Network intrusion risk detection method, device, equipment, medium and program product

By generating synthetic training samples using generative adversarial networks and combining them with latent space interpolation adjustments, along with federated learning and exploratory gradient descent strategies, the problem of sample scarcity and lack of diversity in network intrusion risk detection is solved, thereby improving the accuracy and reliability of the detection model.

CN122160102APending Publication Date: 2026-06-05CHINA MOBILE GROUP DESIGN INST +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA MOBILE GROUP DESIGN INST
Filing Date
2026-02-03
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing network intrusion risk detection methods suffer from insufficient training of detection models and weak generalization ability due to the scarcity and lack of diversity of attack samples. This makes it difficult to identify unknown and complex attack patterns and results in low detection accuracy.

Method used

Generative adversarial networks (GANs) are used to generate synthetic training samples. During adversarial training, the gradient of the discriminator loss function with respect to the generator input is calculated. The interpolation is adjusted by combining the latent space interpolation influence factor to expand the training sample set. The network risk detection model is trained through a federated learning framework, and the parameters of the feature extraction network are updated using an exploratory gradient descent strategy.

Benefits of technology

It improves the accuracy and generalization ability of detecting unknown and variant attacks, reduces the false negative and false positive rates, and enhances the accuracy and reliability of network intrusion risk detection.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160102A_ABST
    Figure CN122160102A_ABST
Patent Text Reader

Abstract

Embodiments of the present application disclose a network intrusion risk detection method, device, equipment, medium and program product to solve the problem of weak generalization ability of the detection model and low identification accuracy of unknown and complex attack patterns due to the lack of network intrusion attack samples and insufficient diversity in the prior art. The method comprises: obtaining network communication data to be detected; inputting the network communication data into a trained network risk detection model to obtain a network risk detection result; the network risk detection model is trained by an expanded training sample set, the expanded training sample set comprises real training samples and synthetic training samples; the synthetic training samples are generated by a generative adversarial network, and the generative adversarial network is trained by a discriminator loss function and a generator loss function; in the process of adversarial training, the gradient of the discriminator loss function input to the generator of the generative adversarial network is calculated, and the generator input is updated according to the gradient and the hidden space interpolation influence factor.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of network security technology, and in particular to a method, apparatus, device, medium, and program product for detecting network intrusion risks. Background Technology

[0002] Currently, existing network intrusion risk detection methods typically employ machine learning or deep learning models to extract features from network traffic and classify them in real time, thereby distinguishing between normal and attack behaviors.

[0003] However, the performance of existing network intrusion risk detection methods is highly dependent on the scale, quality, and distribution coverage of the training data. In real network environments, the number of real and obtainable attack event samples, especially new attacks, low-frequency attacks, or targeted attacks against specific services, is often limited. At the same time, the collection and labeling of attack samples is usually costly and time-consuming, resulting in a low proportion of attack samples in the training dataset, which can easily lead to significant class imbalance.

[0004] Furthermore, due to insufficient training samples and inadequate distribution coverage, the model struggles to learn the diversity and complex patterns of attack behaviors, especially rare features and fine-grained variation features. Consequently, when faced with unknown attacks, variant attacks, or cross-scene migration, the detection accuracy and generalization ability are prone to decline, leading to false negatives or missed detections, which affects the actual effectiveness and reliability of intrusion risk detection.

[0005] Therefore, how to improve the accuracy and reliability of network intrusion risk detection methods is a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0006] This application provides a network intrusion risk detection method to address the problems in the prior art where the scarcity and lack of diversity of network intrusion attack samples lead to insufficient training of detection models, weak generalization ability, and low accuracy in identifying unknown and complex attack patterns.

[0007] This application also provides a network intrusion risk detection device, an electronic device, a computer-readable storage medium, and a computer program product.

[0008] The embodiments of this application adopt the following technical solutions: In a first aspect, embodiments of this application provide a method for detecting network intrusion risks, including: Acquire the network communication data to be detected; The network communication data is input into the trained network risk detection model to obtain the network risk detection results. The network risk detection model is trained using an expanded training sample set, which includes real training samples and synthetic training samples. Synthetic training samples are generated by a generative adversarial network (GAN), which is trained adversarially against the discriminator loss function and the generator loss function. During adversarial training, the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is calculated, and the generator input is updated based on the gradient and the latent space interpolation influence factor. The latent space interpolation influence factor is used to interpolate and adjust the generator input in the latent space.

[0009] Optionally, the generator loss function includes a sparsity loss, which is constructed through variational sparse matrix decomposition and includes a sparse regularization term and a distribution constraint term. Among them, the sparse regularization term is used to constrain the sparsity of the synthetic training samples output by the generator of the generative adversarial network in the feature dimension, and the distribution constraint term is used to make the feature distribution of the generator output approximate the feature distribution of the real training samples.

[0010] Optionally, the generator input is updated based on the gradient and latent space interpolation influence factor, including: Determine the first learning rate, which is used to control the step size of the generator input based on gradient updates; The latent space interpolation influence factor is determined based on the interpolation coefficients used for interpolation adjustment; The generator input is updated based on the gradient, the first learning rate, and the latent space interpolation influence factor.

[0011] Optionally, based on the interpolation coefficients used for interpolation adjustment, a latent space interpolation influence factor is determined, including: Determine the total number of iterations for training the generative adversarial network, and determine the interpolation coefficients used for interpolation adjustment based on the total number of iterations. Randomly generate noise vectors for the generator of a generative adversarial network; The interpolation vector is determined based on the interpolation coefficients and the noise vector; Determine a normal distribution with a mean of 0 and a variance equal to the interpolation vector based on the interpolation vector; The preset latent space interpolation influence factor is determined based on the normal distribution.

[0012] Optionally, the trained network risk detection model is obtained through a federated learning framework; the training process of the network risk detection model includes: For each round of iterative training, perform the following training operations until the maximum number of iterations reaches a first preset threshold or the network risk detection model meets a first preset convergence condition, at which point the iterative training operation is terminated: Using multiple participating nodes, a local network risk detection model is trained based on the local expanded training sample set of each participating node to obtain local model parameters; the network structure of the local network risk detection models of each participating node is the same. Upload the local model parameters obtained from training at each participating node to the central server; In the central server, all uploaded local model parameters are aggregated to generate global model parameters; The global model parameters are distributed to each participating node to update the local network risk detection model of each participating node; When the iterative training operation is terminated, the final global model parameters are used as the parameters of the trained network risk detection model.

[0013] Optionally, the network risk detection model includes at least a feature extraction network, which is a six-layer fully connected neural network, including an input layer, four hidden layers, and an output layer. The input layer is used to receive and transmit sample data from the expanded training sample set; The first hidden layer has 128 neurons, which are used to perform preliminary nonlinear mapping on the input sample data and generate low-level feature vectors representing the sample data. The second hidden layer has 256 neurons, which are used to perform feature cross and combination operations on the low-level feature vectors to generate the intermediate-level feature vectors. The third hidden layer has 512 neurons, which are used to perform high-level semantic abstraction on the intermediate feature vectors to generate high-level feature vectors that represent the complete semantics of the attack behavior. The fourth hidden layer has 1024 neurons and is used to perform discriminative feature filtering and dimensionality optimization on high-level feature vectors to generate compact feature representations that focus on distinguishing network intrusion risk levels. The output layer has the same number of neurons as the third hidden layer, and is used to represent network intrusion risk detection results based on compact feature representations of the output sample data.

