A network intrusion detection method and system based on double-model collaborative positive-unlabeled learning

By employing a dual-model collaborative positive-unlabeled learning method, the high labeling cost in network intrusion detection is addressed. This method enables efficient intrusion detection under conditions of a small number of labeled samples and a large amount of unlabeled traffic, improving detection accuracy and generalization. It is applicable to enterprise information networks, campus networks, and cloud computing environments.

CN122339860APending Publication Date: 2026-07-03NANJING UNIV OF INFORMATION SCI & TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANJING UNIV OF INFORMATION SCI & TECH
Filing Date
2026-06-05
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing network intrusion detection methods rely on large-scale, high-quality labeled training data. However, attack events are rare and varied, resulting in high labeling costs and long cycles. This makes it difficult to form a balanced label set that matches the normal traffic volume, becoming a bottleneck for the implementation and continuous evolution of detection models.

Method used

A dual-model collaborative positive-unlabeled learning method is adopted. By constructing a first model and a second model, the probabilities of labeling tendency and attack category are estimated respectively. Combined with the positive-unlabeled loss function, feature learning is performed under the condition of a small number of labeled attack samples and a large number of unlabeled network traffic, thereby reducing the data labeling threshold.

Benefits of technology

It significantly reduces the dependence on data annotation, improves the accuracy and generalization of network intrusion detection, and can achieve significantly higher binary classification detection results than existing methods on public benchmark datasets such as NSL-KDD and CICIDS 2017. It is suitable for network intrusion detection in enterprise information networks, campus networks and cloud computing environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339860A_ABST
    Figure CN122339860A_ABST
Patent Text Reader

Abstract

This invention discloses a network intrusion detection method and system based on dual-model collaborative positive-unlabeled learning, belonging to the field of network security and intelligent detection technology. The method includes: collecting and preprocessing network traffic data; constructing a set of positive samples and a set of unlabeled samples; constructing a dual-model collaborative positive-unlabeled learning model; utilizing an established positive-unlabeled loss function to enable the model to learn the characteristics of intrusive network traffic from the positive and unlabeled samples; and using the trained model to achieve high-precision network intrusion determination. The network intrusion detection method proposed in this invention can achieve high-precision detection in scenarios with only a small number of confirmed attack samples and a lack of high-quality negative sample labels. It has achieved a detection accuracy of over 90% on multiple public datasets. This method significantly reduces annotation costs, improves the ability to identify unknown and variant attacks, and has good engineering deployability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of network security and network intrusion detection technology, specifically relating to a network intrusion detection method and system based on dual-model collaborative positive-unlabeled learning. Background Technology

[0002] Network infrastructure and business information systems are the core support for the operation and production activities of modern society, and their availability and data security directly affect economic operation and social order. Deep learning-based intrusion detection methods based on network traffic or connection behavior have demonstrated strong feature characterization and pattern recognition capabilities. However, the success of these methods largely depends on large-scale, high-quality labeled training data. In actual security operations and network protection scenarios, attack events are relatively rare and varied in form. Fine-grained labeling of attack samples (such as distinguishing specific types or subcategories like denial-of-service attacks, scanning penetration, and malicious external connections) often requires repeated analysis by security analysts, which is costly and time-consuming. It is difficult to form a balanced label set that matches the scale of normal traffic, becoming a bottleneck restricting the implementation and continuous evolution of detection models. Summary of the Invention

[0003] Purpose of the invention: To address the problem that existing network intrusion detection technologies rely heavily on accurate and comprehensive labeled attack data and have high labeling costs, this invention provides a network intrusion detection method and system with dual-model collaborative positive-unlabeled learning. This method can effectively learn discriminative features and complete intrusion judgment with only a small number of labeled attack samples and a large number of unlabeled network traffic samples, significantly reducing the data labeling threshold.

[0004] Technical solution: A network intrusion detection method based on dual-model collaborative positive-unlabeled learning, comprising the following steps:

[0005] Obtain network traffic data, extract the feature vectors corresponding to each network traffic, and preprocess the feature vectors to obtain standardized feature vectors that conform to the model input format;

[0006] A deep learning-based intrusion detection model is constructed, comprising a first model and a second model. Both the first and second models include multiple fully connected layers, layer normalization, and activation functions. The first and second models have the same network structure and share the same input feature form, but they undertake different learning tasks and their parameters are updated independently. Specifically, the first model is used to obtain an estimate of the labeling tendency probability of the input sample, representing the likelihood that the input sample will be labeled as a positive sample in a positive-unlabeled learning scenario. The second model is used to obtain an estimate of the probability that the input sample belongs to the attack category.

[0007] A training dataset is constructed and a model training process is executed. Attack-type network flows are labeled as positive, and normal-type network flows are labeled as negative. A portion of the positive samples are selected according to a preset ratio to form a labeled positive sample set. The positive samples not selected into the labeled positive sample set, together with all negative samples, form an unlabeled sample set. During training, the labeled positive samples and unlabeled samples are paired and input into the intrusion detection model. The model is passed through the first model and the second model respectively, and outputs the probability estimate of labeled tendency and the probability estimate of belonging to the attack category. The positive-unlabeled loss function value is calculated, and the trainable parameters of the first model and the second model are updated independently by minimizing the loss.

[0008] The feature vector formed by the network traffic to be detected after the same preprocessing is input into the trained intrusion detection model, and the probability estimate of the attack category output by the second model is obtained to obtain the final detection result of the network traffic to be detected.

