A method for constructing a network intrusion model based on meta learning

By constructing a network intrusion model based on meta-learning, this method utilizes GAN networks to generate simulated attack samples and dynamic inter-class constraints. Combined with irrelevant meta-algorithms, it addresses the issues of class imbalance and insufficient detection capability for novel network attacks in network intrusion detection systems. This improves the detection capability for minority class attacks, enhances the model's ability to detect novel network attacks, improves its adaptability to novel network attack detection, and ultimately increases detection accuracy.

CN120378162BActive Publication Date: 2026-06-09CHONGQING COLLEGE OF ELECTRONICS ENG

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHONGQING COLLEGE OF ELECTRONICS ENG
Filing Date
2025-04-23
Publication Date
2026-06-09

Smart Images

  • Figure CN120378162B_ABST
    Figure CN120378162B_ABST
Patent Text Reader

Abstract

The application provides a network intrusion model construction method based on meta learning, comprising the following steps: a global server constructs a plurality of client nodes based on a federated learning framework, and constructs a node detection model in each client node; the client nodes collect local multi-element heterogeneous data at a fixed time interval, generate simulated attack samples using a GAN network, and then form training data by combining the simulated attack samples and normal samples; the node detection model is iteratively trained using the training data; the node detection model after training is meta-optimized using an irrelevant meta algorithm; the global server dynamically allocates an aggregation weight to each client node, aggregates the models by a weighted average method, and generates a global detection model. The application solves the problem of class imbalance of model training samples in the prior art, which leads to insufficient detection capability of the detection model for minority class attacks and difficulty in quickly adapting to new network attacks.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, and in particular to a method for constructing a network intrusion model based on meta-learning. Background Technology

[0002] The role of a network intrusion detection system (NIC) is to identify network traffic, primarily categorizing it into normal traffic and traffic carrying intrusion attacks. To cope with the rapidly changing cyberspace environment, current NICs utilize intelligent algorithms, such as machine learning, for traffic identification. In traditional machine learning, the machine focuses on a specific task T. In NIC, a fundamental task is to use a classifier to determine the attributes of network traffic samples. We have K samples and labels related to this task, and our goal is to build a classifier model f whose input is a sample xi and output is an estimate of the label yi corresponding to that sample. In typical supervised learning scenarios, a larger sample size K generally leads to better detection of malicious samples. However, during model training, normal data usually dominates, while attack samples are scarce. This results in insufficient detection capability for minority classes of attacks. Furthermore, after training, the model only produces relatively good detection results for the attack samples used during training; its detection capability for newly emerging network attacks is poor. Even if the model has self-learning capabilities, it is difficult to adapt quickly due to the limited number of intrusion attack samples. Summary of the Invention

[0003] To address the shortcomings of existing technologies, this invention provides a method for constructing a network intrusion model based on meta-learning. This method solves the problem that the imbalance of training samples in existing models leads to insufficient detection capabilities for minority class attacks and difficulty in quickly adapting to emerging new types of network attacks.

[0004] According to an embodiment of the present invention, a method for constructing a network intrusion model based on meta-learning includes:

[0005] The global server builds multiple client nodes based on a federated learning framework, and builds a node detection model within each client node;

[0006] Client nodes collect local multi-dimensional heterogeneous data at fixed time intervals. Based on the local multi-dimensional heterogeneous data, a GAN network is used to generate simulated attack samples. Then, the simulated attack samples, the original attack samples, and normal samples are combined to form training data.

[0007] The client node introduces dynamic inter-class constraints into the node detection model, and then uses training data to iteratively train the node detection model;

[0008] The client node uses an irrelevant meta-algorithm to perform meta-optimization on the trained node detection model;

[0009] The global server dynamically assigns aggregation weights to each customer node based on the proportion of local heterogeneous data and the model parameters of the node detection model. The model is aggregated by weighted averaging to generate a global detection model, which is then deployed to drones for network intrusion detection.

[0010] Preferably, after the client node collects local multi-dimensional heterogeneous data, it performs standardization and feature encoding on the local multi-dimensional heterogeneous data in sequence to generate feature data in the same format. Then, based on the feature data, it uses a GAN network to generate simulated attack samples.

[0011] Preferably, the method of introducing dynamic inter-class constraints into the node detection model and then iteratively training the node detection model using training data includes:

[0012] S1: Divide the training data into a training set and a validation set. Use the training set to iteratively train the node detection model and use the validation set to evaluate the node detection model in the current iteration batch.