[0014] Optionally, the feature extraction network of the network risk detection model uses an exploratory gradient descent strategy for parameter updates; Among them, an exploratory gradient descent strategy is used for parameter updates, including: Initialize the weight and bias parameters of the feature extraction network; The input data is processed by each layer of the feature extraction network. Each layer performs linear transformation and nonlinear activation function processing to obtain the feature representation of the output layer. Before each parameter update, the gradient change trend is predicted based on historical gradient data, and the step size and direction of the gradient update are dynamically adjusted according to the predicted gradient change trend. Calculate the exploratory gradient update amount, which is determined based on the current gradient, the exploration intensity coefficient, and the gradient prediction function; The weight and bias parameters of the feature extraction network are updated based on the exploratory gradient update amount. The parameter update operation is terminated when the maximum number of parameter updates reaches the second preset threshold or the feature extraction network meets the second preset convergence condition.

[0015] Secondly, embodiments of this application provide a network intrusion risk detection device, including an acquisition module and a detection module, wherein: The acquisition module is used to acquire the network communication data to be detected. The detection module is used to input network communication data into the trained network risk detection model to obtain network risk detection results; The network risk detection model is trained using an expanded training sample set, which includes real training samples and synthetic training samples. Synthetic training samples are generated by a generative adversarial network (GAN), which is trained adversarially against the discriminator loss function and the generator loss function. During adversarial training, the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is calculated, and the generator input is updated based on the gradient and the latent space interpolation influence factor. The latent space interpolation influence factor is used to interpolate and adjust the generator input in the latent space.

[0016] Thirdly, embodiments of this application provide an electronic device, including: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps of the network intrusion risk detection method described above.

[0017] Fourthly, embodiments of this application provide a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the steps of the network intrusion risk detection method described above.

[0018] Fifthly, embodiments of this application provide a computer program product, including a computer program that, when executed by a processor, implements the network intrusion risk detection method described above.

[0019] The above-described technical solutions adopted in the embodiments of this application can achieve the following beneficial effects: The method provided in this application generates synthetic training samples based on generative adversarial networks (GANs). During adversarial training, the gradient of the discriminator loss with respect to the generator input is calculated, and the generator input is updated and interpolated using latent space interpolation influencing factors. This guides the generator to explore the latent space more fully and purposefully, generating attack / abnormal behavior samples that are closer to the real distribution and more diverse. This expands the training sample set without significantly increasing the cost of collecting real attack samples and manual annotation, alleviating the problems of attack sample scarcity and class imbalance. The network risk detection model learns richer attack behavior patterns and fine-grained variation features during the training phase, improving the detection accuracy and generalization ability of unknown / variant attacks and cross-scenario migration, reducing false negatives and false positives, and improving the accuracy and reliability of network intrusion risk detection methods. Attached Figure Description

[0020] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings: Figure 1 A schematic diagram illustrating the implementation process of a network intrusion risk detection method provided in this application embodiment; Figure 2 A schematic diagram illustrating the implementation process of updating the generator input based on gradient and latent space interpolation influence factor, provided in an embodiment of this application; Figure 3 A schematic diagram illustrating the implementation process of a network risk detection model trained using a federated learning framework, as provided in this embodiment of the application. Figure 4 This application provides an embodiment of a method for updating the parameters of a feature extraction network in a network risk detection model using an exploratory gradient descent strategy. Figure 5 This application provides a schematic diagram of the specific structure of a network intrusion risk detection device according to an embodiment of the present application; Figure 6 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0021] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions of this application will be clearly and completely described below in conjunction with specific embodiments and corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0022] It should be understood that the training and prediction processes of the AI ​​models involved in the various embodiments of this specification all adhere to multiple legal and compliant principles, including legal data sources, compliant data content, compliant data governance, compliant training objectives and schemes, compliant training processes, compliant training environments and tools, and compliant ethical verification of training results, and comply with the requirements of Article 5 of the Patent Law. Among them: Data source legitimacy: All datasets used for AI model training were obtained through legal means, covering three categories: publicly authorized data, data authorized by partners, and self-collected compliant data. Publicly authorized data comes from compliant data sources following open-source licenses such as Apache 2.0, with complete copyright attribution and authorization scope clearly marked, and no unauthorized open-source code or data reuse. Data authorized by partners has been subject to formal data usage agreements, clearly defining the scope, duration, and confidentiality obligations, and possessing a complete authorization chain. For self-collected data involving personal information, strict informed consent procedures have been followed, and anonymization processes (including but not limited to field masking, feature anonymization, and differential privacy technology applications) have been implemented to remove personally identifiable information, fully complying with the requirements of relevant laws and regulations such as the "Interim Measures for the Administration of Generative Artificial Intelligence Services" and the "Personal Information Protection Law."

[0023] Data content compliance: The AI ​​model's dataset undergoes multiple screenings and cleaning processes to remove all content that may violate social morality or harm public interests. It contains no obscene, pornographic, violent, discriminatory, or information that endangers national or public safety, nor does it involve the illegal acquisition or use of genetic resources. For data in sensitive fields (such as healthcare and finance), an additional privacy-preserving computation module (including federated learning and secure multi-party computation technologies) ensures that the data is "usable but not visible," avoiding compliance risks during the original data transmission process and ensuring that the data application scenarios and uses comply with public order and good morals and industry regulatory requirements.

[0024] Data governance norms: A complete data traceability system is established during the AI ​​model training process to automatically record the source, collection time, annotation process, cleaning rules, and permission allocation of training data, generating traceable compliance reports to ensure that the data is verifiable throughout its entire lifecycle. The dataset annotation process for AI models is completed by a professional human R&D team, clearly defining the proportion of human creative contributions and avoiding reliance on AI-generated data that has not undergone substantial human modification, thus meeting the examination requirements for "human main contributions" in AI patent applications.

[0025] Training objectives and plans are compliant: The AI ​​model training aims to improve the accuracy and reliability of network intrusion risk detection, assisting in security protection and risk warning. The network communication data used in the training scheme should originate from legally authorized network environments or compliant publicly available data, and undergo necessary de-identification / anonymization processing before entering the training process, such as de-identifying personal or sensitive information like IP addresses and account identifiers. The synthetic training samples generated by the generative adversarial network are only used for data augmentation and category balancing. The generated samples are statistical / behavioral feature samples used for detection modeling, excluding malicious code, exploit commands, attack scripts, or executable content that can be directly used to carry out intrusions. The final output is the risk category / risk level or alarm information of network communication, representing a defensive analysis conclusion, and does not possess the function of launching attacks or damaging systems. Therefore, the training scheme and final output do not violate mandatory provisions of laws and administrative regulations, do not harm public interests or the legitimate rights and interests of others, and do not have any design purpose or functional orientation for illegal activities, privacy infringement, or public safety disruption, strictly adhering to the ethical principle of "intelligent for good."

[0026] Training process compliance: A closed-loop training framework is adopted to ensure compliance and controllability of the training process. The specific process is as follows: First, training samples are obtained through compliant data sources. After the aforementioned data cleaning and desensitization, they are input into the neural network model to generate preliminary training results. Second, an expert system is introduced to verify the preliminary results. Based on preset rules and human expert experience, the feasibility of the results is evaluated, and outputs that may pose ethical risks or compliance hazards are corrected (such as removing decision-making logic that violates public order and good morals, and adjusting model parameters that do not comply with safety regulations). Finally, the loss function weights are dynamically optimized based on expert system feedback to strengthen the model's learning of compliant results, avoid overfitting errors or non-compliant labels, and form a closed-loop control of "data input - model training - expert verification - parameter optimization - result feedback" to ensure that the entire training process complies with A5 ethical review requirements.

