[1]游欣源,郭荣新,施一帆.基于图结构表示增强与特征融合的网络威胁检测方法[J].华侨大学学报(自然科学版),2025,46(5):528-538.[doi:10.11830/ISSN.1000-5013.202507014]
 YOU Xinyuan,GUO Rongxin,SHI Yifan.Network Threat Detection Method Based on Graph Structure Representation Enhancement and Feature Fusion[J].Journal of Huaqiao University(Natural Science),2025,46(5):528-538.[doi:10.11830/ISSN.1000-5013.202507014]
点击复制

基于图结构表示增强与特征融合的网络威胁检测方法()
分享到:

《华侨大学学报(自然科学版)》[ISSN:1000-5013/CN:35-1079/N]

卷:
第46卷
期数:
2025年第5期
页码:
528-538
栏目:
出版日期:
2025-09-20

文章信息/Info

Title:
Network Threat Detection Method Based on Graph Structure Representation Enhancement and Feature Fusion
文章编号:
1000-5013(2025)05-0528-11
作者:
游欣源 郭荣新 施一帆
华侨大学 工学院, 福建 泉州 362021
Author(s):
YOU Xinyuan GUO Rongxin SHI Yifan
College of Engineering, Huaqiao University, Quanzhou 362021, China
关键词:
网络检测 图结构 表示学习 机器学习 对比增强 特征融合
Keywords:
network detection graph structure representation learning machine learning contrast enhancement feature fusion
分类号:
TP181;TP393.08
DOI:
10.11830/ISSN.1000-5013.202507014
文献标志码:
A
摘要:
为了解决区块链与物联网技术应用中现实资产(RWA)等金融项目面临的网络恶意活动安全威胁,提出一种基于图结构表示增强与特征融合的网络威胁检测方法。首先,将流量记录建模为事件驱动的异构图;其次,设计后置式事件级对比增强机制,解耦表示学习与增强过程,增强节表示的判别性;最后,提出多源特征融合方案,通过降维与特征筛选优化输入表示。实验结果表明:文中方法在CIC-Darknet数据集上的受试者工作特征曲线下面积达0.975,精确率-召回率曲线下面积为0.966,F1分数达0.928,有效增强了网络异常活动的检测能力。
Abstract:
To address the security threats from malicious network activities in financial projects involving real-world assets(RWA)within blockchain and internet of things applications, a network threat detection method based on graph structure representation enhancement and feature fusion is proposed. First, traffic records are modeled as event-driven heterogeneous graphs. Second, a post-event-level contrastive enhancement mechanism is designed to decouple the representation learning and enhancement processes, improving the discriminative power of node representations. Finally, a multi-source feature fusion scheme is introduced to optimize input representation through dimensionality reduction and feature selection. The experimental results show that the proposed method achieves an area under the receiver operating characteristic curve of 0.975, an area under the precision-recall curve of 0.966, and an F1-score of 0.928 on the CIC-Darknet dataset, thereby effectively enhancing the detection capability of obnormal network activities.

参考文献/References:

