融合Transformer和Inception的网络入侵检测研究

张万琪; 王家兴; 宋振峰

doi:10.11959/j.issn.1000-0801.2026009

您当前的位置：

首页 >

文章列表页 >

融合Transformer和Inception的网络入侵检测研究

研究与开发 | 更新时间：2026-03-02

- 融合Transformer和Inception的网络入侵检测研究
- Research on network intrusion detection based on fusion Transformer and Inception
- 电信科学 2026年42卷第1期页码：127-144
- 作者机构：
  
  中国人民公安大学信息网络安全学院，北京 100038
- 作者简介：
  
  [ "张万琪（2000- ），男，中国人民公安大学信息网络安全学院硕士生，主要研究方向为网络信息安全。" ]
  [ "王家兴（2000- ），男，中国人民公安大学信息网络安全学院硕士生，主要研究方向为自然语言处理、情感方面级分析等。" ]
  [ "宋振峰（1980- ），男，博士，中国人民公安大学信息网络安全学院副教授，主要研究方向为警务信息技术、网络安全。" ]
- 基金信息：
  
  中央高校基本科研业务费专项资金资助项目(2023JKF01ZK07)
- DOI：10.11959/j.issn.1000-0801.2026009
  中图分类号： TP393
- 收稿：2025-07-14，
  
  修回：2025-08-22，
  
  录用：2025-08-22，
  
  纸质出版：2026-01-20
- 稿件说明：
移动端阅览
张万琪,王家兴,宋振峰.融合Transformer和Inception的网络入侵检测研究[J].电信科学,2026,42(01):127-144.

Zhang Wanqi,Wang Jiaxing,Song Zhenfeng.Research on network intrusion detection based on fusion Transformer and Inception[J].Telecommunications Science,2026,42(01):127-144.
张万琪,王家兴,宋振峰.融合Transformer和Inception的网络入侵检测研究[J].电信科学,2026,42(01):127-144. DOI： 10.11959/j.issn.1000-0801.2026009.

Zhang Wanqi,Wang Jiaxing,Song Zhenfeng.Research on network intrusion detection based on fusion Transformer and Inception[J].Telecommunications Science,2026,42(01):127-144. DOI： 10.11959/j.issn.1000-0801.2026009.

摘要

针对当前入侵检测模型流量特征提取信息能力不足且检测效率低的问题，提出一种结合特征预提取模块和残差注意力模块（feature pre-extraction module-residual attention module，FRAM）、Transformer-DSC-Inception-金字塔注意力机制（Transformer-DSC-Inception-pyramid squeeze attention，T-DIPSA）的入侵检测方法，即T-DIPSA-FRAM。该方法融合自适应过采样（adaptive synthetic sampling，ADASYN）、精简编辑最近邻（reduced edited nearest neighbors，RENN）和局部离群因子（local outlier factor，LOF）算法，提高模型在复杂网络流量环境下的检测性能。首先，采用自适应混合采样与离群点检测（AR-LOF）算法平衡数据集；其次，设计包含残差注意力模块的特征预提取模块，初步高效提取网络流量中的关键特征，改善高维特征的学习稳定性；最后，设计局部特征增强注意力模块，利用Transformer编码器结构捕捉长距离依赖关系的同时，融合DIPSA的前馈网络聚焦多尺度局部空间特征，增强模型对动态、非均匀分布流量的敏感性。实验结果表明，在UNSW-NB15数据集和ToN-IoT数据集的二分类和多分类检测任务中，T-DIPSA-FRAM取得的F1值分别为93.58%、95.35%，加权F1值分别为88.26%、91.03%。研究表明，T-DIPSA-FRAM方法能够有效提升网络入侵检测的可靠性。

Abstract

Aiming at the insufficient capability of current intrusion detection models in extracting information from traffic features and their low detection efficiency

an intrusion detection method named T-DIPSA-FRAM was proposed

which integrates a feature pre-extraction module-residual attention module (FRAM) and a Transformer-DSC-Inception-pyramid squeeze attention mechanism (T-DIPSA). This method combined adaptive synthetic sampling (ADASYN)

reduced edited nearest neighbors (RENN)

and local outlier factor (LOF) algorithms to enhance the detection performance of the model in complex network traffic environments. Firstly

an adaptive hybrid sampling and outlier detection with LOF (AR-LOF) algorithm was employed to balance the dataset. Then

a feature pre-extraction module incorporating a residual attention module was designed to efficiently extract key features from network traffic

improving the learning stability of high-dimensional features. Finally

a local feature-enhanced attention module was designed. While capturing long-range dependencies using the Transformer encoder structure

the feedforward network of DIPSA was integrated to focus on multi-scale local spatial features

enhancing the model’s sensitivity to dynamic and non-uniformly distributed traffic. Experimental results demonstrate that on binary and multi-class classification tasks using the UNSW-NB15 and ToN-IoT datasets

T-DIPSA-FRAM achieved F1 scores of 93.58% and 95.35%

and weighted F1 scores of 88.26% and 91.03%

respectively. The study indicates that the T-DIPSA-FRAM method can effectively improve the reliability of network intrusion detection.

