A Network Traffic Anomaly Detection Model Based on Semisupervised  Twochannel Multiscale Gating Fusion

Abstract

Abstract: With the increasing number of network attacks, network traffic anomaly detection is becoming more and more important for maintaining network security and stability. However, existing methods are often difficult to effectively capture both static statistical features and dynamic temporal features of network traffic during feature extraction, resulting in limited detection performance in complex and evolving network environments. To address these issues, this paper proposes a twochannel multiscale gated fusion anomaly detection model (MSAD) based on semisupervised learning. The model first extracts static statistical features of the traffic, including the number of packets, total bytes, etc., through a multiscale convolutional neural network. Secondly, the temporal features of network traffic data are captured through a bidirectional GRU network and combined with a multihead attention mechanism. Finally, adaptive fusion of different modal features is performed through gated fusion mechanism. Meanwhile, for the problem of insufficient credibility of pseudolabel generation in semisupervised learning, a twostage adversarial pseudolabel generation strategy is proposed, which effectively improves the robustness of pseudolabels. The experimental results show that under the condition of limited labeled data, the model proposed in this paper achieves 99.63%, 99.54%, 99.9% and 99.72% of accuracy, precision, recall and F1 value on the CICIDS 2017 dataset, which is significantly better than traditional machine learning and deep learning methods.

Key words: anomaly detection, semisupervised learning, multiscale convolutional neural networks, bidirectional GRU networks, gated fusion mechanisms

摘要： 随着网络攻击的日益增多，网络流量异常检测对于维护网络安全稳定也越来越重要.然而，现有方法在特征提取方面往往难以同时有效捕捉网络流量的静态统计特征和动态时序特征，导致在复杂多变的网络环境下检测性能受限.为解决这些问题，提出了一种基于半监督学习的双通道多尺度门控融合异常检测模型(MSAD).该模型首先通过多尺度卷积神经网络提取流量的静态统计特征，包括包数量、总字节数等.其次，通过双向GRU网络并结合多头注意力机制对网络流量数据的时序特征进行捕捉.最后通过门控融合机制对不同模态特征进行自适应融合.同时，针对半监督学习中伪标签生成可信度不足的问题，提出了一种双阶段对抗性伪标签生成策略，有效提升了伪标签的鲁棒性.实验结果表明，在标注数据有限的条件下，该模型在CICIDS2017数据集上准确率、精确率、召回率和F1分数分别达到99.63%，99.54%，99.9%和99.72%，显著优于传统机器学习和深度学习方法.

关键词: 异常检测, 半监督学习, 多尺度卷积神经网络, 双向GRU网络, 门控融合机制

CLC Number:

TP391

陈颖, 范润椿, 文锋, . 一种基于半监督的双通道多尺度门控融合的网络流量异常检测模型[J]. 信息安全研究, 2026, 12(6): 566-.