[0027] Training environment and tool compliance: AI model training is implemented using nationally licensed chips and a compliant training platform. All open-source frameworks and components used in the training process have obtained their corresponding licenses, and copyright statements and patent citation information are fully retained, with no instances of infringement or reuse. The training environment is built using virtual devices (containers / virtual machines) with fixed random seeds and initial parameter configurations to ensure the reproducibility of the training process. Furthermore, through access control and operation log recording, risks such as data leakage and parameter tampering during training are prevented, ensuring the security and compliance of the training process.

[0028] Training results ethical verification compliance: After the model is trained, it undergoes additional third-party ethical compliance assessment and algorithm filing review to verify that the model output does not violate social morality or harm public interests. For potentially sensitive scenarios (such as public services and intelligent decision-making), a special result verification mechanism is established to ensure that the model always complies with Article 5 of the Patent Law and relevant laws and regulations in practical applications.

[0029] In summary, the data and training process used in the AI ​​model of this specification strictly comply with the relevant provisions of Article 5 of the Patent Law and the Patent Examination Guidelines (2023 Edition), and there are no violations of laws, social ethics, public interests, or illegal use of genetic resources. It fully meets the compliance requirements for patent authorization.

[0030] The technical solutions provided by the various embodiments of this application are described in detail below with reference to the accompanying drawings.

[0031] To address the problems in existing technologies where the scarcity and lack of diversity of network intrusion attack samples lead to insufficient training of detection models, weak generalization ability, and low accuracy in identifying unknown and complex attack patterns, this application provides a network intrusion risk detection method.

[0032] The execution subject of this method can be various types of computing devices, or it can be an application or app installed on the computing device. The computing device can be a user terminal such as a mobile phone, tablet computer, or smart wearable device, or it can be a server.

[0033] For ease of description, this application uses a server as the execution subject of the method in its embodiments to illustrate the method. Those skilled in the art will understand that this embodiment uses a server as an example to describe the method, which is merely an illustrative example and does not limit the scope of protection of the corresponding claims.

[0034] Specifically, the implementation flow of the method provided in this application embodiment is as follows: Figure 1 As shown, it includes the following steps: Step 102: Obtain the network communication data to be detected.

[0035] Among them, network communication data refers to network activity records collected by network monitoring equipment and log management systems, which can reflect requests, responses, abnormal events and interactive behaviors.

[0036] In this embodiment, network communication data to be detected can be obtained by network monitoring devices and log management systems deployed at key network nodes, such as gateways, firewalls, and bypassing intrusion detection systems. Specifically, network monitoring devices and log management systems deployed at key network nodes can continuously capture data packets, connection requests, session logs, and system events in the network, including but not limited to information such as HTTP requests, TCP / UDP connections, ICMP probes, abnormal login attempts, and traffic characteristics of known attack patterns.

[0037] Optionally, to improve the processability and consistency of the data, the network communication data to be detected obtained from heterogeneous monitoring sources can be uniformly converted into structured JSON (JavaScript Object Notation) format for storage.

[0038] In some embodiments, each piece of network communication data may correspond to an independent network interaction event and may contain a series of predefined attribute fields. Optionally, each piece of network communication data may contain, but is not limited to, the following core fields: A timestamp is used to record the precise time when an event occurred. It is usually stored in Unix timestamp format and is used to analyze the time-series patterns and frequency of attacks.

[0039] The source IP address refers to the IP address of the device that initiated the network request, and is used to identify potential attack sources.

[0040] The target IP address refers to the IP address of the device receiving the network request, which is used to identify potential attack targets.

[0041] The source port number refers to the port of the application that initiated the request, which can help determine the application type.

[0042] The target port number refers to the listening port of the target service, used to identify the service type, such as port 80 / 443 for web services and port 22 for SSH services.

[0043] Transport protocols, such as TCP, UDP, and ICMP, each have different risk characteristics.

[0044] Data packet size refers to the amount of data transmitted in this interaction. Abnormally large data packets may be a manifestation of attack payloads.

[0045] Session duration refers to the time from the establishment of a connection to its termination. Extremely short or extremely long sessions may be abnormal.

[0046] Flag information refers to combinations of flags such as SYN, ACK, FIN, and RST in the TCP protocol, used to identify connection establishment, termination, or reset states. Abnormal flag combinations are common characteristics of scanning or DoS attacks.

[0047] Action type refers to the action performed by security devices (such as firewalls), such as allow, deny, and warn, which can serve as initial weak oversight labels or verification indicators.

[0048] For example, in one embodiment, the network communication data to be detected can be represented as follows: { "timestamp": "1622547802", "source_ip": "192.168.1.1", "destination_ip": "10.0.0.1", "source_port": "3465", "destinati on_port": "80", "protocol": "TCP", "packet_size": "1500", "session_duration": "120", "flags": "SYN,ACK", "action": "allow" } This network communication data describes a TCP connection sent from port 3465 of IP address 192.168.1.1 to port 80 (HTTP service) of 10.0.0.1. The connection was successfully established (including SYN and ACK flags), 1500 bytes of data were transmitted, the connection lasted for 120 seconds, and was permitted by the security policy.

[0049] It should be noted that the network communication data is merely an exemplary illustration in the embodiments of this application and does not impose any limitations on the embodiments of this application.

[0050] Step 104: Input the network communication data into the trained network risk detection model to obtain the network risk detection results.

[0051] Among them, a network risk detection model that has been trained refers to a model whose parameters obtained through the training phase have converged or have reached the preset iteration stopping condition.

[0052] Optionally, the network risk detection result can be a risk category, such as low / medium / high risk, or a risk score, such as a score between 0 and 1; or it can be a risk probability distribution, etc.

[0053] In this embodiment, considering the scarcity of high-risk samples, the uneven distribution of categories, and the diverse and continuously evolving attack patterns in network intrusion data, relying solely on real training samples makes it difficult to obtain sufficient data coverage and training stability. To avoid this problem, the network risk detection model can be trained using an expanded training sample set, which includes real training samples and synthetic training samples. The synthetic training samples are generated by a generative adversarial network (GAN), which is trained adversarially using a discriminator loss function and a generator loss function.

[0054] In this way, using generative adversarial networks to generate synthetic training samples that are consistent with the distribution of real samples and have diversity can make up for the problem of insufficient real training samples. Furthermore, by balancing the distribution and enhancing the coverage of the expanded training sample set, the coverage and representativeness of the training data for complex attack patterns can be improved, the training bias caused by class imbalance can be alleviated, thereby improving the convergence stability and generalization ability of the network risk detection model and reducing the probability of missing detection of high-risk intrusion behaviors.

[0055] Optionally, the generative adversarial network (GAN) can be a reverse robust optimization-based GAN, which may include a generator. and discriminator Among them, the generator The system is responsible for generating sufficiently diverse data to enhance the model's training set, while the discriminator attempts to distinguish between real data and generated data.

[0056] In some embodiments, considering that generative adversarial networks may encounter problems during training, such as insufficient diversity of generated samples and inadequate coverage of complex attack patterns (e.g., unexplored data regions are difficult to reach by random noise), thereby affecting the effectiveness of generated samples for subsequent detection model training, this application embodiment can calculate the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network during adversarial training, and update the generator input based on the gradient and latent space interpolation influence factor.