[0009] Preferably, both the first and second models employ a feedforward stacked multilayer perceptron network, specifically comprising an input flattening layer, two sequentially connected fully connected hidden layer blocks, and a single-neuron output layer. The input flattening layer flattens the standardized feature vector into a fixed-dimensional one-dimensional feature vector. The first fully connected hidden layer block consists of a first fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a first random deactivation layer. The second fully connected hidden layer block consists of a second fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a second random deactivation layer. The output feature dimension of the second fully connected layer is half that of the first fully connected layer. The single-neuron output layer is a one-dimensional fully connected layer used to output the logit value. The first and second models maintain consistency in the number of layers and the width configuration of each hidden layer, and their trainable parameters are independent of each other.

[0010] Preferably, the last layer of the first model is the first output layer, which is a fully connected layer, and its input is the samples. The depth feature vectors obtained after processing by each hidden layer in the first model are output as a logit scalar, denoted as . After mapping with the Sigmoid activation function, the labeling bias probability estimate is obtained, which is used to represent the tendency of a sample to be selected as a labeled positive sample in a positive-unlabeled learning scenario. The connection weights and biases of the first output layer and each hidden layer in the first model together constitute the trainable model parameters of the first model. .

[0011] Preferably, the last layer of the second model is the second output layer, which is a fully connected layer, and its input is the sample. The depth feature vectors obtained after processing by each hidden layer in the second model output a logit scalar, denoted as . After mapping with the Sigmoid activation function, the probability estimate of whether a sample belongs to the attack category is obtained. The connection weights and biases of the second output layer and each hidden layer in the second model together constitute the trainable model parameters of the second model. .

[0012] Preferably, the positive-unlabeled loss function value is determined by the positive-unlabeled consistency loss function. Pairwise comparison classification loss function constitute:

[0013]

[0014] in, For hyperparameters, It is a positive-unlabeled loss function. For the labeled positive sample set, For the unlabeled sample set, This is a set of high-quality sample pairs selected based on the feature space heterogeneity criterion, where each sample pair consists of a labeled positive sample and an unlabeled sample;

[0015] The formula for calculating the positive-unlabeled consistency loss function is as follows:

[0016]

[0017] in It is the sigmoid function;

[0018] The formula for calculating the pairwise comparison classification loss function is as follows:

[0019]

[0020] in For pairwise comparison of sample pairs, and sample The positive class confidence level is higher than that of the sample. The positive class confidence level; (Note: The original text appears to be incomplete and contains several grammatical errors. A more , , , These represent the cyclic symmetric term and the non-cyclic symmetric term in the loss function, respectively. The calculation formula is as follows:

[0021]

[0022] in This represents the loss term, weighted by the prior probability of the negative class, when the sample is predicted as the positive class. This represents the loss term weighted by the prior probability of the positive class when the sample is predicted as the negative class; It is the ReLU function;

[0023] The calculation formula is as follows:

[0024]

[0025] For sample pairs The noise state estimation indicator is defined as follows:

[0026]

[0027] For the sample The true category label, 1 indicates attack traffic. This indicates normal or benign network traffic.

[0028] Preferably, the monitored objects corresponding to the network traffic data include one or more of enterprise information networks, campus networks, and virtual networks in a cloud computing environment; the attack-type network flows cover at least one of the following attack modes: denial of service and distributed denial of service, network probing and port scanning, password brute-force and unauthorized access, remote penetration and privilege escalation, and malicious communication.

[0029] Preferably, the feature vector is preprocessed, including at least: extracting labels and performing binarization mapping; deleting identifier fields that are irrelevant to attack detection; performing numerical processing according to field type, wherein categorical fields use one-hot encoding or label encoding, non-numerical fields are converted to numerical values ​​according to rules and unresolvable values ​​are recorded as missing; replacing infinite values ​​with missing values; imputing missing values ​​with training set statistics; and performing consistency transformation to form a standardized feature vector that conforms to the model input format.

[0030] A network intrusion detection system based on dual-model collaborative positive-unlabeled learning includes:

[0031] The traffic acquisition and preprocessing module is used to acquire network traffic data, extract the feature vectors corresponding to each network traffic, and preprocess the feature vectors to obtain standardized feature vectors that conform to the model input format.

[0032] The model building module is used to construct a deep learning-based intrusion detection model. The model includes a first model and a second model, both of which include multiple fully connected layers, layer normalization, and activation functions. The first and second models have the same network structure and share the same input feature form, but they undertake different learning tasks and their parameters are updated independently. Specifically, the first model is used to obtain an estimate of the labeling tendency probability of the input sample, representing the likelihood that the sample will be labeled as a positive sample in a positive-unlabeled learning scenario; the second model is used to obtain an estimate of the probability that the input sample belongs to an attack category.

[0033] The model training module is used to construct the training dataset and execute the model training process. In this module, attack-type network flows are labeled as positive and normal network flows are labeled as negative. A portion of the positive samples are selected according to a preset ratio to form a labeled positive sample set. The positive samples not selected into the labeled positive sample set, together with all negative samples, form an unlabeled sample set. During training, the labeled positive samples and unlabeled samples are paired and input into the intrusion detection model. The model is passed through the first model and the second model respectively, and outputs the probability estimate of labeled tendency and the probability estimate of belonging to the attack category. The positive-unlabeled loss function value is calculated, and the trainable parameters of the first model and the second model are updated independently by minimizing the loss.