[0013] S2: Count the number of attack samples identified by the node detection model in the current iteration batch, and assign weight coefficients to the attack samples;

[0014] S3: Calculate the F1 score of the node detection model on the validation set for the attack samples in the current iteration batch, and adjust the weight coefficients according to the F1 score;

[0015] S4: Adjust the loss function of the node detection model according to the weight coefficients, and then repeat steps S2-S4 until the model converges.

[0016] Preferably, in S3, the formula for adjusting the weighting coefficients is as follows:

[0017]

[0018] in, γ is the weighting coefficient before adjustment, c is the category number, and C is the total number of categories.

[0019] In S3, if the F1 score decreases continuously in multiple consecutive training iterations, then γ is decreased; if the F1 score increases continuously in multiple consecutive training iterations, then γ is increased.

[0020] Preferably, the method for meta-optimizing the trained node detection model using a non-relevant meta-algorithm includes:

[0021] The local diverse and heterogeneous data is divided according to data type to obtain multiple task classes;

[0022] Each task class is divided into a support set and a query set, and the original model parameters of the node detection model are updated using the loss of the support set to obtain the support model parameters.

[0023] The support model parameters of the node detection model are updated using the loss of the query set, thus obtaining the generalized model parameters.

[0024] Preferably, the formula for supporting model parameter updates is as follows:

[0025] θ′=θ-α▽ θ L support (θ)

[0026] The formula for updating the generalization model parameters is as follows:

[0027] θ meta =θ-β▽ θ L query (θ′)

[0028] Where θ represents the original model parameters, α and β are both learning rates, Lsupport is the loss function for the support set, and Lquery is the loss function for the query set. θ This is the gradient vector of the data in the task class.

[0029] Preferably, after the node detection model is trained, each client node needs to upload the local multi-dimensional heterogeneous data collected by the client node and the generalization model parameters of the node detection model to the global server.

[0030] Preferably, when uploading data at a client node, the uploaded data needs to undergo privacy protection processing, and the processing methods include:

[0031] Calculate the gradient vector of the feature data, and then perform L2 norm clipping on the feature data based on the gradient vector to obtain the clipped data;

[0032] Based on a preset privacy budget, Laplace noise is injected into the cropped data.

[0033] Preferably, the formula for calculating the aggregate weight of each customer node is as follows:

[0034]

[0035] Where r i Let A be the proportion of local heterogeneous data collected by the i-th client node to the total data of all client nodes. i Let A be the F1 score of the i-th client node. j Let η be the F1 score of the j-th client node, η be the exponential adjustment factor whose initial value is set empirically, and K be the number of client nodes.

[0036] Preferably, the method for determining the exponential adjustment factor is as follows:

[0037] A portion of the local heterogeneous data uploaded by each client node is randomly selected and combined to form global validation data;

[0038] The global detection model is obtained by aggregation using the initial η, and then the global detection model is validated using global validation data. Finally, the proportion of the number of samples correctly identified by the model to the total amount of global validation data is calculated to obtain the current model accuracy.

[0039] Calculate the difference between the accuracy of the current model and the accuracy of the global detection model obtained from the previous aggregation. If the difference is less than a preset value, increase η; if the difference is greater than the preset value, keep it unchanged.

[0040] Compared with the prior art, the present invention has the following beneficial effects:

[0041] This invention uses locally collected heterogeneous multivariate data as a foundation and employs a GAN network to generate simulated attack samples to expand the number of attack samples, avoiding the problem of class imbalance in training samples and improving the detection capability for minority class attacks. In addition, at fixed intervals, client nodes will re-collect local heterogeneous multivariate data and retrain the node detection model. Therefore, the global detection model used for UAV network intrusion detection will also be updated together, thus jointly updating the global detection model to ensure that it always maintains a relatively good intrusion detection capability. At the same time, it combines the irrelevant meta-algorithm with small sample data training to quickly adapt to new network attacks with a small number of samples, thereby improving the detection accuracy of new network attacks. Attached Figure Description

[0042] Figure 1 This is a flowchart illustrating the method for constructing a network intrusion model according to an embodiment of the present invention. Detailed Implementation

[0043] The technical solutions of the present invention will be further described below with reference to the accompanying drawings and embodiments.

[0044] like Figure 1 As shown in the figure, this invention proposes a method for constructing a network intrusion model based on meta-learning, including:

[0045] The global server uses a federated learning framework to build multiple client nodes that are connected to the global server. Each client node will periodically upload relevant data to the global server and then build a node detection model within each client node.

[0046] Client nodes collect local heterogeneous data at fixed time intervals (usually a week, which can be extended or shortened as needed), and use a GAN network to generate simulated attack samples based on the local heterogeneous data.

