A few-shot malicious traffic detection method based on variational self-adaptive graph attention network

By collaboratively designing SE attention residual network, conditional variational gating mechanism and adaptive graph attention network, the problems of insufficient feature extraction and unknown attack detection in few-sample malicious traffic detection are solved, and efficient recognition of known categories and isolation of unknown categories are achieved.

CN122268671APending Publication Date: 2026-06-23GUILIN UNIV OF ELECTRONIC TECH +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUILIN UNIV OF ELECTRONIC TECH
Filing Date
2026-05-13
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing methods for detecting malicious traffic with few samples suffer from insufficient discriminative features, lack of category condition modeling, fixed graph structures, and inability to detect unknown attack categories, making them difficult to meet the needs of practical network security protection.

Method used

By employing a collaborative design of SE attention residual network, conditional variational gating mechanism, adaptive graph attention network and OOD anomaly detection, we achieve accurate identification of known categories and isolation of unknown categories through session segmentation and grayscale image construction, multi-scale feature extraction, dynamic graph construction and open set detection.

Benefits of technology

It improves the discriminativeness and robustness of feature extraction under conditions with few samples, enhances inter-class separability, adapts to different sample distributions, has open set recognition capabilities, and achieves effective isolation of unknown attack categories.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122268671A_ABST
    Figure CN122268671A_ABST
Patent Text Reader

Abstract

The present application relates to the field of network security and few-shot malicious traffic detection, and proposes a detection method based on variational adaptive graph attention network. The method divides PCAP traffic according to sessions and converts it into fixed-size grayscale images, and constructs an end-to-end model composed of SE attention residual network, conditional variational gating mechanism and adaptive graph attention network. In the feature extraction stage, multi-scale feature extraction is performed through the SE attention residual network; in the feature enhancement stage, the conditional variational autoencoder generates category conditional features, which are adaptively fused with the original features through the gating coefficient; in the graph reasoning stage, the K nearest neighbor algorithm accelerated by KD tree is used to dynamically construct the adjacency graph, and the multi-head graph attention mechanism is used for relationship reasoning; in the detection stage, the known categories are identified through the Softmax classifier, and the unknown categories are isolated based on the OOD anomaly score, realizing open set detection. The present application can improve the accuracy of malicious traffic detection under few-shot conditions, and has the ability of open set detection of unknown attacks.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of network security, malicious traffic detection, few-shot learning, and graph neural network technology, specifically a few-shot malicious traffic detection method based on variational adaptive graph attention network. Background Technology

[0002] As cyberattack methods continue to evolve, real-world network traffic is increasingly exhibiting a long-tail distribution. A relatively abundant number of samples exist for a few high-frequency attacks or normal traffic, while some high-risk, novel, or low-frequency attacks only appear briefly in localized scenarios, resulting in a limited number of labeled samples available for training. If such imbalanced data is directly used to train detection models, the models are prone to bias towards the majority class, leading to a significant decrease in detection performance for a few attack categories, making it difficult to meet actual network security protection needs.

[0003] Existing methods for detecting malicious traffic with few samples typically employ traditional oversampling, simple perturbations, or conventional deep learning classifiers. While these methods can alleviate class imbalance to some extent, they still have the following shortcomings under few-sample conditions: First, traditional methods cannot effectively address the sparsity of the feature space, resulting in ambiguous decision boundaries; second, existing graph neural network methods lack explicit modeling of class conditional information, and their fixed graph construction methods make it difficult to adapt to different sample distributions; third, existing methods generally lack the ability to detect open sets of unknown attack categories, making it impossible to isolate novel unknown attacks in practical deployments. Summary of the Invention

[0004] The purpose of this invention is to provide a few-shot malicious traffic detection method based on variational adaptive graph attention networks, aiming to solve the problems of insufficient discriminative power in feature extraction under few-shot conditions, lack of category conditional modeling, fixed graph structure, and inability to detect unknown attack categories. This invention achieves a unified framework for accurate identification of known categories and effective isolation of unknown categories under few-shot conditions through the collaborative design of SE attention residual networks, conditional variational gating mechanisms, adaptive graph attention networks, and OOD anomaly detection.