[0057] The latent space interpolation influence factor is used to interpolate and adjust the generator input in the latent space to increase the diversity of generated samples and cover unexplored data regions. The latent space refers to the vector space where the generator input is located, that is, the space where the noise vector is located. The generator uses the input vector in the latent space as the starting point to map and generate synthetic training samples.

[0058] Generator input refers to the input vector fed into the generator to generate synthetic training samples, which is usually in the form of random noise.

[0059] The gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is used to characterize the direction in which adjusting the generator input in the latent space will cause the discriminator loss to change as desired.

[0060] By updating the generator input through gradient and latent space interpolation factors, the gradient term can adversarially guide the generator input to latent space directions that are more difficult for the discriminator to distinguish, making the generated samples more realistic and aggressive when simulating network attack data. At the same time, the interpolation factors expand the latent space exploration range through dynamic interpolation, increase the diversity of generated samples and cover unexplored data areas, thereby improving the coverage and quality of generated data. This enhances the representativeness of the expanded training sample set for complex attack patterns, strengthens the stability and generalization ability of the network risk detection model training, and reduces the risk of missing complex / variant attacks.

[0061] Specifically, such as Figure 2 As shown, in some embodiments, the generator input can be updated according to the gradient and latent space interpolation influence factor using steps 202-206 as follows: Step 202: Determine the first learning rate, which is used to control the gradient-based update step size of the generator input.

[0062] In some embodiments, a first learning rate can be determined first. This first learning rate can be a fixed value, such as 0.01, or a dynamic value that is adaptively adjusted according to the training phase to ensure a balance between update magnitude and training stability.

[0063] The first learning rate is used as the step size for controlling the gradient-based update of the generator input. This is mainly to limit the magnitude of the generator input adjustment along the gradient direction, thereby avoiding problems such as the generator input jumping out of the effective latent space region due to excessive updates, or the generator input failing to produce effective changes due to excessive updates.

[0064] Step 204: Determine the latent space interpolation influence factor based on the interpolation coefficients used for interpolation adjustment.

[0065] In some embodiments, when determining the latent space interpolation influence factor, the total number of iterations of the generative adversarial network (GAN) training can be determined first, and the interpolation coefficients used for interpolation adjustment can be determined based on the total number of iterations. Then, a noise vector of the generator of the GAN is randomly generated. The interpolation vector is determined based on the interpolation coefficients and the noise vector. A normal distribution with a mean of 0 and a variance equal to the interpolation vector is determined based on the interpolation vector. Finally, the preset latent space interpolation influence factor is determined based on the normal distribution.

[0066] Specifically, the total number of iterations for training the generative adversarial network can be determined, for example, 1000, and the interpolation coefficients used for interpolation adjustments can be determined based on this total number of iterations. These interpolation coefficients can be dynamically adjusted according to the training progress. For example, in the early stages of training, smaller interpolation coefficients can be set, and as training progresses, the interpolation coefficients can be gradually increased to explore a wider range of data distributions.

[0067] Optionally, the interpolation coefficients can be set based on the current number of training rounds and the total number of training rounds, and a preset amplification factor can be introduced, such as 2 to adjust the growth rate of the interpolation coefficients.

[0068] In some embodiments, the randomly generated noise vector may be a noise vector that follows a preset distribution, such as a vector of a standard normal distribution, and may be used as a candidate vector in the latent space.

[0069] In some embodiments, the interpolation vector can be obtained by interpolating at least two noise vectors based on interpolation coefficients, thereby making the interpolation vector characterize the interpolation result in the latent space from one noise vector to another.

[0070] Step 206: Update the generator input based on the gradient, the first learning rate, and the latent space interpolation influence factor.

[0071] In some embodiments, after preparing the first learning rate and latent space interpolation influence factor, the generator input is updated. Specifically, this may include: generating synthetic training samples based on the current generator input, and having the discriminator calculate the discriminator loss function; calculating the gradient of the discriminator loss function with respect to the generator input; updating the generator input based on the gradient under the control of the first learning rate, and interpolating the generator input by fusing the latent space interpolation influence factor, thereby obtaining the updated generator input, which is used to generate synthetic training samples in subsequent rounds and continue adversarial training.

[0072] Optionally, considering the nonlinear characteristics of the discriminator function, the gradient can be calculated using the difference method. Specifically, the gradient of the discriminator loss function with respect to the generator input can be calculated using a higher-order difference formula, and a small perturbation value ε, such as 0.001, can be introduced to improve the effectiveness and stability of the gradient estimation.

[0073] Optionally, considering that effective discriminative features of network intrusion data often exhibit sparse characteristics with a few key features activated and the remaining features weakly correlated, and that generative adversarial networks (GANs) are prone to feature redundancy or distribution shifts when lacking constraints, leading to inauthentic, unusable, or even training noise problems in synthesized samples, some embodiments may include a sparsity loss function to avoid this issue. This sparsity loss is constructed through variational sparse matrix decomposition and includes a sparsity regularization term and a distribution constraint term. The sparsity regularization term constrains the sparsity of the synthesized training samples output by the generator of the GAN in the feature dimension, while the distribution constraint term makes the feature distribution of the generator output approximate the feature distribution of the real training samples. This allows for the suppression of invalid feature noise and feature collapse while maintaining sufficient discriminative power in the synthesized training samples, and reduces the risk of the generated distribution deviating from the real distribution. This improves the authenticity and usability of the synthesized training samples, enhances the representativeness of the expanded training sample set, and further strengthens the training stability and generalization ability of the network risk detection model, reducing the probability of false positives and false negatives.

[0074] Specifically, generator Not only can it learn the data distribution, but it can also enhance the representation of the data by using a sparse coding layer in the form of a variational autoencoder. This makes the generated data more robust at the feature level and can cover rare features that are not fully expressed in the original data, thereby improving the generalization ability of the entire model.

[0075] The training process of Generative Adversarial Networks (GANs) is described in detail below with examples. The specific steps involved in training a GAN include: (1) Initialize the generator of the generative adversarial network and discriminator The parameters.

[0076] In one embodiment, the generator can use random noise. Generate initial data samples. Initialize the generator for the generative adversarial network. and discriminator When initializing the parameters, a standard normal distribution method can be used, which can be specifically expressed as:

[0077]

[0078] in, These are the weight parameters of the generator; These are the weight parameters of the discriminator.

[0079] (2) During adversarial training, the generator and discriminator can be trained alternately. Discriminator The goal is to maximize the ability to distinguish between real and generated data, and its loss function can be expressed as:

[0080] in, The discriminator loss function; Representing the One real data sample; The input noise of the generator; The number of samples; and These represent functions for the discriminator and the generator, respectively.

[0081] Furthermore, generator The goal is to generate data that is as confusing as possible to the discriminator, and its loss function can be expressed as follows:

[0082] in, Represents the generator loss function; This indicates sparsity loss.

[0083] (3) Variational sparse matrix factorization is used in the generator to enhance the representational power of the generated data. The parameters of the encoding layer are adjusted by optimizing the relevant sparse loss function, so that the generated data samples maintain sparsity in the feature space, thereby enhancing the model's ability to capture subtle features. The calculation method of sparsity loss can be expressed as:

[0084] in, and They represent sparse regularization terms respectively. and distribution constraint terms Weighting coefficients; For the generator Layer weights; Representing the latent variables in a variational autoencoder posterior distribution With prior distribution The KL divergence between them. Optionally, It can be set to 0.3. It can be set to 0.7.

