基于FFT-iTransformer的网络安全态势特征插补与预测

doi:10.3969/j.issn.1671-1122.2025.02.004

摘要/Abstract

摘要：

为解决当前网络安全态势预测精度低、指标采集缺失等问题，文章提出一种基于快速傅里叶变换改进的iTransformer模型（FFT-iTransformer）。该模型利用iTransformer架构对时间序列数据进行维度反转嵌入。通过快速傅里叶变换将一维时间序列扩展为二维空间，将周期内的近邻特征和周期间的远邻特征分别映射到二维张量的行与列。首先，模型将周期内特征输入编码器，通过注意力机制学习周期内的局部特征，从而有效捕捉网络安全指标间的动态关联性（如信息安全漏洞数量与感染主机数量间的关联）。然后，将编码器输出的周期内张量融合为二维，传入卷积模块进一步提取二维特征，以捕捉周期间的全局特征。最后，根据振幅所反映的周期相对重要性进行自适应聚合。实验结果表明，该模型预测拟合度可达0.995378，在10%的缺失率下，插补拟合度可达0.879，优于大多数现有模型，可准确插补网络安全态势指标的缺失值，并预测态势值。

关键词: 网络安全, 态势预测, 插补, 快速傅里叶变换, iTransformer

Abstract:

To address the issues of low prediction accuracy and missing metric collection in current network security situation forecasting, this paper proposed an improved iTransformer model based on fast Fourier transformation. The model utilized the iTransformer architecture to perform dimensional reversal embedding on time series data. By applying fast Fourier transform, the one-dimensional time series was transformed into two-dimensional space, where intra-period neighboring features and inter-period non-neighboring features were mapped to rows and columns of two-dimensional tensors. The model first inputs intra-period features into the encoder to use the attention mechanism to learn local features within the period, which effectively captured dynamic correlations among network security indicators (such as the relationship between the number of information security vulnerabilities and infected hosts). Next, the intra-period tensor output by the encoder was fused into the two-dimensional form and passed into the convolutional module to further extract two-dimensional features, which captured global features across periods. Finally, adaptive aggregation was performed based on the relative importance of the periods reflected by the amplitude. The experimental results show that the model achieves an imputation fitting degree of 0.879 with a 10% missing rate, and a prediction fitting degree of 0.995378, outperforming most existing models. It can accurately impute missing values for network security situation indicators and predict situation values.

Key words: network security, situation prediction, imputation, fast Fourier transform, iTransformer

中图分类号:

TP309

张新有, 高志超, 冯力, 邢焕来. 基于FFT-iTransformer的网络安全态势特征插补与预测[J]. 信息网络安全, 2025, 25(2): 228-239.

ZHANG Xinyou, GAO Zhichao, FENG Li, XING Huanlai. FFT-iTransformer-Based Cybersecurity Situation Awareness Feature Imputation and Prediction[J]. Netinfo Security, 2025, 25(2): 228-239.

图/表 13

图1

图2

图3

图4

表1

表2

图5

表3

各个模型插补评价指标对比结果

模型	10%缺失率			20%缺失率
模型	MSE	MAE	${{R}^{2}}$	MSE	MAE	${{R}^{2}}$
FFT-iTransformer	0.0049	0.0417	0.879	0.0084	0.0591	0.831
TimesNet	0.0054	0.0455	0.885	0.0083	0.0524	0.836
Non-stationary Transformer	0.0074	0.0495	0.841	0.0103	0.0576	0.827
iTransformer	0.0091	0.0573	0.840	0.0128	0.0629	0.771

表3

表4

图6

表5

不同Inception模块评价指标对比结果

模块	MSE	MAE	${{R}^{2}}$
InceptionV1	0.000011	0.002675	0.995378
InceptionV2	0.000052	0.005670	0.978419

表5

图7

表6

不同模型评价指标对比

模型	MAE	MSE	${{R}^{2}}$
FFT-iTransformer	0.002675	0.000011	0.995378
iTransformer	0.006584	0.000076	0.968684
Transformer	0.009259	0.000124	0.948944
Non-stationary Transformer	0.004844	0.000035	0.985515
TimesNet	0.002236	0.000022	0.990874
CNN-LSTM	0.011349	0.000193	0.920529

