Research on Domain Adaptive Intrusion Detection Method Based on  Dynamic Feature Fusion

Journal of Information Security Reserach ›› 2026, Vol. 12 ›› Issue (4): 294-.

Research on Domain Adaptive Intrusion Detection Method Based on Dynamic Feature Fusion

Chen Lifang1,2, Zhao Renzhe1, Cao Kexin1, Han Yang1, and Dai Qi1

1(College of Science, North China University of Technology, Tangshan, Hebei 063210)
2(Hebei Key Laboratory of Data Science and Application, Tangshan, Hebei 063210)

Online:2026-04-07 Published:2026-04-07

动态特征融合的域自适应入侵检测方法研究

陈丽芳1,2赵人喆1曹柯欣1韩阳1代琪1

1(华北理工大学理学院河北唐山063210)
2(河北省数据科学与应用重点实验室河北唐山063210)

通讯作者: 代琪博士.主要研究方向为数据挖掘、机器学习. dai18232576157@163.com
作者简介:陈丽芳博士，教授.主要研究方向为数据挖掘和处理、神经网络建模、网络与信息安全. hblg_clf@163.com 赵人喆硕士研究生.主要研究方向为入侵检测、机器学习. 13385741618@163.com 曹柯欣硕士研究生.主要研究方向为机器学习、优化算法. 3095498727@qq.com 韩阳博士.主要研究方向为钢铁大数据、冶金数学模型、智能计算. hanyang@ncst.edu.cn 代琪博士.主要研究方向为数据挖掘、机器学习. dai18232576157@163.com
基金资助:
国家自然科学基金面上项目(52074126)；河北省高等学校科学技术研究项目(BJ2025217)；唐山市科学技术局应用基础研究项目(24130202C)

Abstract

Abstract: Aiming at the problems of incomplete feature extraction and limited model generalization ability in intrusion detection research, a domain adaptive intrusion detection method with dynamic feature fusion is proposed. Firstly, a convolutional neural network is used to extract spatial features, while a bidirectional long shortterm memory network is utilized for temporal feature extraction. This approach enables comprehensive extraction of multidimensional feature information from network traffic data. Secondly, the uncertainty is measured by calculating the information entropy of the two features, and different weights are assigned according to the entropy value, and the extracted features are weighted and fused according to the weights. Finally, during the training process, the proposed adaptive domain weight loss algorithm is used to dynamically adjust the contribution of the source domain and target domain data to improve the generalization ability of the model on the target domain data. Experiments are carried out using the NSLKDD and UNSWNB15 datasets. Compared with the existing mainstream methods, this method has higher detection accuracy, which is 0.8563 and 0.916 respectively.

Key words: feature extraction, dynamic feature fusion, domain adaptive, intrusion detection, source domain, target domain

摘要： 针对入侵检测研究中特征提取不全面、模型泛化能力差的问题，提出了一种动态特征融合的域自适应入侵检测方法：首先，通过卷积神经网络提取空间特征，利用双向长短期记忆网络提取时序特征，全面提取网络流量数据的多维特征信息；其次，通过计算2种特征的信息熵衡量不确定性，根据熵值分配不同的权重，并根据权重将提取的特征加权融合；最后，在训练过程中使用提出的自适应域权重损失算法动态调节源域和目标域数据的贡献比例，以提高模型在目标域数据上的泛化能力.在NSLKDD和UNSWNB15数据集上的实验表明，与现有的主流方法相比该方法具有更高的检测准确率，分别达到0.8563和0.916.

关键词: 特征提取, 动态特征融合, 域自适应, 入侵检测, 源域, 目标域

CLC Number:

TP393.08

陈瀚文, 章乐, 池亚平, 姜波, 王志强, . 动态特征融合的域自适应入侵检测方法研究[J]. 信息安全研究, 2026, 12(4): 294-.