[0085] (4) A reverse robust optimization strategy is adopted, which adjusts the generated samples in an adversarial manner to make them more realistic and aggressive when simulating network attack data, so as to better train the subsequent network intrusion risk detection model. The adjustment method can be expressed as:

[0086] in, The first learning rate; and These are the generator inputs before and after the update, respectively; For discriminator loss about The gradient; This is the latent space interpolation influence factor. Optional. It can be set to 0.01.

[0087] Furthermore, gradient The calculation method can be expressed as:

[0088] in, It can be calculated using the difference method, for example, considering The nonlinear characteristics of [the property] can be calculated using higher-order difference formulas. The specific calculation formula can be expressed as:

[0089] in, It is a small perturbation value. Optional. It can be set to 0.001.

[0090] Optional, to ensure the generator In some embodiments, the effectiveness and diversity of network intrusion data generation can be improved by using latent space interpolation influence factors on the generator. Optimize the effectiveness and diversity of generated network intrusion data to improve the coverage and quality of generated data, especially for complex attack patterns that are difficult to simulate in network security data.

[0091] In one embodiment, the latent space interpolation influence factor is obtained through the input of the generator. Dynamic interpolation is performed to increase the diversity of generated samples and cover unexplored data regions. Specifically, a latent space vector is defined. and Representing two randomly generated noise vectors and an interpolation vector, respectively. The calculation method is expressed as follows:

[0092] in, These are interpolation coefficients, which can be dynamically adjusted according to the training progress. For example, they are usually smaller in the early stages of training and gradually increase as training progresses to explore a wider data distribution.

[0093] Optional, interpolation coefficients It can be adjusted as follows:

[0094] in, This is the current training round number. It is the total number of training rounds. It is a preset amplification factor used for adjustment. The growth rate. Optional, It can be set to 2.

[0095] Furthermore, the values ​​of the latent space interpolation influence factor follow the following distribution:

[0096] in, Indicates the latent space interpolation influence factor; This represents a vector with a mean of 0 and a variance that is an interpolation vector. It follows a normal distribution.

[0097] (5) After each round of training, evaluate the quality and diversity of the generated data, and adjust the parameters of the generator and discriminator based on the evaluation results. The specific adjustment method is as follows:

[0098]

[0099] in, The second learning rate; and These are the values ​​of the generator parameters before and after the update, respectively. and These are the values ​​of the discriminator parameters before and after the update, respectively. Optional, It can be set to 0.01.

[0100] (6) Repeat the above steps until a preset stopping iteration condition is met, indicating that the model training is complete. For example, in one embodiment, the preset stopping iteration condition may be that the number of iterations reaches a preset maximum number of iterations. Optionally, the preset maximum number of iterations may be set to 1000.

[0101] Secondly, considering that network intrusion risk detection tasks typically require a large amount of effective training data for feature extraction, analysis, and learning, traditional centralized training methods often face the problem of data resource silos, making it difficult to effectively aggregate cross-domain data. Furthermore, centralized methods are prone to data privacy leaks. To avoid this problem, in some embodiments, a federated learning framework can be used to train the network risk detection model. Specifically, for each round of iterative training, the following training operations can be performed until the maximum number of iterations reaches a first preset threshold or the network risk detection model meets a first preset convergence condition, at which point the iterative training operation is terminated: (1) Using multiple participating nodes, local network risk detection models are trained based on the local expanded training sample sets of each participating node to obtain local model parameters; the network structure of the local network risk detection models of each participating node is the same.

[0102] Optionally, the central server can distribute a unified network structure definition to each participating node at the start of training, such as the number of layers, the parameter dimensions of each layer, and the activation function. Each participating node can then build a local network risk detection model based on this definition, ensuring that the local model parameters of each participating node are strictly consistent in terms of dimension and semantics, thereby meeting the feasibility requirement of subsequently aggregating and generating global model parameters.

[0103] Optionally, each participating node can perform several steps / epochs of training locally using an expanded training sample set as input, calculate the training loss, and update the parameters of the local network risk detection model.

[0104] After completing this round of local training, each participating node will use the obtained local model parameters, or equivalent parameter increments, as the output of this round and proceed to the upload step.

[0105] The method provided in this application embodiment allows participating nodes to train locally using an expanded training sample set, enabling each node to fully utilize its local data resources for learning. Furthermore, since the model structures of the local network risk detection models of each participating node are consistent, the parameter dimensions can be aligned during aggregation, thereby ensuring the correctness of the aggregation calculation and improving the effectiveness of the global model parameters.

[0106] Meanwhile, since training takes place locally, participating nodes do not need to share local training data, thus reducing the security and compliance risks associated with data leakage.

[0107] (2) Upload the local model parameters obtained from training each participating node to the central server.

[0108] In some embodiments, each participating node can upload local model parameters to the central server via a secure communication link, such as a TLS encrypted channel; wherein the uploaded content can be complete local model parameters or differential update amounts relative to the previous round of global model parameters.

[0109] In this way, because local model parameters are uploaded instead of raw data, the transmitted content is smaller and less sensitive compared to centralized aggregation of raw data, thus reducing the data leakage surface. Furthermore, the multi-node learning contributions generated through parameter uploads provide a basis for the central server to aggregate and generate global model parameters, enabling the global model to incorporate the statistical features of multiple participating nodes.

[0110] (3) In the central server, all uploaded local model parameters are aggregated to generate global model parameters.

[0111] In some embodiments, after receiving local model parameters uploaded by multiple participating nodes, the central server can aggregate all uploaded local model parameters to generate global model parameters.

[0112] Optionally, a federated averaging algorithm can be used when aggregating all uploaded local model parameters. The federated averaging algorithm can weight the local model parameters according to the number of samples from each participating node to form new global model parameters.

[0113] (4) Distribute the global model parameters to each participating node to update the local network risk detection model of each participating node.

[0114] In some embodiments, the central server can distribute the generated global model parameters to each participating node to update the local network risk detection model of each participating node. After receiving the global model parameters, each participating node can update its local network risk detection model by parameter replacement or parameter fusion, such as by fusing the parameters from the previous round according to a preset ratio, so that each participating node uses the same global model parameters as the starting point for the next round of iterative training.

[0115] (5) When the iterative training operation is terminated, the final global model parameters are used as the parameters of the trained network risk detection model, thus obtaining the trained network risk detection model.

[0116] In some embodiments, when the maximum number of iterations reaches a first preset threshold or the network risk detection model meets a first preset convergence condition, the iterative training operation can be terminated, and the final global model parameters can be used as parameters of the trained network risk detection model for subsequent network risk detection inference.

[0117] In summary, the distributed federated learning model training architecture, through joint training by multiple participating nodes, ensures that each node processes data and trains the model locally, uploading only local model parameters rather than raw data. This effectively avoids the privacy risks associated with data sharing. This architecture not only breaks down data silos, aggregating more effective data for training, but also effectively guarantees data security by using data and training the model locally. Consequently, the accuracy and generalization ability of the overall network risk detection model are improved, while significantly reducing the risk of data privacy breaches.

[0118] like Figure 3 As shown below, the implementation steps for obtaining a trained network risk detection model through a federated learning framework are explained in detail with examples.

[0119] like Figure 3 As shown, in the distributed federated learning model training architecture, each participating node (i.e., ...) in each iteration Figure 3 Nodes 1, 2, 3, etc., train local network risk detection models and upload the trained local model parameters to the central server. The central server aggregates and updates the local model parameters and distributes the updated parameters to each participating node to begin a new round of iteration until training converges or... Figure 3 The number of iterations shown has reached the preset number of iterations.