[0005] This invention is achieved through the following technical solution:

[0006] Step 1: Perform session segmentation and grayscale image construction on the raw PCAP network traffic. Aggregate data packets based on the five-tuple consisting of source IP, destination IP, source port, destination port, and protocol, and determine session boundaries based on connection idle time; extract data packet bytes within the same session in chronological order and concatenate them into a session byte stream; truncate or pad the session byte stream to a fixed length. Reordered in row-major order OK The two-dimensional matrix of columns is used, and the byte values ​​from 0 to 255 are directly mapped to grayscale intensity to obtain single-channel grayscale image samples, forming a real training dataset with category labels.

[0007] Step 2: Construct an attention-based residual feature extraction network. This network embeds an SE channel attention module into the residual convolutional block to extract multi-scale features from grayscale samples. The SE module obtains channel descriptors through global average pooling, and then obtains channel attention weights through two fully connected layers and Sigmoid activation. After channel weighting of the feature map, it is added to the input through a residual connection to output a high-dimensional feature vector.

[0008] Step 3: Construct the Conditional Variational Gating Mechanism CVAE-Gate. This mechanism includes a Conditional Variational Autoencoder and a gated fusion unit. The Conditional Variational Autoencoder uses the class label as a condition; the encoder concatenates the feature vector with the class label and outputs the mean vector through a multilayer perceptron. And the log-variance vector, through reparameterization techniques Latent variables are sampled from the conditional posterior distribution, and the decoder maps these latent variables to class labels to form class-conditional features. The gated fusion unit concatenates the original features and class-conditional features, and then calculates the gating coefficients through linear transformation and sigmoid activation. Gated enhancement features are obtained by weighted fusion based on gating coefficients.

[0009] Step 4: Construct an adaptive graph attention network based on gated enhancement features. Using a KD-tree-accelerated K-nearest neighbor algorithm, an adjacency graph is dynamically constructed for each sample in the feature space. The adjacency matrix dynamically changes with the sample feature distribution. Through a multi-head graph attention mechanism, attention weights are calculated for each pair of adjacent nodes in the adjacency graph, and neighbor features are aggregated. After multi-head output fusion, a graph-level representation vector is obtained through graph-level mean pooling readout.

[0010] Step 5: Construct a few-sample open-set malicious traffic detection mechanism. Known traffic categories are identified using a Softmax classifier, while unknown traffic categories are isolated based on an OOD score calculated using graph-level representation. When the OOD score falls below a preset threshold, the sample is classified as an unknown category and an alarm is triggered. The final detection result includes both the precise classification of known categories and the isolation marker for unknown categories.

[0011] The beneficial effects of this invention are as follows: First, it improves the discriminativeness and robustness of feature extraction under few-sample conditions by using the SE channel attention residual network; second, it enhances inter-class separability and intra-class compactness by injecting class conditional information into the feature level through the conditional variational gating mechanism; third, it adapts to different sample distributions by constructing a K-nearest neighbor dynamic graph accelerated by KD-tree, avoiding the limitations of fixed graph structures; fourth, it improves the generalization ability with few samples by realizing structural relationship reasoning between samples through a multi-head graph attention mechanism; and fifth, it endows the system with open set recognition capability through the OOD anomaly detection mechanism, which can effectively isolate unknown attack categories. Attached Figure Description

[0012] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the following description of the embodiments are briefly described. Obviously, the drawings described below are only some embodiments of the present invention, and those skilled in the art can obtain other drawings based on these drawings without creative effort.