关键词

Keywords

references

张昊 , 张小雨 , 张振友 , 等 . 基于深度学习的入侵检测模型综述 [J ] . 计算机工程与应用 , 2022 , 58 ( 6 ): 17 - 28 .

Zhang H , Zhang X Y , Zhang Z Y , et al . Summary of intrusion detection models based on deep learning [J ] . Computer Engineering and Applications , 2022 , 58 ( 6 ): 17 - 28 .

He K , Kim D D , Asghar M R . Adversarial machine learning for network intrusion detection systems: a comprehensive survey [J ] . IEEE Communications Surveys & Tutorials , 2023 , 25 ( 1 ): 538 - 566 .

Rashid M , Kamruzzaman J , Imam T , et al . A tree-based stacking ensemble technique with feature selection for network intrusion detection [J ] . Applied Intelligence , 2022 , 52 ( 9 ): 9768 - 9781 .

Disha R A , Waheed S . Performance analysis of machine learning models for intrusion detection system using Gini impurity-based weighted random forest (GIWRF) feature selection technique [J ] . Cybersecurity , 2022 , 5 : 1 .

Fu Y F , Du Y S , Cao Z J , et al . A deep learning model for network intrusion detection with imbalanced data [J ] . Electronics , 2022 , 11 ( 6 ): 898 .

Naeem H , Cheng X C , Ullah F , et al . A deep convolutional neural network stacked ensemble for malware threat classification in Internet of things [J ] . Journal of Circuits, Systems and Computers , 2022 , 31 ( 17 ): 2250302 .

孙佳佳 , 李承礼 , 常德显 , 等 . 基于生成对抗网络的入侵检测类别不平衡问题数据增强方法 [J ] . 科学技术与工程 , 2022 , 22 ( 18 ): 7965 - 7971 .

Sun J J , Li C L , Chang D X , et al . Data augmentation method for intrusion detection imbalance problem using generative adversarial networks [J ] . Science Technology and Engineering , 2022 , 22 ( 18 ): 7965 - 7971 .

Arafah M , Phillips I , Adnane A , et al . Anomaly-based network intrusion detection using denoising autoencoder and Wasserstein GAN synthetic attacks [J ] . Applied Soft Computing , 2025 , 168 : 112455 .

Khan M A , Iqbal N , Jamil H , et al . An optimized ensemble prediction model using AutoML based on soft voting classifier for network intrusion detection [J ] . Journal of Network and Computer Applications , 2023 , 212 : 103560 .

Sun Y , Que H K , Cai Q Q , et al . Borderline SMOTE algorithm and feature selection-based network anomalies detection strategy [J ] . Energies , 2022 , 15 ( 13 ): 4751 .

Al-Shehari T , Kadrie M , Al-Mhiqani M N , et al . Comparative evaluation of data imbalance addressing techniques for CNN-based insider threat detection [J ] . Scientific Reports , 2024 , 14 : 24715 .

Halbouni A , Gunawan T S , Habaebi M H , et al . CNN-LSTM: hybrid deep neural network for network intrusion detection system [J ] . IEEE Access , 2022 , 10 : 99837 - 99849 .

Wu Z H , Zhang H , Wang P H , et al . RTIDS: a robust transformer-based approach for intrusion detection system [J ] . IEEE Access , 2022 , 10 : 64375 - 64387 .

He J X , Wang X D , Song Y F , et al . A multiscale intrusion detection system based on pyramid depthwise separable convolution neural network [J ] . Neurocomputing , 2023 , 530 : 48 - 59 .

Karthick Raghunath K M , Kumar V V , Venkatesan M , et al . XGBoost regression classifier (XRC) model for cyber attack detection and classification using inception V4 [J ] . Journal of Web Engineering , 2022 , 21 ( 4 ): 1295 - 1322 .

谢金鑫 . 基于深度学习模型的网络入侵检测研究 [D ] . 天津 : 天津理工大学 , 2022 .

Xie J X . Research on network intrusion detection based on deep learning model [D ] . Tianjin : Tianjin University of Technology , 2022 .

Yang K , Wang J M , Li M J . An improved intrusion detection method for IIoT using attention mechanisms, BiGRU, and Inception-CNN [J ] . Scientific Reports , 2024 , 14 : 19339 .

Ding W P , Abdel-Basset M , Mohamed R . DeepAK-IoT: an effective deep learning model for cyberattack detection in IoT networks [J ] . Information Sciences , 2023 , 634 : 157 - 171 .