[0047] Each client node collects local multi-source heterogeneous data through sensors, communication interfaces, and flight controllers, including: sensor data (such as GPS coordinates, accelerometer readings, gyroscope data, etc.), network traffic data (TCP / UDP packet header information, packet size distribution, etc.), and system log data (such as abnormal process startup records, permission change events, etc.).

[0048] Because these data come in various formats, it is necessary to process this local, multi-source, heterogeneous data and transform it into feature data of the same format to facilitate subsequent data analysis. Processing methods include:

[0049] (1) Standardize the raw data:

[0050]

[0051] Where μ is the characteristic mean and σ is the standard deviation.

[0052] (2) Perform feature encoding on multi-source heterogeneous data to generate a unified feature representation:

[0053] F = Encoder(X1,X2,...,X) M )∈i D

[0054] Among them, X i ,i∈i[1,M] represents M heterogeneous data sources, Encoder is a feature encoding network, and D is the feature dimension.

[0055] The processed feature data is then imported into a Generative Adversarial Network (GAN) for data augmentation. The GAN network expands the attack samples, generating simulated attack samples to avoid class imbalance in the training samples and improve the detection capability for minority class attacks.

[0056] ① The generator receives random noise z and encoded features F, and outputs synthesized samples:

[0057] X syn =G(z,F)

[0058] ② The discriminator distinguishes between real samples X real Compared with synthetic sample X syn Furthermore, the generator and discriminator are optimized using an adversarial loss function.

[0059] The discriminator loss is updated as follows:

[0060]

[0061] The generator loss is updated as follows:

[0062]

[0063] Where, λ fm φ represents the feature matching weight, and φ represents the features of the intermediate layer of the discriminator.

[0064] The generated simulated attack samples, original attack samples, and normal samples are then used as training data to train the node detection model.

[0065] Dynamic inter-class constraints are introduced into the node detection model, and then the node detection model is iteratively trained using training data;

[0066] The training data is divided into a training set and a validation set, with the training set accounting for 70% of all data and the validation set accounting for 30%. The training set is used for iterative training of the node detection model, and the validation set is used to evaluate and validate the node detection model in the current iteration batch.

[0067] For any given iteration batch, count the number N of each attack sample in the current iteration batch. c And assign them initial weights:

[0068]

[0069] Where ε is the numerical stability coefficient, used to prevent extremely small constants where the denominator is zero. λ is the dynamic weight scaling factor, used to adjust for class imbalance sensitivity.

[0070] In this invention, training data is divided into normal samples and attack samples using a binary classification principle. Of course, training data can also be divided into normal samples and attack samples with different attack methods using a multi-class classification principle. In the multi-class case, N c This represents the number of attack samples of type c, where C represents the total number of categories.

[0071] λ depends on the sample size N c It is determined that in the majority class (e.g., normal samples), the number of samples N is... c If the value is large, λ needs to be appropriately reduced to suppress overfitting; in minority classes (such as rare attack samples): the number of samples N c A smaller λ value indicates that increasing λ can enhance the model's focus on tail categories.

[0072] Then, the weight distribution is smoothed using a temperature coefficient:

[0073]

[0074] Where γ∈(0,1] represents the correction coefficient for dynamic adjustment of class weights, which is dynamically adjusted according to the F1 score of the corresponding attack sample on the validation set during the training process. If the F1 score of the corresponding attack sample decreases continuously in multiple iterations of training when the validation is performed on the validation set, it is reduced by γ←γ×0.9 to strengthen the weight difference; otherwise, it is increased by γ←γ×1.1 to smooth the weight distribution.

[0075] The node detection model uses the softmax cross-entropy loss function:

[0076]

[0077] Among them, z i,c y represents the logits output of the i-th sample in class c. i,c To indicate whether the true label of the i-th sample is class c, one-hot encoding is used: when sample i belongs to class c, y i,c =1, otherwise 0.

[0078] To adapt the node detection model to a very small number of attack samples, an irrelevant meta-algorithm is used to perform meta-optimization on the trained node detection model:

[0079] ① Inner Layer Update (Adapting to New Task): The training data is divided into multiple task classes based on data type (e.g., by task). Each task class is then divided into a support set and a query set. The support set is generated by randomly sampling a small number of samples (e.g., 5 samples per class) to simulate "rapid adaptation with a small number of samples," guiding the model to quickly adapt to new attack patterns (similar to few-shot learning). The model parameters are adjusted using the support set loss to simulate "rapid learning with a small number of samples." The model is updated using support set samples, allowing the support model parameters θ′ to initially adapt to the current task. The inner layer update method is as follows:

[0080] θ′=θ-α▽ θ L support (θ)

[0081] Here, θ represents the original model parameters of the node detection model. Adjusting θ allows the model to adapt to different intrusion detection tasks. θ includes convolutional kernel weights, fully connected layer parameters, etc., determining the model's ability to extract traffic features and its classification boundary. In meta-learning, θ is a globally initialized parameter, optimized through multi-task training, enabling the model to quickly adapt to new attack tasks. θ′ updates and adjusts the weights of the feature extraction layer and the classification layer, allowing the model to quickly adapt to the attack patterns of the current task. α represents the learning rate of the inner layer update in meta-learning, controlling the step size of parameter adjustment on the support set. L support This represents the loss function computed by the model on the support set, used for rapid in-task parameter adaptation. ▽ θThis is the gradient vector of the data in the task class.

[0082] ② Outer Layer Update (Meta-optimization of global parameters): The performance of the adapted model is evaluated using query set loss, and meta-parameters are optimized. The query set is used to evaluate the model's generalization ability, ensuring that the model retains its ability to discriminate unknown samples after adaptation, preventing overfitting, and ensuring that the model maintains generalization ability on the query set after fine-tuning on the support set. Finally, the final generalized model parameters are output.

[0083] θ meta =θ-β▽ θ L query (θ′)

[0084] Where β represents the learning rate of the outer layer update in meta-learning, controlling the meta-optimization step size of the global model parameters. L query This represents the loss function computed by the model on the query set, used for cross-task meta-optimization.

[0085] The global server dynamically assigns aggregation weights to each node based on the proportion of local heterogeneous data of the client nodes and the model parameters of the node detection model. The model is aggregated by weighted averaging to generate a global detection model, which is then deployed to drones for network intrusion detection.

[0086] After the node detection model is trained, each client node needs to upload the local multivariate heterogeneous data collected by the client node and the generalization model parameters of the node detection model to the global server. When the client node uploads data, privacy protection processing is required for the uploaded data. The processing methods include:

[0087] (1) Calculate the gradient vector ▽ of the current batch of training data. θ And based on a preset threshold C, it is subjected to L2 norm clipping, that is, when ||▽ θ When ||2>C, the gradient is scaled to To limit the sensitivity of gradient magnitude and prevent the reverse inference of training data features due to gradient leakage, the specific formula is as follows:

[0088]

[0089] (2) Laplace noise injection:

[0090]

[0091] Among them, the sensitivity of the gradient magnitude of Δf.

[0092] Based on the preset privacy budget ε p And the sensitive Δf of the gradient after clipping, generating a Laplace distribution. Random noise is added directly to the clipped gradient vector to form a perturbed privacy gradient.

[0093] Then, the global server dynamically assigns an aggregation weight α to each node based on the proportion of local heterogeneous data on the client nodes and the model parameters of the node detection model. i :

[0094]

[0095] Where, r i Let A be the proportion of local heterogeneous data collected by the i-th client node to the total data of all client nodes. i Let A be the F1 score of the i-th client node. j Let η be the F1 score of the j-th client node, and r be the F1 score of the client node. i The exponential adjustment factor is initially set by experience, and K is the number of client nodes.

[0096] Since the initial value of the exponential adjustment factor η is set manually, it needs to be adjusted to ensure the accuracy of the aggregate weights.

[0097] (1) Randomly select some samples from the local heterogeneous data uploaded by each client node to form global verification data, including normal samples and various attack samples, to ensure the balance of category distribution (or retain the natural imbalance according to the actual scenario).

[0098] Global validation data should cover known attack types and some unknown attack variants (simulated through data augmentation) to comprehensively evaluate the model's generalization ability.

[0099] (2) Use the initial η to aggregate and obtain the global detection model, and use the global validation data to validate the global detection model. Then calculate the proportion of the number of samples correctly identified by the model to the total amount of global validation data to obtain the current model accuracy:

[0100]

[0101] (3) Calculate the difference Δ between the current model accuracy Acc and the accuracy of the global detection model obtained from the previous aggregation. acc If the difference Δ acc If the difference is less than the preset value, then η is increased according to the following formula; if the difference is greater than the preset value, then it remains unchanged.

[0102]

[0103] Increasing η will cause the weight α to... i More favored for client nodes with large data volumes (r i(Increase the proportion), thereby suppressing the noise impact of low-quality models.