[0034] The intrusion detection module is used to input the feature vector formed by the network traffic to be detected after the same preprocessing into the trained intrusion detection model, obtain the probability estimate of the attack category output by the second model, and obtain the final detection result of the network traffic to be detected.

[0035] The present invention also provides an electronic device, including one or more processors, a memory, and one or more programs stored in the memory, wherein the programs, when executed by the processor, implement the above.

[0036] The present invention also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the above-described method.

[0037] Beneficial effects:

[0038] (1) This invention applies positive-unlabeled learning to network intrusion detection. During the training phase, only a portion of attack traffic is needed as labeled positive samples, and a large amount of traffic can be used as unlabeled samples to participate in training. This significantly reduces the reliance on fine-grained labeling of all attack traffic, closely matching the reality of "a small number of confirmed malicious connections and a large number of connections that have not been characterized one by one" in security operations. It has strong engineering applicability.

[0039] (2) This invention uses a dual-model collaboration with the same structure but different task division, combined with a positive-unlabeled loss function, which is beneficial to simultaneously characterize the labeling tendency and intrusion discrimination boundary under the setting of positive-unlabeled learning. It has achieved significantly higher binary classification detection performance than existing methods on public benchmark datasets such as NSL-KDD and CICIDS 2017. Its effectiveness has been verified by indicators such as accuracy, F1-score, and Gmean.

[0040] (3) The generalizability and scalability of the present invention are good: the method is not bound to a single hardware probe or a specific vendor's stream format. The same training and inference process can be used for common input forms such as connection-level text features and flow table CSV features. The model adopts an end-to-end training method, which can be combined with conventional means such as adaptive optimizers and learning rate scheduling to improve convergence stability. Furthermore, samples under different labeling ratios can be divided into indexes and directories for easy experimental reproduction and comparison. Attached Figure Description

[0041] Figure 1 The flowchart below shows the overall process of the network intrusion detection method under dual-model collaborative positive-unlabeled learning provided in this embodiment of the invention.

[0042] Figure 2 This is a schematic diagram of the network structure of the dual-model collaborative positive-unlabeled learning model of the present invention.

[0043] Figure 3 This is a comparison of the accuracy curves of the present invention with other methods based on positive-unlabeled learning on the NSL-KDD dataset.

[0044] Figure 4 This is a comparison of the accuracy curves of the present invention with other positive-unlabeled learning-based methods on the CIC IDS 2017 dataset.

[0045] Figure 5 This is a comparison of the accuracy curves of the present invention with other positive-unlabeled learning-based methods on the CSE-CIC-IDS 2018 dataset.

[0046] Figure 6 This is a comparison of the F1-score curves of the present invention with other positive-unlabeled learning-based methods on the NSL-KDD dataset.

[0047] Figure 7 This is a comparison of the F1-score curves of the present invention with other positive-unlabeled learning-based methods on the CIC IDS 2017 dataset.

[0048] Figure 8 The F1-score curves of this invention are compared with those of other positive-unlabeled learning-based methods on the CSE-CIC-IDS 2018 dataset.

[0049] Figure 9 This is a comparison of the Gmean curves of this invention with other positive-unlabeled learning-based methods on the NSL-KDD dataset.

[0050] Figure 10 This is a comparison of the Gmean curves of the present invention with other positive-unlabeled learning-based methods on the CIC IDS 2017 dataset.

[0051] Figure 11 The Gmean curves of this invention are compared with those of other positive-unlabeled learning-based methods on the CSE-CIC-IDS 2018 dataset. Detailed Implementation

[0052] Positive-Unlabeled Learning (PU learning) is a paradigm highly suited to intrusion detection tasks: the training set requires only a small number of explicitly labeled positive samples (attacks) and a large number of unlabeled samples; these unlabeled samples can simultaneously contain negative (normal) and unlabeled positive (attack) samples in a true labeling sense, thus more closely resembling the reality of "only obtaining a small number of labeled samples confirmed as attacks, while large-scale network connection records are not manually labeled one by one." Compared to fully supervised learning, which requires full labeling of both positive and negative classes, PU learning reduces the need for complete labeling of attack classes. However, most existing PU learning research focuses on general tabular data, text, or images, and its methods are not suitable for network intrusion detection tasks. The core challenge in network intrusion detection lies in the fact that, under weak supervision conditions containing only a small number of positive samples and a severe lack of explicit negative samples, the unknown attacks and normal behaviors mixed in unlabeled traffic lead to highly blurred decision boundaries. Directly transferring traditional PU learning methods easily falls into the dilemma of pseudo-label noise accumulation, feature discrimination power decay, and conflicting optimization objectives from multiple sources. Therefore, designing a training paradigm that aligns with the nature of weak supervision, effectively mines supervisory information from unlabeled data, and suppresses noise interference is a technical problem that urgently needs to be solved.

[0053] This invention proposes a framework for network intrusion detection using positive and unlabeled sample information in weakly supervised learning problems. The main idea is to construct a pairwise comparison (Pcomp)-assisted PU learning paradigm by utilizing only the limited positive class supervision information provided by network traffic samples under the positive-unlabeled learning setting (i.e., only some attack traffic is labeled as labeled positive samples, while the remaining attack instances and normal traffic participate in training as unlabeled samples without relying on full labeling of attack categories). Combined with a loss decomposition mechanism and a noisy state estimation strategy, this effectively overcomes the problems of supervision signal ambiguity and boundary drift caused by the mixed distribution of unlabeled samples, significantly improving the model's discrimination accuracy and generalization robustness, thereby achieving high-accuracy network intrusion detection.