[0120] Optionally, in the distributed federated learning model training architecture, a federated averaging algorithm can be used as the aggregation algorithm for the local network risk detection model. The federated averaging algorithm achieves collaborative training of the local models through multiple global iterations. Specifically, for each global iteration, the number of participating nodes can be set to... The total number of samples possessed is And the first The number of samples in each participating node is The objective function of federated learning is defined as:

[0121]

[0122] in, The objective function for federated learning is... For model parameters, For model parameters For the Loss prediction for individual sample data For training loss, For the first Sample characteristics of each sample data No. Labels for each sample data point. Optional, training loss. The cross-entropy loss function is used for calculation.

[0123] Furthermore, for the first For a participating node, the objective function of that participating node can be defined as:

[0124] in, For the first The number of samples per participating node For the first The objective function of each participating node For the first Data distribution of participating nodes.

[0125] In one embodiment, with the first During the nth iteration, the 1st Taking the parameter update method of the participating node as an example, let the first node be... The gradient of the parameters of each participating node is Then in the first The way the model updates parameters in the next iteration is represented as follows:

[0126] in, For the first Model parameters for the next iteration For the first Model parameters for the next iteration The learning rate is updated for the current parameters. For the first The number of samples per participating node.

[0127] Furthermore, the parameter update method of the global model of the central server can be represented as follows:

[0128] in, For the first The parameters of the global model of the central server in the next iteration.

[0129] Furthermore, repeating this iterative operation signifies that the training of the global model on the central server and the models on each participating node is complete.

[0130] In one embodiment, the preset stopping iteration condition can be set to reaching a preset maximum number of iterations, for example, the preset maximum number of iterations can be set to 5000.

[0131] In one optional implementation, the network risk detection model includes at least a feature extraction network, which is a six-layer fully connected neural network, comprising an input layer, four hidden layers, and an output layer. The input layer is used to receive and transmit sample data from the expanded training sample set; The first hidden layer has 128 neurons, which are used to perform preliminary nonlinear mapping on the input sample data and generate low-level feature vectors representing the sample data. The second hidden layer has 256 neurons, which are used to perform feature cross and combination operations on the low-level feature vectors to generate the intermediate-level feature vectors. The third hidden layer has 512 neurons, which are used to perform high-level semantic abstraction on the intermediate feature vectors to generate high-level feature vectors that represent the complete semantics of the attack behavior. The fourth hidden layer has 1024 neurons and is used to perform discriminative feature filtering and dimensionality optimization on high-level feature vectors to generate compact feature representations that focus on distinguishing network intrusion risk levels. The output layer has the same number of neurons as the third hidden layer, and is used to represent network intrusion risk detection results based on compact feature representations of the output sample data.

[0132] Furthermore, considering the high dimensionality, complex distribution, and continuously evolving attack patterns of input data in network intrusion risk detection tasks, feature extraction networks are prone to problems such as gradient vanishing or exploding, parameter update oscillations, and getting stuck in local optima during training. This may lead to slow training convergence speed, unstable convergence, and affect the discriminative and generalization capabilities of the output layer feature representation.

[0133] To avoid the aforementioned problems, in some embodiments, an exploratory gradient descent strategy can be used to update the parameters of the feature extraction network of the network risk detection model. Specifically, firstly, the weight parameters and bias parameters of the feature extraction network can be initialized; the input data is processed through each layer of the feature extraction network, with each layer performing linear transformations and nonlinear activation function processing to obtain the feature representation of the output layer; before each parameter update, the gradient change trend is predicted based on historical gradient data, and the step size and direction of the gradient update are dynamically adjusted according to the predicted gradient change trend; the exploratory gradient update amount is calculated, which is determined based on the current gradient, the exploration intensity coefficient, and the gradient prediction function; the weight parameters and bias parameters of the feature extraction network are updated according to the exploratory gradient update amount; the parameter update operation is terminated when the maximum number of parameter updates reaches a second preset threshold or the feature extraction network meets a second preset convergence condition.

[0134] In this way, forward exploration and trend correction can be introduced while ensuring the effectiveness of the update direction, reducing invalid oscillations in gradient updates and lowering the probability of getting trapped in local optima, thereby improving the training convergence speed and stability, obtaining better parameter solutions, and thus improving the discriminative and generalization capabilities of the output layer feature representation. Ultimately, this improves the detection accuracy of the network risk detection model for complex / variant attack behaviors and reduces the risk of false positives and false negatives.

[0135] The following section details the implementation steps for updating the parameters of the feature extraction network in a network risk detection model using an exploratory gradient descent strategy, with examples. Figure 4 As shown, the specific steps include the following: (1) Initialize the parameters of the feature extraction network, including the weights and bias parameters of the feature extraction network. In one embodiment, the initialization method can be expressed as follows:

[0136]

[0137] in, Let be the weight matrix of the i-th layer of the feature extraction network; Let be the bias vector of the i-th layer of the feature extraction network; This is the scaling factor for the weights of the feature extraction network. The scaling factor is the bias of the feature extraction network; This represents a normal distribution with a mean of 0 and a standard deviation of 1. For minimal noise. Optional. It is a noise vector with all elements being 0.001.

[0138] (2) The input data is passed through each layer of the feature extraction network. Each layer undergoes linear transformation and nonlinear activation function processing to finally obtain the feature representation of the output layer. The output calculation method for each layer can be expressed as:

[0139] in, The first feature extraction network is represented by the first... Layer activation output; For the feature extraction network Layer output; It is an adaptive ReLU activation function.

[0140] In one embodiment, the input to the adaptive ReLU activation function can be set as follows: Then the adaptive ReLU activation function can be calculated as follows:

[0141] in, and These are the adaptive coefficients for the positive and negative parts, respectively. To find the maximum value function, This is a function to find the minimum value. Optional. It can be set to 0.3. It can be set to 0.7.

[0142] (3) An exploratory gradient descent update strategy is adopted. Before each update of the feature extraction network parameters, possible gradient changes are predicted, and the step size and direction of gradient updates are adjusted according to the prediction results to optimize parameter adjustment during training and avoid getting trapped in local optima too early. The specific calculation method can be expressed as follows:

[0143]

[0144] in, and These are the first and second steps of the feature extraction network. Layer weights and the first The amount of layer bias update; It is the learning rate of the feature extraction network; For the loss function with respect to the parameters The gradient; For the loss function with respect to the parameters The gradient; The loss function for the feature extraction network; It is to explore the intensity coefficient; It is the gradient prediction function. Optional. It can be set to 0.03. Cross-entropy loss can be used.

[0145] In one embodiment, the exploratory gradient prediction function can utilize historical gradient data for linear regression prediction, and the specific calculation method can be expressed as follows:

[0146] in, Indicates the first The loss function of the next iteration with respect to the parameters The gradient; It is the attenuation factor; To explore the strength coefficient; This represents the total number of iterations. Optional. It can be set to 0.98. It can be set to 2.

[0147] Furthermore, the weights and bias parameters of the feature extraction network can be updated using backpropagation of errors.

[0148] (4) Repeat the above steps until the preset stopping iteration condition is met, which means that the model training is complete. In one embodiment, the preset stopping iteration condition is reaching the preset maximum number of iterations. Optionally, the preset maximum number of iterations can be set to 1000.