References

［1］Reddy D K K, Nayak J, Behera H S, et al. A systematic literature review on swarm intelligence based intrusion detection system: Past, present and future［J］. Archives of Computational Methods in Engineering, 2024, 31(5): 27172784［2］Abdulganiyu O H, Ait Tchakoucht T, Saheed Y K. A systematic literature review for network intrusion detection system(IDS)［J］. International Journal of Information Security, 2023, 22(5): 11251162［3］翁铜铜, 矫桂娥, 张文俊. 一种融合时空特征的物联网入侵检测方法［J］.信息安全研究, 2025, 11(3): 241248［4］王秀玉, 吴晓鸰, 冯永晋. 融合过欠采样与GAN的网络入侵检测方法［J］.小型微型计算机系统, 2025, 46(2): 449455［5］Iman M, Arabnia H R, Rasheed K. A review of deep transfer learning and recent advancements［J］. Technologies, 2023, 11(2): 40［6］刘文琪, 胡涛, 闫洁, 等. 基于DeepInsight和迁移学习的入侵检测技术［J］.工程科学学报, 2024, 46(12): 22382245［7］Han F, Ye P, Duan S, et al. AdaiD: Active domain adaptation for intrusion detection［C］ Proc of the 32nd ACM Int Conf on Multimedia. New York: ACM, 2024: 74047413［8］Wu J, Wang Y, Dai H, et al. Adaptive birecommendation and selfimproving network for heterogeneous domain adaptationassisted IoT intrusion detection［J］. IEEE Internet of Things Journal, 2023, 10(15): 1320513220［9］Chen X, Yin H, Chen Q, et al. Multisource subdomain negative transfer suppression and multiple pseudolabels guidance alignment: A method for fault diagnosis under crossworking conditions［J］. ISA Transactions, 2024, 154: 389406［10］Zhao Y, Han H, Shan S, et al. Deep subdomain alignment for crossdomain image classification［C］ Proc of the IEEECVF Winter Conf on Applications of Computer Vision. Piscataway, NJ: IEEE, 2024: 28202829［11］Chen Y, Pan Y, Wang Y, et al. Transferrable contrastive learning for visual domain adaptation［C］ Proc of the 29th ACM Int Conf on Multimedia. New York: ACM, 2021: 33993408［12］Li J, Li Z, Lü S. Feature concatenation for adversarial domain adaptation［J］. Expert Systems with Applications, 2021, 169: 114490［13］Liang J, Hu D, Feng J. Do we really need to access the source data? source hypothesis transfer for unsupervised domain adaptation［C］ Proc of Int Conf on Machine Learning. New York: PMLR, 2020: 60286039［14］AlShahrani B M M, Quasim M T. Classification of cyberattack using Adaboost regression classifier and securing the network［J］. Turkish Journal of Computer and Mathematics Education, 2021, 12(10): 12151223［15］Zhang H, Li J L, Liu X M, et al. Multidimensional feature fusion and stacking ensemble mechanism for network intrusion detection［J］. Future Generation Computer Systems, 2021, 122: 130143［16］Liu S, Wang B. Optimized modified ResNet18: A residual neural network for high resolution［C］ Proc of the 4th IEEE Int Conf on Electronic Technology, Communication and Information (ICETCI). Piscataway, NJ: IEEE, 2024: 15［17］Wang L H, Dai Q, Du T, et al. Lightweight intrusion detection model based on CNN and knowledge distillation［J］. Applied Soft Computing, 2024, 165: 112118

[1]	. Research on Twostage Network Intrusion Detection Method for Outofdistribution Traffic Data [J]. Journal of Information Security Reserach, 2026, 12(3): 265-.
[2]	. Research Progress on Detection Technologies for Network Attack Based on Large Language Model#br# [J]. Journal of Information Security Reserach, 2026, 12(1): 16-.
[3]	. Internet of Things Intrusion Detection Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2025, 11(9): 788-.
[4]	. Design of Intrusion Detection System for Oil and Gas Production IoT #br# Based on Edgecloud Collaboration#br# [J]. Journal of Information Security Reserach, 2025, 11(9): 868-.
[5]	. Task Independent Privacy Protection in Personalized Federated Learning for Battery Monitoring [J]. Journal of Information Security Reserach, 2025, 11(5): 481-.
[6]	. Fake Face Detection Method Based on ConvNeXt [J]. Journal of Information Security Reserach, 2025, 11(3): 231-.
[7]	. An Intrusion Detection Method for Internet of Things by Fusing #br# Spatiotemporal Features#br# [J]. Journal of Information Security Reserach, 2025, 11(3): 241-.
[8]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.
[9]	. A Malicious TLS Traffic Detection Method with Multimodal Features [J]. Journal of Information Security Reserach, 2025, 11(2): 130-.
[10]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[11]	. Intrusion Detection Model Incorporating Contrastive Learning and Feature Selection [J]. Journal of Information Security Reserach, 2024, 10(5): 453-.
[12]	. Vehicle CAN Intrusion Detection Method Based on MobileViT Lightweight Network [J]. Journal of Information Security Reserach, 2024, 10(5): 411-.
[13]	. Research on Network Traffic Intrusion Detection Method Based on Denoising Diffusion Probability Model [J]. Journal of Information Security Reserach, 2024, 10(5): 421-.
[14]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[15]	. Traffic Anomaly Detection Based on Improved Pigeon Inspired Optimizer and #br# Pyramid Convolution#br# [J]. Journal of Information Security Reserach, 2024, 10(12): 1107-.