[0054] like Figure 1 As shown, the present invention provides a dual-model collaborative positive-unlabeled learning network intrusion detection method, comprising the following steps:

[0055] Step S1: Data preparation and preprocessing.

[0056] This step aims to transform raw network traffic records into high-quality, normalized data suitable for training deep learning models, and specifically includes the following sub-steps:

[0057] 11) Data Acquisition:

[0058] For target network intrusion detection tasks (such as enterprise networks, industrial control networks, or cloud platform boundary monitoring), network traffic data can be obtained from network connection records and network flow records collected and organized in controlled simulation experimental networks or experimental testbeds. For example, network sessions or connection processes can be abstracted into connection-level statistical feature vectors, supplemented with multi-type attack semantic labels and sample classification difficulty quantification indicators or auxiliary annotation information. After screening and debiasing, tabular text data that can be used for training and evaluation can be formed. For another example, benign background traffic and multi-type attack reproduction experiments can be organized in experimental networks, cloud platforms, and virtualized network environments. Traffic can be collected and labeled, segmented by session or flow, and flow-level statistical features can be extracted and organized into labeled tabular feature data to cover network behavior representations under different scales and threat forms. Multi-type labels are mapped to binary classification: normal or benign is negative (-1), and attack is positive (1).

[0059] 12) Sample generation and dataset partitioning:

[0060] A sample set is constructed by assigning a sample row vector to each network connection record or each network flow record. The entire sample index is hierarchically divided into a training set, a validation set, and a test set (e.g., the test set comprises approximately 10% of the total, and the validation set approximately 10%). The partitioning results can be saved as files such as "train_idx.npy", "val_idx.npy", and "test_idx.npy". During model training, the labeled positive sample set and the unlabeled sample set within the training set are used for training. The true binary classification labels in the validation set and the test set are only used for monitoring, early stopping, and performance evaluation, and do not participate in the model training process. Only within the training set, to evaluate the model's robustness and generalization boundary under different levels of labeled data scarcity, a labeling ratio is used, for example... The positive class indexes are partitioned. Specifically, the positive class indexes corresponding to the above proportions are assigned to the labeled positive sample set. The remaining unselected positive class indexes, together with all negative class indexes, constitute the unlabeled sample set, and are saved to the "train_labeled_idxs.npy" and "train_unlabeled_idxs.npy" files in the subdirectories corresponding to the labeling proportions (e.g., "splits-2", "splits-4", etc.). Different partitioning proportions aim to simulate the changes in positive sample scarcity caused by fluctuations in labeling costs in a real network environment. In actual business deployment, there is no need for repeated sampling partitioning; training can be performed directly using all available labeled and unlabeled positive samples in the system. In subsequent experiments, assuming the data and training set sizes remain unchanged, the training set, validation set, test set, and the partitioning results of labeled and unlabeled samples are directly loaded from the previously saved index files. This avoids differences caused by repeated random partitioning and ensures experimental reproducibility. If the data source or training set size changes, the partitioning is re-executed, and the saved index files are overwritten before loading.

[0061] 13) Data preprocessing and augmentation:

[0062] Numericalization is performed on each column of the tabular feature matrix, replacing unresolved signs, positive infinity, and negative infinity with missing values, and filling missing values ​​with statistics such as the median of each column in the training set. Numerical features are then standardized to zero mean and unit variance, calculated using the following formula: ,in For the sample in the first The values ​​that can be taken on a numerical feature and The first The mean and standard deviation of each feature are estimated on the training set. , Estimate only once on the training set, and apply the same set of parameters to the validation and test sets respectively. To avoid information leakage caused by using the mean and variance of the validation or test sets themselves in training, the training set uses global statistics for standardization on the feature dimensions. This differs from "normalizing each sample individually using its own mean and standard deviation for each dimension," and helps preserve the relative magnitude relationships between samples of different network connections or network flows. For cases where the number of attack and normal class samples differs significantly (class imbalance), a dynamic selection of the decision threshold is performed on the validation set based on the model output probability (e.g., traversing candidate thresholds and selecting the optimal threshold on the validation set based on metrics such as F1-score or Gmean). The selected threshold is then used for decision-making and evaluation on the test set. The threshold search is only used for decision calibration in monitoring, early stopping, and performance evaluation, and does not participate in the training and updating of model parameters, thereby mitigating the performance bias caused by fixed thresholds under imbalanced conditions.

[0063] Step S2: Construct a dual-model collaborative positive-unlabeled learning model for network intrusion detection.