[0104] After adjusting the aggregation weights, the global model parameter θ global The generalization model parameters of the detection model at each node Weighted average:

[0105]

[0106] Then, a global detection model is built using the global model parameters, and the global detection model is deployed to the drone for network intrusion detection. At fixed intervals, the client node will re-collect local multi-dimensional heterogeneous data and retrain the node detection model. Therefore, the global detection model used for drone network intrusion detection will also be updated together, so as to jointly update the global detection model and keep it in good intrusion detection capability. At the same time, the model is trained with small sample data using irrelevant meta-algorithms, so as to quickly adapt to new network attacks with a small number of samples and improve the detection accuracy of new network attacks.

[0107] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.

Claims

1. A method for constructing a network intrusion model based on meta-learning, characterized in that: include: The global server builds multiple client nodes based on a federated learning framework, and builds a node detection model within each client node; Client nodes collect local multi-dimensional heterogeneous data at fixed time intervals. Based on the local multi-dimensional heterogeneous data, a GAN network is used to generate simulated attack samples. Then, the simulated attack samples, the original attack samples, and normal samples are combined to form training data. The client node introduces dynamic inter-class constraints into the node detection model, and then iteratively trains the node detection model using training data, including: S1: Divide the training data into a training set and a validation set. Use the training set to iteratively train the node detection model and use the validation set to evaluate the node detection model in the current iteration batch. S2: Count the number of attack samples identified by the node detection model in the current iteration batch, and assign weight coefficients to the attack samples; S3: Calculate the F1 score of the node detection model on the validation set for the attack samples in the current iteration batch, and adjust the weight coefficients according to the F1 score. The formula for adjusting the weight coefficients is as follows: in, The weighting coefficients before adjustment. Here, c is the category number and C is the total number of categories; If the F1 score decreases continuously in multiple training iterations, then reduce... If the F1 score increases continuously in multiple iterations of training, then increase ; S4: Adjust the loss function of the node detection model according to the weight coefficients, and then repeat steps S2-S4 until the model converges; The client node uses an irrelevant meta-algorithm to perform meta-optimization on the trained node detection model, including: The local diverse and heterogeneous data is divided according to data type to obtain multiple task classes; Each task class is divided into a support set and a query set, and the original model parameters of the node detection model are updated using the loss of the support set to obtain the support model parameters. The support model parameters of the node detection model are updated using the loss of the query set to obtain the generalized model parameters; The formula for supporting model parameter updates is as follows: The formula for updating the generalization model parameters is as follows: Where θ represents the original model parameters. and All are learning rates. For the loss function of the support set, The loss function for the query set. The gradient vector of the data in the task class; The global server dynamically assigns aggregation weights to each customer node based on the proportion of local heterogeneous data and the model parameters of the node detection model. The model is aggregated by weighted averaging to generate a global detection model, which is then deployed to drones for network intrusion detection.

2. The method for constructing a network intrusion model based on meta-learning as described in claim 1, characterized in that: After the client node collects local multi-dimensional heterogeneous data, it standardizes and encodes the local multi-dimensional heterogeneous data to generate feature data in the same format. Then, based on the feature data, it uses a GAN network to generate simulated attack samples.

3. The method for constructing a network intrusion model based on meta-learning as described in claim 1, characterized in that: After the node detection model is trained, each client node needs to upload the local multi-dimensional heterogeneous data collected by the client node and the generalization model parameters of the node detection model to the global server.

4. The method for constructing a network intrusion model based on meta-learning as described in claim 3, characterized in that: When uploading data to client nodes, privacy protection measures must be implemented for the uploaded data. These measures include: Calculate the gradient vector of the feature data, and then perform L2 norm clipping on the feature data based on the gradient vector to obtain the clipped data; Based on a preset privacy budget, Laplace noise is injected into the cropped data.

5. The method for constructing a network intrusion model based on meta-learning as described in claim 1, characterized in that: The formula for calculating the aggregate weight of each client node is as follows: in This represents the proportion of local heterogeneous data collected by the i-th client node to the total data of all client nodes. Let F1 score be the score of the i-th client node. Let the F1 score of the j-th client node be... This is the exponential adjustment factor, whose initial value is set empirically, and K is the number of client nodes.

6. The method for constructing a network intrusion model based on meta-learning as described in claim 5, characterized in that: Methods for determining the exponential adjustment factor: A portion of the local heterogeneous data uploaded by each client node is randomly selected and combined to form global validation data; Use the initial The global detection model is obtained by aggregation, and then the global verification data is used to verify the global detection model. Finally, the proportion of the number of samples correctly identified by the model to the total amount of global verification data is calculated to obtain the accuracy of the current model. Calculate the difference between the current model accuracy and the accuracy of the global detection model obtained from the previous aggregation. If the difference is less than a preset value, increase the value. If the difference is greater than the preset value, it will remain unchanged.