[0013] Figure 1 This is a schematic diagram of the few-sample malicious traffic detection method based on VAGA-Net provided in an embodiment of the present invention;

[0014] Figure 2 This is a schematic diagram of the overall VAGA-Net solution provided in an embodiment of the present invention;

[0015] Figure 3 This is a schematic diagram of the VAGA-Net model architecture provided in an embodiment of the present invention;

[0016] Figure 4 This is a schematic diagram of the conditional variational gating mechanism provided in an embodiment of the present invention;

[0017] Figure 5 This is a schematic diagram of the adaptive graph attention structure provided in an embodiment of the present invention;

[0018] Figure 6 This is a comparison chart of the open set F1 scores of different methods on the UNSW-NB15 dataset according to embodiments of the present invention;

[0019] Figure 7 This is a comparison chart of the open set FPR and FNR of different methods on the UNSW-NB15 dataset in the embodiments of the present invention. Detailed Implementation

[0020] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. The described embodiments are only a part of the embodiments of the present invention, not all of them, and do not constitute a limitation on the scope of protection of the present invention. Other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative effort are all within the scope of protection of the present invention.

[0021] like Figure 1 , Figure 2 , Figure 3 As shown, the few-sample malicious traffic detection method based on VAGA-Net provided in this embodiment includes the following steps:

[0022] Step 1: To construct a standardized input format suitable for graph attention networks, this invention first performs session segmentation and grayscale image construction on the original PCAP network traffic, converting heterogeneous network traffic data into a unified two-dimensional grayscale image representation, laying the data foundation for subsequent feature extraction and graph inference. This module covers four stages: quintuple aggregation, session boundary determination, byte stream truncation and zero padding, and grayscale image rearrangement.

[0023] In this step, the raw network traffic is input using a PCAP file. The system constructs a five-tuple based on the source IP, destination IP, source port, destination port, and protocol, aggregating packets belonging to the same connection into the same candidate session. For connections with long durations or prolonged inactivity, the session boundary is determined based on whether the connection idle time exceeds a preset threshold, and packets that have timed out are assigned to a new session. The payload bytes of packets within the same session are extracted in chronological order and concatenated into a session byte stream.

[0024] When the session byte stream length is greater than At that time, cut off the previous byte; when the session byte stream length is less than When the time comes, pad the end with 0 values. Then, the length is... A one-dimensional byte vector rearranged in row-major order is OK A two-dimensional matrix of columns, where The byte values ​​from 0 to 255 are directly mapped to grayscale intensity to obtain single-channel grayscale image samples. This method preserves the local spatial structure and global distribution characteristics of session bytes, enabling traffic from different protocols and attack types to present distinguishable visual patterns in the grayscale image space.

[0025] Finally, a real training dataset is formed. ,in Indicates the first A sample grayscale image of a conversation. This indicates its corresponding category label. This represents the total number of real training samples. This dataset serves as the foundational input for subsequent attention residual feature extraction, conditional variational gating, and graph attention inference.

[0026] Step 2: To extract discriminative high-dimensional feature representations under limited sample conditions, this invention constructs an attention residual feature extraction network. This network uses residual convolutional blocks as its backbone, embedding an SE channel attention module in each residual block. It enhances the feature channel responses relevant to the current classification task through adaptive channel weighting, while suppressing redundant channel information.

[0027] In this step, input a grayscale image sample. Features are extracted layer by layer through multiple residual convolutional blocks. Each residual block contains two convolutional operations and batch normalization, with an SE channel attention module embedded between the two convolutional layers. The SE module first performs global average pooling on the feature map, compressing each channel into a scalar to obtain a channel descriptor vector. Subsequently, the channel descriptors are sequentially passed through a first fully connected layer and a ReLU activation function for dimensionality reduction, and a second fully connected layer and a Sigmoid activation function for dimensionality increase, resulting in a channel attention weight vector with values ​​ranging from 0 to 1.