[0149] Optionally, the local model can use a classifier model for decision-making, where the classifier model can be a random forest, support vector machine, or gradient boosting tree algorithm. The classifier model accepts the feature vectors after feature extraction and performs classification.

[0150] The method provided in this application generates synthetic training samples based on generative adversarial networks (GANs). During adversarial training, the gradient of the discriminator loss with respect to the generator input is calculated, and the generator input is updated and interpolated using latent space interpolation influencing factors. This guides the generator to explore more fully and purposefully in the latent space and generate attack / abnormal behavior samples that are closer to the real distribution and more diverse. This expands the training sample set without significantly increasing the cost of collecting real attack samples and manual annotation, alleviates the problems of attack sample scarcity and class imbalance, and enables the network risk detection model to learn richer attack behavior patterns and fine-grained variation features during the training phase. This improves the detection accuracy and generalization ability of unknown / variant attacks and cross-scenario migration, reduces false negatives and false positives, and improves the accuracy and reliability of network intrusion risk detection methods.

[0151] To address the problems in existing technologies where the scarcity and lack of diversity of network intrusion attack samples lead to insufficient training of detection models, weak generalization ability, and low accuracy in identifying unknown and complex attack patterns, this application provides a network intrusion risk detection device. A schematic diagram of the specific structure of this device is shown below. Figure 5 As shown, it includes an acquisition module 51 and a detection module 52. The functions of each module are as follows: Acquisition module 51 is used to acquire network communication data to be detected; Detection module 52 is used to input network communication data into the trained network risk detection model to obtain network risk detection results; The network risk detection model is trained using an expanded training sample set, which includes real training samples and synthetic training samples. Synthetic training samples are generated by a generative adversarial network (GAN), which is trained adversarially against the discriminator loss function and the generator loss function. During adversarial training, the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is calculated, and the generator input is updated based on the gradient and the latent space interpolation influence factor. The latent space interpolation influence factor is used to interpolate and adjust the generator input in the latent space.

[0152] Optionally, the generator loss function includes a sparsity loss, which is constructed through variational sparse matrix decomposition and includes a sparse regularization term and a distribution constraint term. Among them, the sparse regularization term is used to constrain the sparsity of the synthetic training samples output by the generator of the generative adversarial network in the feature dimension, and the distribution constraint term is used to make the feature distribution of the generator output approximate the feature distribution of the real training samples.

[0153] Optionally, the network intrusion risk detection device also includes an update module, which includes: The learning rate determination unit is used to determine the first learning rate, which controls the gradient-based update step size of the generator input. The interpolation impact factor determination unit is used to determine the latent space interpolation impact factor based on the interpolation coefficients used for interpolation adjustment. The update unit is used to update the generator input based on the gradient, the first learning rate, and the latent space interpolation influence factor.

[0154] Optionally, the interpolation influence factor determination unit is used for: Determine the total number of iterations for training the generative adversarial network, and determine the interpolation coefficients used for interpolation adjustment based on the total number of iterations. Randomly generate noise vectors for the generator of a generative adversarial network; The interpolation vector is determined based on the interpolation coefficients and the noise vector; Determine a normal distribution with a mean of 0 and a variance equal to the interpolation vector based on the interpolation vector; The preset latent space interpolation influence factor is determined based on the normal distribution.

[0155] Optionally, the trained network risk detection model is obtained through a federated learning framework; the network intrusion risk detection device also includes a training module. This training module is used for: For each round of iterative training, perform the following training operations until the maximum number of iterations reaches a first preset threshold or the network risk detection model meets a first preset convergence condition, at which point the iterative training operation is terminated: Using multiple participating nodes, a local network risk detection model is trained based on the local expanded training sample set of each participating node to obtain local model parameters; the network structure of the local network risk detection models of each participating node is the same. Upload the local model parameters obtained from training at each participating node to the central server; In the central server, all uploaded local model parameters are aggregated to generate global model parameters; The global model parameters are distributed to each participating node to update the local network risk detection model of each participating node; When the iterative training operation is terminated, the final global model parameters are used as the parameters of the trained network risk detection model.

[0156] Optionally, the network risk detection model includes at least a feature extraction network, which is a six-layer fully connected neural network, including an input layer, four hidden layers, and an output layer. The input layer is used to receive and transmit sample data from the expanded training sample set; The first hidden layer has 128 neurons, which are used to perform preliminary nonlinear mapping on the input sample data and generate low-level feature vectors representing the sample data. The second hidden layer has 256 neurons, which are used to perform feature cross and combination operations on the low-level feature vectors to generate the intermediate-level feature vectors. The third hidden layer has 512 neurons, which are used to perform high-level semantic abstraction on the intermediate feature vectors to generate high-level feature vectors that represent the complete semantics of the attack behavior. The fourth hidden layer has 1024 neurons and is used to perform discriminative feature filtering and dimensionality optimization on high-level feature vectors to generate compact feature representations that focus on distinguishing network intrusion risk levels. The output layer has the same number of neurons as the third hidden layer, and is used to represent network intrusion risk detection results based on compact feature representations of the output sample data.

[0157] Optionally, the network intrusion risk detection device further includes a feature extraction network training module, which is used for: Initialize the weight and bias parameters of the feature extraction network; The input data is processed by each layer of the feature extraction network. Each layer performs linear transformation and nonlinear activation function processing to obtain the feature representation of the output layer. Before each parameter update, the gradient change trend is predicted based on historical gradient data, and the step size and direction of the gradient update are dynamically adjusted according to the predicted gradient change trend. Calculate the exploratory gradient update amount, which is determined based on the current gradient, the exploration intensity coefficient, and the gradient prediction function; The weight and bias parameters of the feature extraction network are updated based on the exploratory gradient update amount. The parameter update operation is terminated when the maximum number of parameter updates reaches the second preset threshold or the feature extraction network meets the second preset convergence condition.

[0158] The apparatus provided in this application generates synthetic training samples based on a generative adversarial network. During adversarial training, it calculates the gradient of the discriminator loss with respect to the generator input and updates and adjusts the generator input by combining latent space interpolation influence factors. This guides the generator to explore more fully and purposefully in the latent space and generate attack / abnormal behavior samples that are closer to the real distribution and more diverse. This expands the training sample set without significantly increasing the cost of collecting real attack samples and manual annotation, alleviates the problems of attack sample scarcity and class imbalance, and enables the network risk detection model to learn richer attack behavior patterns and fine-grained variation features during the training phase. This improves the detection accuracy and generalization ability of unknown / variant attacks and cross-scenario migration, reduces false negatives and false positives, and improves the accuracy and reliability of network intrusion risk detection methods.

[0159] Figure 6 To illustrate the hardware structure of an electronic device according to various embodiments of this application, the electronic device may include a processor 601 and a memory 602 storing computer program instructions. Specifically, the processor 601 may include a central processing unit (CPU), an application-specific integrated circuit (ASIC), or one or more integrated circuits configured to implement embodiments of this application.

[0160] Memory 602 may include mass storage for data or instructions. For example, and not limitingly, memory 602 may include a hard disk drive (HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or Universal Serial Bus (USB) drive, or a combination of two or more of these. Where appropriate, memory 602 may include removable or non-removable (or fixed) media. Where appropriate, memory 602 may be internal or external to an electronic device. In a particular embodiment, memory 602 may be a non-volatile solid-state memory.

[0161] In one embodiment, memory 602 may be read-only memory (ROM). In one embodiment, the ROM may be a mask-programmed ROM, a programmable ROM (PROM), an erasable PROM (EPROM), an electrically erasable PROM (EEPROM), an electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.