[1] XIA Ning,ZHAO Xiaolei,YANG Yimin,et al.Exploration on real world assets and tokenization[EB/OL].(2025-05-05)[2025-07-05] .https://doi.org/10.48550/arXiv.2503.01111.
[2] ZHU Konglin,WU Fengjuan,WANG Fei,et al.Blockchain-based digital asset circulation: A survey and future challenges[J].Symmetry,2024,16(10):1287.DOI:10.3390/sym16101287.
[3] DE WITT C S.Open challenges in multi-agent security: Towards secure systems of interactingai agents[EB/OL].(2025-05-04)[2025-07-05] .https://doi.org/10.48550/arXiv.2505.02077.
[4] FERREIRA G O,RAVAZZI C,DABBENE F,et al.Forecasting network traffic: A survey and tutorial with open-source comparative evaluation[J].IEEE Access,2023,11:6018-6044.DOI:10.1109/ACCESS.2023.3236261.
[5] MENG Xuying,LIN Chungang,WANG Yequan,et al.NetGPT: Generative pretrained transformer for network traffic[EB/OL].(2023-05-17)[2025-07-05] .https://doi.org/10.48550/arXiv.2304.09513.
[6] DOS REIS E F,TEYTEIBOYM A,ELBAHRAWY A,et al.Identifying key players in dark web marketplaces through Bitcoin transaction networks[J].Scientific Reports,2024,14(1):2385.DOI:10.1038/s41598-023-50409-5.
[7] YUAN Yachao,HUANG Yu,WANG Jin.Adaptive NAD: Online and self-adaptive unsupervised network anomaly detector[EB/OL].(2025-07-02)[2025-07-05] .https://doi.org/10.48550/arXiv.2410.22967.
[8] RAZALI N A M,SHAMSAIMON N,ISHAK K K,et al.Gap, techniques and evaluation: Traffic flow prediction using machine learning and deep learning[J].Journal of Big Data,2021,8:152.DOI:10.1186/s40537-021-00542-7.
[9] SALEEM J,ISLAM R,ISLAM M Z.Darknet traffic analysis: A systematic literature review[J].IEEE Access,2024,12:42423-42452.DOI:10.1109/ACCESS.2024.3373769.
[10] INUWA M M,DAS R.A comparative analysis of various machine learning methods for anomaly detection in cyber attacks on IoT networks[J].Internet of Things,2024,26:101162.DOI:10.1016/j.iot.2024.101162.
[11] FAHEEM A,KHAN M M.Real-time detection of cyber threats via dark web traffic analysis using machine learning and deep learning[C]//4th International Conference on Innovations in Computer Science.Karachi:IEEE Press,2024:1-12.DOI:10.1109/ICONICS64289.2024.10824507.
[12] BOUGAHAM A,FRéNAY B.Towards a trustworthy anomaly detection for critical applications through approximated partial AUC loss[EB/OL].(2025-04-01)[2025-07-05] .https://doi.org/10.48550/arXiv.2502.11570.
[13] REZAEI S,LIU Xin.Deep learning for encrypted traffic classification: An overview[J].IEEE Communications Magazine,2019,57(5):76-81.DOI:10.1109/MCOM.2019.1800819.
[14] LIU Chang,ANTYPENKO R,SUSHKO I,et al.Intrusion detection system after data augmentation schemes based on the VAE and CVAE[J].IEEE Transactions on Reliability,2022,71(2):1000-1010.DOI:10.1109/TR.2022.3164877.
[15] WANG Zihao,FOK K W,THING V L L.Network attack traffic detection with hybrid quantum-enhanced convolution neural network[J].Quantum Machine Intelligence,2025,7(1):50.DOI:10.1007/s42484-025-00278-0.
[16] MALARKKAN A V,WANG Dongjie,FU Yanjie.Multi-view causal graph fusion based anomaly detection in cyber-physical infrastructures[C]//Proceedings of the 33rd ACM International Conference on Information and Knowledge Management.Boise:ACM,2024:4760-4767.DOI:10.1145/3627673.3680096.
[17] ACETO G,CIUONZO D,MONTIERI A,et al.DISTILLER: Encrypted traffic classification via multimodal multitask deep learning[J].Journal of Network and Computer Applications,2021,183:102985.DOI:10.1016/j.jnca.2021.102985.
[18] DIAO Zulong,XIE Gaogang,WANG Xin,et al.EC-GCN: A encrypted traffic classification framework based on multi-scale graph convolution networks[J].Computer Networks,2023,224:109614.DOI:10.1016/j.comnet.2023.109614.
[19] FENG Minghan,HSU C C,LI Chengte,et al.MARINE: Multi-relational network embeddings with relational proximity and node attributes[C]//The World Wide Web Conference.New York:Association for Computing Machinery,2019:470-479.DOI:10.1145/3308558.3313715.
[20] WANG Cheng,ZHU Hangyu.Wrongdoing monitor: A graph-based behavioral anomaly detection in cyber security[J].IEEE Transactions on Information Forensics and Security,2022,17:2703-2718.DOI:10.1109/TIFS.2022.3191493.
[21] YOU Yuning,CHEN Tianlong,SUI Yongduo,et al.Graph contrastive learning with augmentations[C]//34th Conference on Neural Information Processing Systems.Vancouver:Curran Associates,2020,33:5812-5823.DOI:10.48550/arXiv:2010.13902.
[22] LUO Xuexiong,WU Jia,YANG Jian,et al.Deep graph level anomaly detection with contrastive learning[J].Scientific Reports,2022,12(1):19867.DOI:10.1038/s41598-022-22086-3.
[23] LIU Kunpeng,FU Yanjie,WU Le,et al.Automated feature selection: A reinforcement learning perspective[J].IEEE Transactions on Knowledge and Data Engineering,2021,35(3):2272-2284.DOI:10.1109/TKDE.2021.3115477.
[24] 霍跃华,赵法起.基于Stacking与多特征融合的加密恶意流量检测[J].计算机工程.2023,49(5):165-172.DOI:10.19678/j.issn.1000-3428.0064805.
[25] HUANG Hong,ZHOU Yinghang,JIANG Feng,et al.MFF: A multimodal feature fusion approach for encrypted traffic classification[J].Electronics,2025,14(13):2584.DOI:10.3390/electronics14132584.
[26] CHEN Yiren,CUI Mengjiao,WANG Ding,et al.A survey of large language models for cyber threat detection[J].Computers & Security,2024,145:104016.DOI:10.1016/j.cose.2024.104016.
[27] HWANG Y,KURT F,CUREBAL F,et al.ContextualGraph-LLM: A multimodal framework for enhanced Darknet traffic analysis[J].Available at SSRN,2026,297:129298.DOI:10.1016/j.eswa.2025.129298.
[28] PANG Guansong,DING Choubo,SHEN Chunhua,et al.Explainable deep few-shot anomaly detection with deviation networks[EB/OL].(2021-08-01)[2025-07-05] .https://doi.org/10.48550/arXiv.2108.00462.
[29] SOMEPALLI G,GOLDBLUM M,SCHWARZSCHILD A,et al.SAINT: Improved neural networks for tabular data via row attention and contrastive pre-training[EB/OL].(2021-06-02)[2025-07-05] .https://doi.org/10.48550/arXiv.2106.01342.
[30] YUAN Yachao,HUANG Yu,WANG Jin.Adaptive NAD: Online and self-adaptive unsupervised network anomaly detector[EB/OL].(2025-07-02)[2025-07-05] .https://doi.org/10.48550/arXiv.2410.22967.
[31] TIAN Tian,ZHANG Chen,JIANG Bo,et al.Insider threat detection for specific threat scenarios[J].Cybersecurity,2025,8:17.DOI:10.1186/s42400-024-00321-w.
[32] YE Xiaoyun,CUI Huangrongbin,LUO Faqin,et al.Daily insider threat detection with hybrid TCN transformer architecture[J].Scientific Reports,2025,15:28590.DOI:10.1038/s41598-025-12063-x.

备注/Memo

备注/Memo:
收稿日期: 2025-07-14
通信作者: 郭荣新(1980-),男,副教授,主要从事区块链技术、人工智能、物联网技术的研究。 E-mail:grxeee@hqu.edu.cn。
基金项目: 国家自然科学青年基金资助项目(62306122); 福建省科技项目引导性项目(2023H0012)
更新日期/Last Update: 2025-09-20