[0064] This step constructs a dual-branch deep learning detection model for tabular network traffic feature vectors, referred to in this invention as an intrusion detection model or a dual-model collaborative positive-unlabeled learning model, such as... Figure 1 As shown, the model includes a first model and a second model. Both have the same network structure, consistent input feature dimensions and flattened data layout, and independent trainable parameters. These are denoted as the first model for labeling bias estimation and the second model for determining the attack category, respectively. Each model consists of a deep feature extraction part (i.e., a feature extraction network) and a single-neuron output layer. The single-neuron output layer of the first model is the first output layer, and the single-neuron output layer of the second model is the second output layer. The deep feature extraction part uses a feedforward multilayer perceptron to map the standardized feature vectors to deep feature vectors. The single-neuron output layer outputs a scalar. The outputs of each model are mapped using a sigmoid activation function to obtain the labeling bias probability estimate and the probability estimate of belonging to the attack category. The specific components of the first and second models are as follows:

[0065] like Figure 2 As shown, the feature extraction network consists of an input flattening layer, two sequentially connected fully connected hidden layer blocks, and a hidden layer output, which outputs a depth feature vector. The input flattening layer flattens the input tensor into a one-dimensional feature vector of fixed dimensions. The first fully connected hidden layer block consists of a first fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a first random deactivation layer. The second fully connected hidden layer block consists of a second fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a second random deactivation layer. The output feature dimension of the second fully connected layer is half that of the first fully connected layer. The hidden feature vector output by the second fully connected hidden layer block is the depth feature vector.

[0066] The first output layer of the first model is a fully connected layer, also known as the label bias classifier output layer. , represented as , For the sample size, The dimension of the depth feature vector is given by the sample. Deep feature vectors Output the logit scalar, denoted as After mapping using the Sigmoid activation function, the labeling bias probability estimate is obtained, representing the tendency of a sample to be selected as a labeled positive sample in a positive-unlabeled learning scenario. The connection weights and biases of the first output layer and each hidden layer in the first model together constitute the trainable model parameters of the first model. .

[0067] The second output layer of the second model is a fully connected layer, also known as the attack discrimination output layer. , represented as , For the sample size, The dimension of the depth feature vector is given by the sample. Deep feature vectors Output the logit scalar, denoted as After mapping with the Sigmoid activation function, the probability estimate of whether a sample belongs to the attack category is obtained, which is used to determine whether a sample belongs to the attack category. The connection weights and biases of the second output layer and each hidden layer in the second model together constitute the trainable model parameters of the second model. .

[0068] Step S3: Model training based on the positive-unlabeled set.

[0069] The core of this step lies in utilizing the positive samples partitioned within the training set. and unlabeled samples and positive-unlabeled loss function Optimization is performed. In this invention, samples are recorded. The true category label is ,in 1 indicates attack traffic. This indicates normal or benign network traffic. For all They all And for any Its real label It could be It could also be .

[0070] The specific steps for calculating the positive-unlabeled learning loss function are as follows:

[0071] (S31) Define the sample The conditional probability of the labeled category and the posterior probability of the attack category:

[0072] Let the classifier output of the first model used for bias estimation be . ,definition Indicates sample The marked state, where Indicates sample Marked Indicates sample Unlabeled samples after Sigmoid function mapping The conditional probability of the labeled category is:

[0073]

[0074]

[0075]

[0076]

[0077] Let the output of the second model used for judgment be... ,like Then the sample Classified as positive (i.e., belonging to attack traffic); if If the sample is classified as negative (i.e., belongs to normal traffic), it will be mapped by the Sigmoid function. The posterior probability of belonging to the attack category is:

[0078]

[0079] in, This is the sigmoid function.

[0080] (S32) Calculate the positive-unlabeled consistency loss function based on the maximum likelihood estimation principle:

[0081] Its learning objective is constructed by maximizing the joint probability of the observed labeled patterns—that is, the set of labeled positive samples. The samples in the set were explicitly labeled as positive, while the unlabeled set... The samples in the data remain unlabeled, represented as:

[0082]

[0083] in ,and , sample Substituting the conditional probability of the labeled class and the posterior probability of belonging to the attack class into the joint probability above yields the positive-unlabeled consistency loss function:

[0084]

[0085] (S33) Construct the pairwise comparison Pcomp classification loss function:

[0086] Pairwise comparison classification does not rely on precise class labels, but instead uses relative comparison information between paired comparison sample pairs for model training—in the sample pairs In the sample The positive class confidence level is higher than that of the sample. A sample pair consists of a labeled positive sample and an unlabeled sample. Specifically, each labeled positive sample is paired with all unlabeled samples to form a set of sample pairs. In practice, the information value between different sample pairs varies significantly. To reduce computational costs, we select sample pairs that exhibit greater heterogeneity in the feature space, as they are more likely to cross the decision boundary and thus generate stronger discriminative signals. Sample pairs composed of similar instances, on the other hand, only provide weak relative ranking supervision. Therefore, this invention employs a targeted selection strategy. Can be rewritten as ,in , put parameters Decomposed into , For parameter subset For feature extraction parameters, These are the classification decision parameters. Original input. (Network traffic statistics characteristics) are usually high-dimensional, sparse, noisy, and contain a lot of redundancy. It is a low-dimensional vector obtained after multiple nonlinear transformations, normalization, and activation. It removes surface statistical noise while preserving the essential discriminative structure of the data. Therefore... yes A high-level representation. For each ,make To The set of distances. Let be the distances between them. This is the complete set of sample pairs consisting of all labeled positive samples and all unlabeled samples. Using... (Right now of -quantiles, where ),Will The selected subset is defined as:

[0087]

[0088] In the embodiments Therefore, the specific formula for the initial pairwise comparison classification loss function is:

[0089]

[0090]

[0091]