References

［1］Djenouri Y, Belhadi A, Lin J C W, et al. A survey on urban traffic anomalies detection algorithms［J］. IEEE Access, 2019, 7: 1219212205［2］Kind A, Stoecklin M P, Dimitropoulos X. Histogrambased traffic anomaly detection［J］. IEEE Trans on Network and Service Management, 2009, 6(2): 110121［3］Santhosh K K, Dogra D P, Roy P P. Anomaly detection in road traffic using visual surveillance: A survey［J］. ACM Computing Surveys, 2020, 53(6): 126［4］Yu N. A novel selection method of network intrusion optimal route detection based on naive Bayesian［J］. International Journal of Applied Decision Sciences, 2018, 11(1): 117［5］RadoglouGrammatikis P I, Sarigiannidis P G. An anomalybased intrusion detection system for the smart grid based on CART decision tree［C］ Proc of the Global Information Infrastructure and Networking Symposium (GIIS). Piscataway, NJ: IEEE, 2018: 15［6］Wang W, Zhu M, Wang J L, et al. Endtoend encrypted traffic classification with onedimensional convolution neural networks［C］ Proc of the 2017 IEEE Int Conf on Intelligence and Security Informatics (ISI). Piscataway, NJ: IEEE, 2017: 4348［7］Jiang K, Wang W, Wang A, et al. Network intrusion detection combined hybrid sampling with deep hierarchical network［J］. IEEE Access, 2020, 8: 3246432476［8］Javaid A, Niyaz Q, Sun W, et al. A deep learning approach for network intrusion detection system［J］. Eai Endorsed Transations on Security and Safety, 2016, 3(9): 2126［9］Jasim M, Gaata M. Kmeans clusteringbased semisupervised for DDoS attacks classification［J］. Bulletin of Electrical Engineering and Informatics, 2022, 11(6): 35703576［10］Jiang E P. A semisupervised learning model for intrusion detection［J］. Intelligent Decision Technologies, 2019, 13(3): 343353［11］Du X, Li Y, Feng Z. A semisupervised intrusion detection algorithm based on autoencoder［G］ LNCS 12382: Security, Privacy, and Anonymity in Computation, Communication, and Storage. Berlin: Springer, 2021: 188199［12］Zhang Y, Niu J, He G, et al. Network intrusion detection based on active semisupervised learning［C］ Proc of the 51st Annual IEEEIFIP Int Conf on Dependable Systems and Networks (DSN). Piscataway, NJ: IEEE, 2021: 129135［13］Rosay A, Cheval E, Carlier F, et al. Network intrusion detection: A comprehensive analysis of CICIDS2017［C］ Proc of the 8th Int Conf on Information Systems Security and Privacy (ICISSP). Setubal: SCITEPRESS, 2022: 2536［14］Lian X, Zheng Y, Dang Z, et al. Semisupervised anomaly traffic detection via multifrequency reconstruction［J］. Pattern Recognition, 2025, 161: 111215［15］Li M, Luo L, Xiao K, et al. Adaptive semisupervised algorithm for intrusion detection and unknown attack identification［J］. Applied Sciences, 2025, 15(4): 1709

[1]	. Research on Log Anomaly Detection Method Integrating Semantic Features [J]. Journal of Information Security Reserach, 2026, 12(4): 383-.
[2]	. Log Anomaly Detection Based on Graph Attention Networks and Collaborative Learning [J]. Journal of Information Security Reserach, 2026, 12(3): 246-.
[3]	. Research on Network Unknown Attack Detection Based on Machine Learning#br# #br# [J]. Journal of Information Security Reserach, 2025, 11(9): 807-.
[4]	. A DiForest Algorithm for Detecting Abnormal Docker Container [J]. Journal of Information Security Reserach, 2025, 11(12): 1156-.
[5]	. TCNGANbased Temporal Traffic Anomaly Detection [J]. Journal of Information Security Reserach, 2025, 11(10): 907-.
[6]	. Research on Traffic Anomaly Detection Method and System for API Gateway [J]. Journal of Information Security Reserach, 2025, 11(10): 917-.
[7]	. Container Anomaly Detection Based on Attention Mechanism and Multiscale Convolutional Neural Network [J]. Journal of Information Security Reserach, 2025, 11(1): 35-.
[8]	. Malicious Client Detection and Defense Method for Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(2): 163-.
[9]	. Traffic Anomaly Detection Method by Secondorder Feature [J]. Journal of Information Security Reserach, 2024, 10(12): 1082-.
[10]	. Traffic Anomaly Detection Based on Improved Pigeon Inspired Optimizer and #br# Pyramid Convolution#br# [J]. Journal of Information Security Reserach, 2024, 10(12): 1107-.
[11]	. Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 921-.
[12]	. Research on Blockchain Abnormal Transaction Detection Technology Based on LightGBM [J]. Journal of Information Security Reserach, 2023, 9(9): 877-.
[13]	. Research on Blockchain Anomaly Transaction Detection Technology Based on Stacking Ensemble Learning [J]. Journal of Information Security Reserach, 2023, 9(2): 98-.
[14]	. [J]. Journal of Information Security Reserach, 2022, 8(6): 578-.
[15]	. Research on Channel Fingerprinting-Based Wireless Device Identity Anomaly Detection Technology [J]. Journal of Information Security Reserach, 2021, 7(9): 849-855.