表6

参考文献 25

[1]	HE Chunrong, ZHU Jiang. Security Situation Prediction Method of GRU Neural Network Based on Attention Mechanism[J]. Systems Engineering and Electronics, 2021, 43(1): 258-266. doi: 10.3969/j.issn.1001-506X.2021.01.32
	何春蓉, 朱江. 基于注意力机制的GRU神经网络安全态势预测方法[J]. 系统工程与电子技术, 2021, 43(1): 258-266. doi: 10.3969/j.issn.1001-506X.2021.01.32
[2]	AMIRI M, JENSEN R. Missing Data Imputation Using Fuzzy-Rough Methods[J]. Neurocomputing, 2016, 205: 152-164.
[3]	BARTHOLOMEW D J. Time Series Analysis Forecasting and Control[J]. Journal of the Operational Research Society, 1971, 22(2): 199-201.
[4]	HAMZAÇEBI C. Improving Artificial Neural Networks’ Performance in Seasonal Time Series Forecasting[J]. Information Sciences, 2008, 178(23): 4550-4559.
[5]	WANG Jun, DU Wenjie, CAO Wei, et al. Deep Learning for Multivariate Time Series Imputation: A Survey[EB/OL]. (2024-02-06)[2024-11-11]. https://doi.org/10.48550/arXiv.240.04059.
[6]	CHE Zhengping, PURUSHOTHAM S, CHO K, et al. Recurrent Neural Networks for Multivariate Time Series with Missing Values[EB/OL]. (2018-04-17)[2024-11-11]. https://pubmed.ncbi.nlm.nih.gov/29666385/.
[7]	WU Haixu, HU Tengge, LIU Yong, et al. TimesNet: Temporal 2D-Variation Modeling for General Time Series Analysis[EB/OL]. (2023-04-12)[2024-11-11]. https://doi.org/10.48550/arXiv.2210.02186.
[8]	CINI A, MARISCA I, ALIPPI C. Filling the G_ap_s: Multivariate Time Series Imputation by Graph Neural Networks[EB/OL]. (2022-02-10)[2024-11-11]. https://doi.org/10.48550/arXiv.2108.00298.
[9]	LIU Yong, WU Haixu, WANG Jianmin, et al. Non-Stationary Transformers[C]// ACM. Proceedings of the 36th International Conference on Neural Information Processing Systems. New York: ACM, 2022: 9881-9889.
[10]	HU Jingjing, MA Dongyan, LIU Chen, et al. Network Security Situation Prediction Based on MR-SVM[J]. IEEE Access, 2019, 7: 130937-130945. doi: 10.1109/ACCESS.2019.2939490
[11]	ZHAO Dongmei, WU Yaxing, ZHANG Hongbin. Network Security Situation Prediction Based on IPSO-BiLSTM[J]. Computer Science, 2022, 49(7): 357-362. doi: 10.11896/jsjkx.210900103
	赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测[J]. 计算机科学, 2022, 49(7): 357-362. doi: 10.11896/jsjkx.210900103
[12]	SUN Junfeng, LI Chenghai, CAO Bo. Network Security Situation Prediction Based on TCN-BiLSTM[J]. Systems Engineering and Electronics, 2023, 45(11): 3671-3679. doi: 10.12305/j.issn.1001-506X.2023.11.36
	孙隽丰, 李成海, 曹波. 基于TCN-BiLSTM的网络安全态势预测[J]. 系统工程与电子技术, 2023, 45(11): 3671-3679. doi: 10.12305/j.issn.1001-506X.2023.11.36
[13]	ZHAO Dongmei, LI Zhijian. Network Security Situation Prediction Based on Transformer[J]. Journal of Huazhong University of Science and Technology (Natural Science Edition), 2022, 50(5): 46-52.
	赵冬梅, 李志坚. 基于Transformer的网络安全态势预测[J]. 华中科技大学学报(自然科学版), 2022, 50(5): 46-52.
[14]	LIU Yong, HU Tengge, ZHANG Haoran, et al. iTransformer: Inverted Transformers are Effective for Time Series Forecasting[EB/OL]. (2024-03-14)[2024-11-11]. https://doi.org/10.48550/arXiv.2310.06625.