[0092] in, The standard hinge loss function is mathematically defined as follows: . This represents the weighted prior probability of the negative class, and the sample The loss term when the prediction is positive. Represents the weighted prior probability of the positive class, the sample The loss term when the prediction is negative. For correction functions (e.g., ReLU function) or absolute value function Constraining the negative terms in the formula suppresses their adverse effects on the loss, thereby improving training stability and helping to alleviate overfitting. The class prior probability in the above formula... and Usually unknown, using Bayes' theorem... Estimate the prior probability of the positive class :

[0093]

[0094] The prior probability of the negative class is:

[0095]

[0096] Initial pairwise comparison classification loss function The establishment is based on the Each sample pair All satisfy the assumption of the pairwise comparison classification principle, that is However, for a given positive class sample... Unlabeled set It may contain more samples Samples with higher positive class confidence. This means the selected subset It may contain information about The calculation produces noisy sample pairs that have an adverse effect. To address this issue, parameters based on the second model are used. Define sample pairs Noise State Estimation Indicator (in Indicates a pair of noisy samples. (This represents a non-noise sample pair). Its definition is as follows:

[0097]

[0098] Despite Add to Try to alleviate The impact of potential noise in the sample pairs, but The calculation still depends on the parameters The estimation error is highly sensitive. Noisy sample pairs and non-noisy sample pairs differ significantly in the loss function. The difference is and The components are interchanged. Therefore, for Inaccurate estimates can have a negative impact on the training process.

[0099] If the loss function By observing whether its components exhibit complete or partial cyclic symmetry, the harmful effects caused by inaccurately estimated noisy states can be avoided or mitigated. Cyclic symmetric terms (e.g.) The noise remains unchanged because and Interchanging the components does not affect its value. Inspired by this, the loss function... In Decomposed into cyclic symmetric terms Non-cyclic symmetric terms The theoretical upper bound of the structure, wherein:

[0100]

[0101]

[0102] in It is the ReLU function, that is , =

[0103] Final pairwise comparison classification loss function for:

[0104]

[0105] (S34) Construct the positive-unlabeled loss function:

[0106] Combining the positive-unlabeled consistency loss function and the pairwise comparison classification loss function, we obtain the final positive-unlabeled joint loss function:

[0107]

[0108] in, It is a hyperparameter, and It is responsible for balancing the contributions of different loss terms and performed a grid search on the validation set. Adjust hyperparameters within the range Determine the optimal hyperparameters.

[0109] The loss function is calculated using the backpropagation algorithm. The gradients of each model parameter are calculated, and the model parameters are updated using stochastic gradient descent or its variants (such as the Adam optimizer). and The iteration continues until each model converges.

[0110] Step S4: Use the trained model to detect network traffic.

[0111] The standardized feature vector, formed by the same feature extraction and preprocessing steps applied to the network traffic to be detected, is input into the pre-trained deep learning model for network intrusion detection; the probability that the sample belongs to the attack category is then obtained. The result of comparing the Sigmoid function-mapped data with a preset threshold is determined as the final detection result of the network traffic to be detected.

[0112] The network intrusion detection deployment and monitoring targets applicable to the method of this invention include one or more of enterprise information networks, campus networks, and virtual networks in cloud computing environments; the attack network flows at least cover multiple attack modes such as denial of service and distributed denial of service, network probing and port scanning, password brute-force and unauthorized access, remote penetration and privilege escalation, and malicious communication, and can be characterized by risk classification according to attack type, scope of impact, or handling priority.

[0113] To verify the effectiveness of the method of this invention, experiments were conducted on three publicly available network intrusion detection datasets: NSL-KDD, CIC IDS 2017, and CSE-CIC-IDS 2018. The method was compared with existing methods nnPU, Dist-PU, and LaGAMD in terms of accuracy, F1-score, and G-means. The results are shown in Tables 1, 2, and 3. Figure 3 , Figure 4 , Figure 5 , Figure 6 , Figure 7 , Figure 8 , Figure 9 , Figure 10 and Figure 11 As shown.

[0114] Table 1. Comparison of accuracy rates of different methods on the dataset (mean ± standard deviation)

[0115]

[0116] The NSL-KDD dataset contains connection-level feature samples of normal and multiple types of network attacks. After binary classification and label mapping, it is used to determine whether the sample is an attack type or a benign type. Using the method of this invention, the classification accuracy, F1-score, and Gmean index on the test set are higher than those of existing methods.

[0117] The CIC IDS 2017 dataset, publicly released by the Canadian Cyber ​​Security Institute (CIC), contains flow-level statistical features for normal traffic and various typical attack scenarios, with a large sample size. To verify the effectiveness of this invention at an acceptable computational cost, stratified random sampling was performed from the full dataset, categorized by normal and attack labels. A 10% subset was selected (a fixed random seed was used during sampling to ensure consistent subset partitioning). The remaining preprocessing and training procedures were consistent with the full dataset. The method of this invention achieved high intrusion detection accuracy on this dataset.

[0118] Table 2. Comparison of F1-scores (mean ± standard deviation) for different methods on the dataset.

[0119]

[0120] Table 3. Comparison of G-means for different methods on the dataset (mean ± standard deviation)

[0121]

[0122] The CSE-CIC-IDS 2018 dataset, collected and constructed by the Canadian Communications Security Agency (CSE) and CIC in a cloud platform network environment, covers normal traffic and various modern attack behaviors. It features rich flow-level statistical characteristics and attack patterns that more closely resemble contemporary network threats. To verify the effectiveness of this invention at an acceptable computational cost, stratified random sampling was performed from the full dataset, categorized by normal and attack labels. A 1% sample was selected to form an experimental subset (a fixed random seed was used during sampling to ensure consistent subset partitioning). The remaining preprocessing and training procedures were consistent with the full dataset. The method of this invention also achieved stable and good results on this dataset.