[0028] The mathematical expression for attention residual feature extraction is:

[0029]

[0030] in, For the first Input features of layer residual blocks, and The weights of the fully connected layers in the SE module. The residual convolution transform function is... This is a global average pooling operation. The calculation process for the SE attention weights is as follows:

[0031]

[0032] Through the SE attention mechanism, the network can adaptively learn the importance weights of different channels, effectively focusing on the feature channels most relevant to the classification task under limited sample conditions, thereby improving the discriminativeness and robustness of the feature representation. The final output is a high-dimensional feature vector. This serves as the input for subsequent conditional variational gating mechanisms.

[0033] Step 3: To explicitly inject category condition information at the feature level to enhance inter-class separability under few-sample conditions, this invention constructs a conditional variational gating mechanism, CVAE-Gate. This mechanism consists of two parts: a conditional variational autoencoder and a gated fusion unit. It models the category conditional distribution in the feature space through variational inference and achieves adaptive fusion of the original features and category conditional features through learnable gating coefficients.

[0034] In this step, such as Figure 4 As shown, the conditional variational autoencoder uses category labels. This is a condition variable. The encoder receives feature vectors. With category labels splicing input The parameters of the conditional posterior distribution, i.e., the mean vector, are output through a multilayer perceptron. Sum of logarithmic variance vector The conditional posterior distribution is modeled as a diagonal Gaussian distribution:

[0035]

[0036] During the training phase, latent variables are sampled from this distribution using a reparameterization technique. :

[0037]

[0038] in, Follows a standard normal distribution. This represents element-wise multiplication. The reparameterization technique makes the sampling operation differentiable, allowing the gradient to propagate back to the encoder parameters through the sampling process.

[0039] The decoder will include hidden variables With category labels After concatenation, the data are mapped to category conditional features using a multilayer perceptron. The training objective consists of the reconstruction loss and the KL divergence regularization term:

[0040]

[0041] The first term is the reconstruction loss, which measures the consistency between the decoder output and the original features; the second term is the KL divergence regularization term, which constrains the posterior distribution to approximate the standard normal prior distribution. This prevents the encoder from encoding too much information into the latent variables, ensuring the regularity and generalization ability of the latent space.

[0042] The gating fusion unit is responsible for converting the original features Category Condition Features Adaptive fusion is performed. Specifically, the two are concatenated, and gating coefficients are calculated using a linear transformation and a sigmoid activation function. :

[0043]

[0044] in, and For learnable parameters, For the Sigmoid function. Gating coefficient. Each component takes a value between 0 and 1, controlling the fusion ratio of the original features and category conditional features in the corresponding dimension. The gated augmentation feature is calculated as follows:

[0045]

[0046] Through a gating mechanism, the model can adaptively adjust the fusion strength based on sample features and class conditions. For samples with clear class features, the gating coefficients tend to retain more original features; for samples with ambiguous class boundaries, the gating coefficients tend to inject more class condition information to enhance discriminability.

[0047] During the inference phase, the conditional variational autoencoder no longer performs random sampling, but instead directly uses the mean vector. As a deterministic estimate of latent variables, it obtains stable class-conditional feature outputs. Furthermore, CVAE-Gate employs an argmax operation during the training phase to select the class label with the highest confidence as the conditional input. When the sample label is known, the true label is used directly; when the sample label is unknown, the classifier predicts the label.

[0048] Step 4: To compensate for the uncertainty of single-sample discrimination under conditions of few samples by utilizing the structural relationships between samples, this invention constructs an adaptive graph attention network based on gated enhanced features. This network models the similarity relationships between samples in the feature space through dynamic graph construction and multi-head graph attention mechanism, and achieves structured reasoning through neighbor information aggregation.

[0049] In this step, such as Figure 5 As shown, the adaptive graph construction first constructs a KD-tree index structure from the gated augmented feature set of all samples. A KD-tree is a spatially partitioned data structure that enables efficient nearest neighbor queries in a high-dimensional feature space. For each sample node... Perform a K-nearest neighbor query on the KD-tree to obtain the nearest neighbor in the feature space. Each neighboring node.