[15]	ZHANG Jianhui, TENG Jie, LI Xiuhui, et al. Short-Term Prediction of Photovoltaic Power Based on Meteorological Features and Improved Transformer[J]. Journal of Engineering for Thermal Energy and Power, 2024, 39(8): 146-154.
	张建辉, 滕婕, 李秀慧, 等. 基于气象特征和改进Transformer的光伏功率短期预测[J]. 热能动力工程, 2024, 39(8): 146-154.
[16]	ZHOU Tian, MA Ziqing, WEN Qingsong, et al. FEDformer: Frequency Enhanced Decomposed Transformer for Long-Term Series Forecasting[EB/OL]. (2022-06-16)[2024-11-11]. https://doi.org/10.48550/arXiv.2201.12740.
[17]	LIU Shizhan, YU Hang, LIAO Cong, et al. Pyraformer: Low-Complexity Pyramidal Attention for Long-Range Time Series Modeling and Forecasting[EB/OL]. (2023-02-14)[2024-11-11]. https://openreview.net/forum?id=0EXmFzUn5I.
[18]	DAS A, KONG Weihao, LEACH A, et al. Long-Term Forecasting with TIDE: Time-Series Dense Encoder[EB/OL]. (2024-04-04)[2024-11-11]. https://doi.org/10.48550/arXiv.2304.08424.
[19]	SZEGEDY C, LIU Wei, JIA Yangqing, et al. Going Deeper with Convolutions[C]// IEEE. 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). New York: IEEE, 2015: 1-9.
[20]	WU Haixu, XU Jiehui, WANG Jianmin, et al. Autoformer: Decomposition Transformers with Auto-Correlation for Long-Term Series Forecasting[EB/OL]. (2022-01-07)[2024-11-11]. https://doi.org/10.48550/arXiv.2106.13008.
[21]	LI Peng, GE Ruzhe, DONG Cun, et al. Adaptive SOH Estimation Method Based on the Transpose Transformer Model for Electrochemical Energy Storage[EB/OL]. (2024-08-12)[2024-11-11]. https://doi.org/10.13336/j.1003-6520.hve.20240555.
	李鹏, 葛儒哲, 董存, 等. 基于转置Transformer模型的电化学储能自适应SOH估计方法[EB/OL]. (2024-08-12)[2024-11-11]. https://doi.org/10.13336/j.1003-6520.hve.20240555.
[22]	DONG Shi, SHU Longhui, XIA Qinyu, et al. Device Identification Method for Internet of Things Based on Spatial-Temporal Feature Residuals[J]. IEEE Transactions on Services Computing, 2024, 17(6): 3400-3416.
[23]	National Internet Emergency Center. The Cybersecurity Information and Dynamics Weekly Report from 2013 to 2022[EB/OL]. (2022-04-20)[2024-11-11]. https://www.cert.org.cn/publish/main/44/index_20.html.
	国家互联网应急中心. 2013年至2022年网络安全信息与动态周报[EB/OL]. (2022-04-20)[2024-11-11]. https://www.cert.org.cn/publish/main/44/index_20.html.
[24]	MUNKHDALAI L, MUNKHDALAI T, PARK K H, et al. An End-to-End Adaptive Input Selection with Dynamic Weights for Forecasting Multivariate Time Series[J]. IEEE Access, 2019, 7: 99099-99114.
[25]	XIA Qinyu, DONG Shi, PENG Tao. An Abnormal Traffic Detection Method for IoT Devices Based on Federated Learning and Depthwise Separable Convolutional Neural Networks[C]// IEEE. 2022 IEEE International Performance, Computing, and Communications Conference (IPCCC). New York: IEEE, 2022: 352-359.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	6	0	0	20

来源	本网站	其他网站

次数	26	0
比例	100%	0%

摘要

最新录用	在线预览	正式出版

0	0	77

	来源	本网站

	次数	77
	比例	100%

实验环境	具体配置
操作系统	Windows11
CPU	Intel(R) Core(TM) i9-13900H 2.60 GHz
内存	16GB
硬盘	950GB
开发框架	PyTorch 2.0.1

参数设置	FFT-iTransformer插补模型	FFT-iTransformer预测模型
优化算法	Adam	Adam
学习率	0.001	0.001
Block层数	6	2
编码器层数	3	6
k	2	2
d_model	64	64
d_ff	256	256
n_heads	8	8
批处理大小	16	16