[0123] The experimental results above fully demonstrate that the dual-model collaborative positive-unlabeled learning network intrusion detection method provided by this invention can achieve intrusion detection performance comparable to fully supervised learning under limited supervision, where only some attack class samples in the training set are labeled as positive samples and the remaining attack class samples and all normal traffic are used as unlabeled samples for loss optimization. This is achieved with a significantly lower labeling cost than "assigning attack or normal category labels to each of all training samples". This effectively alleviates the major problems in network intrusion detection practice, such as the relative scarcity of attack events, the difficulty of comprehensive or fine-grained labeling of attack traffic, and the long cycle.

[0124] This invention also provides a network intrusion detection system based on dual-model collaborative positive-unlabeled learning, comprising:

[0125] The traffic acquisition and preprocessing module is used to acquire network traffic data, extract the feature vectors corresponding to each network traffic, and preprocess the feature vectors to obtain standardized feature vectors that conform to the model input format.

[0126] The model building module is used to construct a deep learning-based intrusion detection model. The model includes a first model and a second model, both of which include multiple fully connected layers, layer normalization, and activation functions. The first and second models have the same network structure and share the same input feature form, but they undertake different learning tasks and their parameters are updated independently. Specifically, the first model is used to obtain an estimate of the labeling tendency probability of the input sample, representing the likelihood that the sample will be labeled as a positive sample in a positive-unlabeled learning scenario; the second model is used to obtain an estimate of the probability that the input sample belongs to an attack category.

[0127] The model training module is used to construct the training dataset and execute the model training process. In this module, attack-type network flows are labeled as positive and normal network flows are labeled as negative. A portion of the positive samples are selected according to a preset ratio to form a labeled positive sample set. The positive samples not selected into the labeled positive sample set, together with all negative samples, form an unlabeled sample set. During training, the labeled positive samples and unlabeled samples are paired and input into the intrusion detection model. The model is passed through the first model and the second model respectively, and outputs the probability estimate of labeled tendency and the probability estimate of belonging to the attack category. The positive-unlabeled loss function value is calculated, and the trainable parameters of the first model and the second model are updated independently by minimizing the loss.

[0128] The intrusion detection module is used to input the feature vector formed by the network traffic to be detected after the same preprocessing into the trained intrusion detection model, obtain the probability estimate of the attack category output by the second model, and obtain the final detection result of the network traffic to be detected.

[0129] It should be understood that the dual-model collaborative positive-unlabeled learning network intrusion detection system in the embodiments of the present invention can implement all the technical solutions in the above method embodiments, and the functions of each functional module can be specifically implemented according to the steps of the above method. The specific implementation process will not be described here.

[0130] The present invention also provides an electronic device, comprising: one or more processors; a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, wherein when the programs are executed by the processors, they implement the dual-model collaborative positive-unlabeled learning network intrusion detection method as described above.

[0131] The present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the network intrusion detection method of dual-model collaborative positive-unlabeled learning as described above.

Claims

1. A network intrusion detection method based on dual-model collaborative positive-unlabeled learning, characterized in that, Includes the following steps: Obtain network traffic data, extract the feature vectors corresponding to each network traffic, and preprocess the feature vectors to obtain standardized feature vectors that conform to the model input format; A deep learning-based intrusion detection model is constructed, comprising a first model and a second model. Both the first and second models include multiple fully connected layers, layer normalization, and activation functions. The first and second models have the same network structure and share the same input feature form, but they undertake different learning tasks and their parameters are updated independently. Specifically, the first model is used to obtain an estimate of the labeling tendency probability of the input sample, representing the likelihood that the input sample will be labeled as a positive sample in a positive-unlabeled learning scenario. The second model is used to obtain an estimate of the probability that the input sample belongs to the attack category. A training dataset is constructed and a model training process is executed. Attack-type network flows are labeled as positive, and normal-type network flows are labeled as negative. A portion of the positive samples are selected according to a preset ratio to form a labeled positive sample set. The positive samples not selected into the labeled positive sample set, together with all negative samples, form an unlabeled sample set. During training, the labeled positive samples and unlabeled samples are paired and input into the intrusion detection model. The model is passed through the first model and the second model respectively, and outputs the probability estimate of labeled tendency and the probability estimate of belonging to the attack category. The positive-unlabeled loss function value is calculated, and the trainable parameters of the first model and the second model are updated independently by minimizing the loss. The feature vector formed by the network traffic to be detected after the same preprocessing is input into the trained intrusion detection model, and the probability estimate of the attack category output by the second model is obtained to obtain the final detection result of the network traffic to be detected.

2. The method according to claim 1, characterized in that, Both the first and second models employ a feedforward stacked multilayer perceptron network, specifically comprising an input flattening layer, two sequentially connected fully connected hidden layer blocks, and a single-neuron output layer. The input flattening layer flattens the standardized feature vector into a fixed-dimensional one-dimensional feature vector. The first fully connected hidden layer block consists of a first fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a first random deactivation layer. The second fully connected hidden layer consists of a second fully connected layer, a layer normalization layer, and a modified linear unit activation function connected sequentially, followed by a second random deactivation layer. The output feature dimension of the second fully connected layer is half that of the first fully connected layer. The single-neuron output layer is a one-dimensional fully connected layer used to output the logit value. The first and second models maintain the same number of layers and the width configuration of each hidden layer, and their trainable parameters are independent of each other.