[0162] The processor 601 reads and executes computer program instructions stored in the memory 602 to implement any of the network intrusion risk detection methods in the above embodiments.

[0163] In one example, the electronic device may also include a communication interface 603 and a bus 610. For example, Figure 6 As shown, the processor 601, memory 602, and communication interface 603 are connected through bus 610 and complete communication with each other.

[0164] The communication interface 603 is mainly used to realize communication between various modules, devices, units and / or equipment in the embodiments of this application.

[0165] Bus 610 includes hardware, software, or both, that couples components of an electronic device together. For example, and not limitingly, the bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an Infinite Bandwidth Interconnect, a Low Pin Count (LPC) bus, a memory bus, a Microchannel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a Video Electronics Standards Association Local (VLB) bus, or other suitable buses, or combinations of two or more of these. Where appropriate, bus 610 may include one or more buses. Although specific buses are described and illustrated in embodiments of this application, this application contemplates any suitable bus or interconnect.

[0166] Furthermore, in conjunction with the network intrusion risk detection methods in the above embodiments, this application embodiment can provide a computer-readable storage medium for implementation. This computer-readable storage medium stores computer program instructions; when these computer program instructions are executed by a processor, they implement any of the network intrusion risk detection methods in the above embodiments.

[0167] It should be clarified that this application is not limited to the specific configurations and processes described above and shown in the figures. For the sake of brevity, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of this application is not limited to the specific steps described and shown. Those skilled in the art can make various changes, modifications, and additions, or change the order of steps, after understanding the spirit of this application.

[0168] The above description is merely a specific implementation example of this application. Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, modules, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0169] Secondly, those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0170] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0171] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0172] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0173] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0174] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0175] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0176] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0177] The above description is merely an embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principle of this application should be included within the scope of the claims of this application.

Claims

1. A method for detecting network intrusion risks, characterized in that, include: Acquire the network communication data to be detected; The network communication data is input into the trained network risk detection model to obtain the network risk detection result. The network risk detection model is trained by an expanded training sample set, which includes real training samples and synthetic training samples. The synthetic training samples are generated by a generative adversarial network, which is trained adversarially using a discriminator loss function and a generator loss function. During adversarial training, the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is calculated, and the generator input is updated according to the gradient and the latent space interpolation influence factor, which is used to interpolate and adjust the generator input in the latent space.

2. The method as described in claim 1, characterized in that, The generator loss function includes a sparsity loss, which is constructed through variational sparse matrix decomposition and includes a sparse regularization term and a distribution constraint term. The sparse regularization term is used to constrain the sparsity of the synthetic training samples output by the generator of the generative adversarial network in the feature dimension, and the distribution constraint term is used to make the feature distribution output by the generator approximate the feature distribution of the real training samples.

3. The method as described in claim 1, characterized in that, The step of updating the generator input based on the gradient and the latent space interpolation influence factor includes: A first learning rate is determined, which is used to control the update step size of the generator input based on the gradient; The latent space interpolation influence factor is determined based on the interpolation coefficients used for interpolation adjustment; The generator input is updated based on the gradient, the first learning rate, and the latent space interpolation influence factor.

4. The method as described in claim 3, characterized in that, Determining the latent space interpolation influence factor based on the interpolation coefficients used for interpolation adjustment includes: The total number of iterations for training the generative adversarial network is determined, and the interpolation coefficients used for interpolation adjustment are determined based on the total number of iterations. Randomly generate the noise vector of the generator in the generative adversarial network; The interpolation vector is determined based on the interpolation coefficients and the noise vector; Based on the interpolation vector, a normal distribution with a mean of 0 and a variance equal to the interpolation vector is determined; The preset latent space interpolation influence factor is determined based on the normal distribution.

5. The method as described in claim 1, characterized in that, The trained network risk detection model is obtained through a federated learning framework; wherein, the training process of the network risk detection model includes: For each round of iterative training, the following training operations are performed until the maximum number of iterations reaches a first preset threshold or the network risk detection model meets a first preset convergence condition, at which point the iterative training operation is terminated: Using multiple participating nodes, a local network risk detection model is trained based on the expanded training sample set of each participating node to obtain local model parameters; the network structure of the local network risk detection models of each participating node is the same. The local model parameters obtained from training at each participating node are uploaded to the central server. In the central server, all uploaded local model parameters are aggregated to generate global model parameters; The global model parameters are distributed to each participating node to update the local network risk detection model of each participating node. When the iterative training operation is terminated, the final global model parameters are used as the parameters of the trained network risk detection model.

6. The method as described in claim 1, characterized in that, The network risk detection model includes at least a feature extraction network, which is a six-layer fully connected neural network, comprising an input layer, four hidden layers, and an output layer. The input layer is used to receive and transmit sample data from the expanded training sample set; The first hidden layer has 128 neurons, which are used to perform preliminary nonlinear mapping on the input sample data to generate a low-level feature vector representing the sample data. The second hidden layer has 256 neurons, which are used to perform feature crossover and combination operations on the low-level feature vectors to generate intermediate-level feature vectors; The third hidden layer has 512 neurons, which are used to perform high-level semantic abstraction on the intermediate feature vector to generate a high-level feature vector that represents the semantics of the complete attack behavior. The fourth hidden layer has 1024 neurons, which are used to perform discriminative feature filtering and dimensionality optimization on the high-level feature vector to generate a compact feature representation that focuses on distinguishing network intrusion risk levels. The output layer has the same number of neurons as the third hidden layer, and is used to output the network intrusion risk detection result of the sample data based on the compact feature representation.

7. The method as described in claim 1 or 6, characterized in that, The feature extraction network of the network risk detection model uses an exploratory gradient descent strategy for parameter updates. The parameter update using an exploratory gradient descent strategy includes: Initialize the weight parameters and bias parameters of the feature extraction network; The input data is processed through each layer of the feature extraction network. Each layer performs linear transformation and nonlinear activation function processing to obtain the feature representation of the output layer. Before each parameter update, the gradient change trend is predicted based on historical gradient data, and the step size and direction of the gradient update are dynamically adjusted according to the predicted gradient change trend. Calculate the exploratory gradient update amount, which is determined based on the current gradient, the exploration intensity coefficient, and the gradient prediction function; The weight parameters and bias parameters of the feature extraction network are updated according to the exploratory gradient update amount; The parameter update operation is terminated when the maximum number of parameter updates reaches the second preset threshold or when the feature extraction network meets the second preset convergence condition.

8. A network intrusion risk detection device, characterized in that, It includes an acquisition module and a detection module, wherein: The acquisition module is used to acquire the network communication data to be detected. The detection module is used to input the network communication data into the trained network risk detection model to obtain network risk detection results; The network risk detection model is trained by an expanded training sample set, which includes real training samples and synthetic training samples. The synthetic training samples are generated by a generative adversarial network, which is trained adversarially using a discriminator loss function and a generator loss function. During adversarial training, the gradient of the discriminator loss function with respect to the generator input of the generative adversarial network is calculated, and the generator input is updated according to the gradient and the latent space interpolation influence factor, which is used to interpolate and adjust the generator input in the latent space.

9. An electronic device, characterized in that, include: A memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps of the network intrusion risk detection method as described in any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the steps of the network intrusion risk detection method as described in any one of claims 1 to 7.

11. A computer program product, characterized in that, It includes a computer program that, when executed by a processor, implements the network intrusion risk detection method according to any one of claims 1 to 7.