[0050] Construct an adjacency matrix based on the nearest neighbor query results. Set up nodes. and The distance between them is Then the edge weights in the adjacency matrix are determined by distance relationships. To control the sparsity and connectivity quality of the graph, a distance threshold is set. and Filter the edges:

[0051]

[0052]

[0053] in, It is adaptively determined based on the quantiles of the global distance distribution. This is the tolerance coefficient. This strategy can filter redundant connections that are too close and noisy connections that are too far apart, retaining the most informative medium-distance neighbor relationships. The adjacency matrix dynamically changes with the distribution of sample features; different batches of samples will construct different graph structures, avoiding the insufficient adaptability of a fixed graph topology to different data distributions.

[0054] In the graph attention inference stage, a multi-head graph attention mechanism is used to aggregate and update the node features in the adjacency graph. For each pair of adjacent nodes in the adjacency graph... and First, the gated enhancement features of the two nodes are concatenated after linear transformation, and then the original attention coefficients are calculated using the LeakyReLU activation function. :

[0055]

[0056] in, To share the linear transformation matrix, For attention vectors, This indicates a concatenation operation. Then, the nodes... The attention coefficients of all neighboring nodes are softmax normalized to obtain the normalized attention weights. :

[0057]

[0058] Normalized attention weights reflect the importance of neighboring nodes to the current node. The updated features are obtained by weighted aggregation of the features of the neighbors:

[0059]

[0060] This embodiment employs a multi-head parallel mechanism, setting... Each attention head is independent. Each attention head uses independent transformation parameters to calculate attention weights and aggregates neighbor features. The outputs of each attention head are merged into the final node representation through concatenation or averaging. The multi-head mechanism can capture multiple relationship patterns between samples from different representation subspaces, improving the expressive power of graph reasoning.

[0061] The graph-level readout operation performs global mean pooling on the final features of all nodes, mapping graph structures of different sizes into fixed-dimensional graph-level representation vectors:

[0062]

[0063] in, Let be the set of nodes in the graph. The number of nodes is represented by a graph-level representation vector that integrates the feature information and structural relationship information of all sample nodes, serving as input for subsequent classification and OOD detection. The advantage of using a KD-tree is that it can reduce the time complexity of K-nearest neighbor queries from... Reduce to This ensures that the graph construction process remains efficient on large-scale datasets.

[0064] Step 5: To achieve a unified detection framework that accurately identifies known categories and effectively isolates unknown categories under limited sample conditions, this invention constructs a limited sample open set malicious traffic detection mechanism. This mechanism introduces OOD anomaly detection on the basis of traditional closed set classification, enabling the system not only to accurately classify known attack categories, but also to identify and isolate novel attack categories not seen during the training phase.

[0065] In this step, the graph-level representation vector First, the input is a Softmax classifier, which outputs the probability distribution of known categories. For traffic of known categories, the category with the highest probability is taken as the classification result. Simultaneously, an OOD (Out of Detail) score is calculated based on the probability distribution output by the Softmax classifier. This embodiment provides two methods for calculating the OOD score:

[0066] The first method is based on the maximum softmax probability. The maximum value in the classification probability distribution is taken as the confidence index for the known class.

[0067]

[0068] When the maximum probability value is lower than the preset threshold When this occurs, it indicates that the sample does not belong to any known category's high confidence region, and it is classified as unknown category traffic.

[0069] The second approach is based on energy scores. The energy score is calculated using the logit vector preceding the Softmax layer.

[0070]

[0071] in, For the first The logit value corresponding to each category This represents the total number of known categories. A lower energy score indicates that the sample deviates further from the distribution center of the known categories. When the energy score falls below a preset threshold... At that time, the sample is classified as traffic of an unknown category.

[0072] The joint decision-making logic integrates the Softmax classification results with the OOD isolation results. For traffic samples classified as known categories, it outputs the specific attack category label given by the Softmax classifier, including attack types such as Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms. For traffic samples classified as unknown categories, it marks them as "Unknown" and triggers a security alert. The final detection result includes both the accurate classification of known categories and the isolation label of unknown categories, achieving open set malicious traffic detection.