3. The method according to claim 2, characterized in that, The last layer of the first model is the first output layer, which is a fully connected layer. Its input is the samples. The depth feature vectors obtained after processing by each hidden layer in the first model are output as a logit scalar, denoted as . After mapping with the Sigmoid activation function, the labeling bias probability estimate is obtained, which is used to represent the tendency of a sample to be selected as a labeled positive sample in a positive-unlabeled learning scenario. The connection weights and biases of the first output layer and each hidden layer in the first model together constitute the trainable model parameters of the first model. .

4. The method according to claim 3, characterized in that, The last layer of the second model is the second output layer, which is a fully connected layer. Its input is the samples. The depth feature vectors obtained after processing by each hidden layer in the second model output a logit scalar, denoted as . After mapping with the Sigmoid activation function, the probability estimate of whether a sample belongs to the attack category is obtained. The connection weights and biases of the second output layer and each hidden layer in the second model together constitute the trainable model parameters of the second model. .

5. The method according to claim 4, characterized in that, The value of the positive-unlabeled loss function is determined by the positive-unlabeled consistency loss function. Pairwise comparison classification loss function constitute: in, For hyperparameters, It is a positive-unlabeled loss function. For the labeled positive sample set, For the unlabeled sample set, This is a set of high-quality sample pairs selected based on the feature space heterogeneity criterion, where each sample pair consists of a labeled positive sample and an unlabeled sample; The formula for calculating the positive-unlabeled consistency loss function is as follows: in It is the sigmoid function; The formula for calculating the pairwise comparison classification loss function is as follows: in For pairwise comparison of sample pairs, and sample The positive class confidence level is higher than that of the sample. The positive class confidence level; (Note: The original text appears to be incomplete and contains several grammatical errors. A more accurate translation would require the full context.) , , , These represent the cyclic symmetric term and the non-cyclic symmetric term in the loss function, respectively. The calculation formula is as follows: in This represents the loss term, weighted by the prior probability of the negative class, when the sample is predicted as the positive class. This represents the loss term weighted by the prior probability of the positive class when the sample is predicted as the negative class; It is the ReLU function; The calculation formula is as follows: For sample pairs The noise state estimation indicator is defined as follows: For the sample The true category label, 1 indicates attack traffic. This indicates normal or benign network traffic.

6. The method according to claim 1, characterized in that, The monitored objects corresponding to the network traffic data include one or more of the following: enterprise information networks, campus networks, and virtual networks in cloud computing environments; the attack-type network flows cover at least one of the following attack modes: denial of service and distributed denial of service, network probing and port scanning, password brute-force and unauthorized access, remote penetration and privilege escalation, and malicious communication.

7. The method according to claim 1, characterized in that, The feature vector is preprocessed, including at least the following: extracting labels and performing binarization mapping; deleting identifier fields that are irrelevant to attack detection; performing numerical processing according to field type, where categorical fields use one-hot encoding or label encoding, and non-numerical fields are converted to numerical values ​​according to rules and unresolvable values ​​are recorded as missing; replacing infinite values ​​with missing values; imputing missing values ​​with training set statistics; and performing consistency transformation to form a standardized feature vector that conforms to the model input format.

8. A network intrusion detection system using dual-model collaborative positive-unlabeled learning, characterized in that, include: The traffic acquisition and preprocessing module is used to acquire network traffic data, extract the feature vectors corresponding to each network traffic, and preprocess the feature vectors to obtain standardized feature vectors that conform to the model input format. The model building module is used to construct a deep learning-based intrusion detection model. The model includes a first model and a second model, both of which include multiple fully connected layers, layer normalization, and activation functions. The first and second models have the same network structure and share the same input feature form, but they undertake different learning tasks and their parameters are updated independently. Specifically, the first model is used to obtain an estimate of the labeling tendency probability of the input sample, representing the likelihood that the sample will be labeled as a positive sample in a positive-unlabeled learning scenario; the second model is used to obtain an estimate of the probability that the input sample belongs to an attack category. The model training module is used to construct the training dataset and execute the model training process. In this module, attack-type network flows are labeled as positive and normal network flows are labeled as negative. A portion of the positive samples are selected according to a preset ratio to form a labeled positive sample set. The positive samples not selected into the labeled positive sample set, together with all negative samples, form an unlabeled sample set. During training, the labeled positive samples and unlabeled samples are paired and input into the intrusion detection model. The model is passed through the first model and the second model respectively, and outputs the probability estimate of labeled tendency and the probability estimate of belonging to the attack category. The positive-unlabeled loss function value is calculated, and the trainable parameters of the first model and the second model are updated independently by minimizing the loss. The intrusion detection module is used to input the feature vector formed by the network traffic to be detected after the same preprocessing into the trained intrusion detection model, obtain the probability estimate of the attack category output by the second model, and obtain the final detection result of the network traffic to be detected.

9. An electronic device, characterized in that, It includes one or more processors, a memory, and one or more programs stored in the memory, wherein when the programs are executed by the processor, they implement the dual-model collaborative positive-unlabeled learning network intrusion detection method as described in any one of claims 1 to 7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the network intrusion detection method of dual-model collaborative positive-unlabeled learning as described in any one of claims 1 to 7.