Li B , Li Z , Yang Y L . Residual attention graph convolutional network for web services classification [J ] . Neurocomputing , 2021 , 440 : 45 - 57 .

Islam S , Elmekki H , Elsebai A , et al . A comprehensive survey on applications of transformers for deep learning tasks [J ] . Expert Systems with Applications , 2024 , 241 : 122666 .

向思羽 , 刘才铭 . 结合混合特征选择和Transformer的网络数据流异常检测 [J ] . 电子科技大学学报 , 2025 , 54 ( 3 ): 442 - 454 .

Xiang S Y , Liu C M . Network data anomaly detection combined with hybrid feature selection and Transformer [J ] . Journal of University of Electronic Science and Technology of China , 2025 , 54 ( 3 ): 442 - 454 .

李聪聪 , 袁子龙 , 滕桂法 . 基于深度学习的时空特征融合网络入侵检测模型研究 [J ] . 信息安全研究 , 2025 , 11 ( 2 ): 122 - 129 .

Li C C , Yuan Z L , Teng G F . Research on deep learning-based spatio-temporal feature fusion network intrusion detection model [J ] . Journal of Information Security Research , 2025 , 11 ( 2 ): 122 - 129 .

Zhang H , Zu K K , Lu J ， et al . EPSANet: an efficient pyramid squeeze attention block on convolutional neural network [C ] // Proceeding of the Computer Vision-ACCV 2022: 16th Asian Conference on Computer Vision . Heidelberg : Springer , 2022 : 541 - 557 .

Zoghi Z , Serpen G . UNSW-NB15 computer security dataset: Analysis through visualization [J ] . Security and Privacy , 2024 , 7 ( 1 ): e331 .

Tareq I , Elbagoury B M , El-Regaily S , et al . Analysis of ToN-IoT, UNW-NB15, and edge-IIoT datasets using DL in cybersecurity for IoT [J ] . Applied Sciences , 2022 , 12 ( 19 ): 9572 .

金志刚 , 刘凯 , 武晓栋 . 堆叠循环卷积和头部注意力的工业互联网入侵检测 [J ] . 哈尔滨工业大学学报 , 2024 : 1 - 11 .

Jin Z G , Liu K , Wu X D . Industrial Internet intrusion detection based on stacking circular convolution and head attention [J ] . Journal of Harbin Institute of Technology , 2024 : 1 - 11 .

武玉坤 , 李伟 , 陈沅涛 . 深度置信网络融合局部保持投影的入侵检测模型 [J ] . 计算机应用与软件 , 2024 , 41 ( 6 ): 62 - 71 .

Wu Y K , Li W , Chen Y T . Intrusion detection model based on deep belief network fusing locality preserving projection [J ] . Computer Applications and Software , 2024 , 41 ( 6 ): 62 - 71 .

Kamal H , Mashaly M . Advanced hybrid transformer-CNN deep learning model for effective intrusion detection systems with class imbalance mitigation using resampling techniques [J ] . Future Internet , 2024 , 16 ( 12 ): 481 .

李井龙 , 刘胜全 , 马宇航 , 等 . 融合Transformer和MSCNN双分支架构的工控网络入侵检测研究 [J ] . 东北师大学报(自然科学版) , 2024 , 56 ( 3 ): 70 - 78 .

Li J L , Liu S Q , Ma Y H , et al . Integrating Transformer and MSCNN dual-branch architecture research on intrusion detection in industrial control networks [J ] . Journal of Northeast Normal University (Natural Science Edition) , 2024 , 56 ( 3 ): 70 - 78 .

Lo W W , Layeghy S , Sarhan M , et al . E-GraphSAGE: a graph neural network based intrusion detection system for IoT [C ] // Proceedings of the NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium . Piscataway : IEEE Press , 2022 : 1 - 9 .

罗国宇 , 汪学舜 , 戴锦友 . 物联网入侵检测的随机特征图神经网络模型 [J ] . 计算机工程与应用 , 2024 , 60 ( 21 ): 264 - 273 .

Luo G Y , Wang X S , Dai J Y . Random feature graph neural network for intrusion detection in Internet of Things [J ] . Computer Engineering and Applications , 2024 , 60 ( 21 ): 264 - 273 .

Tseng S M , Wang Y Q , Wang Y C . Multi-class intrusion detection based on Transformer for IoT networks using CIC-IoT-2023 dataset [J ] . Future Internet , 2024 , 16 ( 8 ): 284 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

一种复数域轻量化知识蒸馏驱动的调制识别模型

基于改进Transformer的电信重投报告自动生成方法研究

GMTBLC：基于深度学习的双模态网络流量分类

基于图神经网络的鲁棒加密流量识别

纳米增强体强化轻合金复合材料制备及构型设计研究进展与展望