[0073] In specific experimental implementations, publicly available malicious traffic datasets such as UNSW-NB15, CICIDS2017, and Bot-IoT can be used for verification. In the experiment, the grayscale image size is set to... Attention count Set to 4, K nearest neighbor parameter The training time was set to 6. The Adam optimizer was used, with a learning rate of 0.001 and a batch size of 64. In the open set setting, some attack categories were labeled "Unknown" to test the model's ability to classify known categories and isolate unknown categories.

[0074] like Figure 6 As shown, on the UNSW-NB15 dataset, this embodiment achieves an F1 score of 0.9812 on the open set, outperforming comparable methods such as EMLNN, HIDIM, GRAIN, and DDP-DAR. This result demonstrates that VAGA-Net, through the synergistic effect of conditional variational gating and adaptive graph attention, can effectively improve the classification accuracy of known classes under few-shot conditions while maintaining the ability to isolate unknown classes. Compared to methods lacking class-conditional modeling, the class-conditional information injected by CVAE-Gate significantly enhances inter-class separability; and compared to methods with fixed graph structures, the dynamic graph construction of KD trees can better adapt to changes in feature distribution under few-shot scenarios.

[0075] like Figure 7As shown, VAGA-Net also demonstrates advantages in open-set FPR and FNR metrics. A lower FPR indicates that the model effectively controls the proportion of known-class samples misclassified as unknown-class samples, while a lower FNR indicates that the model effectively detects truly unknown-class samples. Ablation experiments further validate the contributions of each module: removing the SE attention module, CVAE-Gate gating mechanism, graph attention inference, or OOD detection mechanism all resulted in varying degrees of performance degradation, indicating that the components of this invention form effective synergistic gains.

[0076] In summary, this invention establishes an end-to-end detection framework for detecting malicious traffic with few samples by employing session-level grayscale image representation, SE attention residual feature extraction, conditional variational gating mechanism, adaptive graph attention network, and OOD open set detection. This method retains the ability of graph neural networks to model structural relationships between samples, introduces category conditional enhancement and dynamic graph construction mechanisms specifically for few-sample scenarios, and endows the system with the ability to identify and isolate unknown attack categories through OOD detection.

[0077] The above description is merely a preferred embodiment of the present invention. Any equivalent substitutions or modifications made by those skilled in the art within the scope of the technology disclosed in this invention, based on the technical solutions and concepts of the present invention, should be included within the protection scope of this invention.

Claims

1. A few-shot malicious traffic detection method based on variational adaptive graph attention network, characterized in that, Includes the following steps: Step 1: Obtain raw network traffic data, segment the raw network traffic data into sessions according to connection relationships, and convert the session byte sequence into fixed-size single-channel grayscale image samples to form a real training dataset with category labels; Step 2: Construct an attention residual feature extraction network. The network embeds an SE channel attention module in the residual convolution block to perform multi-scale feature extraction on grayscale samples and output a high-dimensional feature vector. Step 3: Construct a conditional variational gating mechanism CVAE-Gate. The mechanism includes a conditional variational autoencoder and a gating fusion unit. The conditional variational autoencoder encodes the feature vector with the class label as a condition and generates class conditional features through reparameterized sampling. The gating fusion unit adaptively fuses the original features and class conditional features through learnable gating coefficients to output gating enhanced features. Step 4: Construct an adaptive graph attention network based on gated enhancement features. Use the K-nearest neighbor algorithm accelerated by KD tree to dynamically construct an adjacency graph for each sample in the feature space. Aggregate neighbor information and perform graph reasoning through a multi-head graph attention mechanism. Obtain a graph-level representation for classification through graph-level readout operation. Step 5: Construct a few-sample open set malicious traffic detection mechanism. Identify known traffic categories using a Softmax classifier, and isolate unknown traffic categories by calculating OOD anomaly scores based on graph-level representation. Output the final detection result through joint decision-making.

2. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, Step 1, the construction of the session grayscale image, includes: aggregating data packets based on a five-tuple consisting of source IP, destination IP, source port, destination port, and protocol, and determining session boundaries based on connection idle time; extracting data packet bytes within the same session in chronological order and concatenating them into a session byte stream; truncating or padding the session byte stream with zeros to a preset length L=H×W, rearranging it into a two-dimensional matrix of H rows and W columns in row-major order, and directly mapping byte values ​​from 0 to 255 to grayscale intensity to obtain a single-channel grayscale image sample.

3. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The SE channel attention module in step 2 includes: performing global average pooling on the feature map output by the residual convolution block to obtain channel descriptors; sequentially passing the channel descriptors through a first fully connected layer and a ReLU activation function for dimensionality reduction, and a second fully connected layer and a Sigmoid activation function for dimensionality increase to obtain channel attention weight vectors; multiplying the channel attention weight vectors with the original feature map channel by channel to achieve channel weighting; and adding the weighted feature map with the input feature map through residual connections to form attention-enhanced residual feature output.

4. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The conditional variational autoencoder in step 3 includes: the encoder receiving a concatenated input of feature vectors and class labels, and outputting a mean vector through a multilayer perceptron. Sum of logarithmic variance vector During the training phase, reparameterization techniques are used. Latent variables z are sampled from the conditional posterior distribution, where ε follows a standard normal distribution; the decoder concatenates the latent variables z with the class labels and maps them to class conditional features; the training objective includes reconstruction loss and KL divergence regularization term, which constrains the conditional posterior distribution to approach the standard normal prior distribution.

5. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The gated fusion unit in step 3 includes: concatenating the original feature vector with the category conditional features output by the conditional variational autoencoder and then calculating the gate coefficient g through linear transformation and the Sigmoid activation function; weighting and fusing the original features and the category conditional features according to the gate coefficient to obtain the gated enhanced features; and in the inference stage, the conditional variational autoencoder directly uses the mean vector μ to replace the sampling operation to obtain the deterministic category conditional feature output.

6. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The adaptive graph construction in step 4 includes: constructing the gated enhanced feature set into a KD-tree index structure; performing a K-nearest neighbor query on the KD-tree for each sample to obtain the K nearest neighbors in the feature space; constructing an adjacency matrix based on the neighbor relationships, where the edge weights between nodes are determined by the cosine similarity or Euclidean distance between feature vectors; the adjacency matrix dynamically changes with the distribution of sample features to avoid the insufficient adaptability of a fixed graph structure to different data distributions.

7. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The multi-head graph attention mechanism in step 4 includes: for each pair of adjacent nodes in the adjacency graph, the features of the two nodes are linearly transformed and concatenated, and the original attention coefficients are calculated using the LeakyReLU activation function, and then normalized by softmax to obtain normalized attention weights; a multi-head parallel mechanism is adopted, in which each attention head independently calculates attention weights and aggregates neighbor features, and the multi-head outputs are fused by concatenation or averaging; the graph-level readout operation performs global mean pooling on the final features of all nodes to obtain a fixed-dimensional graph-level representation vector.

8. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, Step 5, the calculation of the OOD anomaly score, includes: taking the maximum class probability value as the known class confidence index based on the class probability distribution output by the Softmax classifier; or calculating the energy score based on the graph-level representation vector as the basis for distinguishing between inside and outside the distribution; comparing the confidence index or energy score with a preset threshold, and determining the corresponding sample as unknown class traffic when it is lower than the threshold.

9. The few-shot malicious traffic detection method based on variational adaptive graph attention network according to claim 1, characterized in that, The joint decision-making in step 5 includes: for traffic samples that are determined to be of a known category, outputting the specific attack category label given by the Softmax classifier; for traffic samples that are determined to be of an unknown category, marking them as unknown and triggering an alarm; the final detection result includes both the accurate classification of known categories and the isolation label of unknown categories, thus realizing open set malicious traffic detection.