former only generates a single reconstruction version for each input sample, lacking a holistic view of the latent distribution of input sample, while the latter focuses on learning the global perspective of samples, often neglecting internal structures. To address these issues, this paper proposes a novel self-supervised NIDS framework based on multiple Transformers enabled data reconstruction with contrastive learning, MTRC, through combining generative-based and discriminative-based paradigms. In detail, our paper's contributions are threefold. First, a cross-feature correlation module is proposed to convert each tabular network traffic record into an original data view that effectively captures the cross-feature correlations. Second, inspired by the idea of the multiple-view reconstruction and contrastive learning, multiple Encoder-Decoder structured Transformers are used to generate different views for each original data view, which intentionally make each reconstructed view semantically similar to the original data view, and while these reconstructed views diversified between each other, aiming to holistically capture the latent features of normal data samples. Experimental results on multiple real network traffic datasets demonstrate that MTRC outperforms state-of-the-art unsupervised and self-supervised NIDS schemes, achieving superior performance in terms of AUC-ROC, AUC-PR, and F1-score metrics. The MTRC source code is publicly available at: https://github.com/sunyifen/MTRC.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.