Review of Network Intrusion Detection System for Unbalanced Data

doi:10.3969/j.issn.1671-1122.2025.08.006

Abstract

Abstract:

Network intrusion detection systems based on machine learning have become a research hotspot in recent years due to their excellent feature extraction and recognition capabilities. However, traffic data is imbalanced, and attack traffic is difficult to capture in real-world networks. The issue of unbalanced data leads to challenges in model generalization and degrades detection performance. To address the problem of unbalanced data, this paper analyzed relevant research in network intrusion detection. Firstly, it introduced the concepts of intrusion detection and unbalanced data and summarized commonly used datasets and evaluation metrics. Secondly, it categorized existing methods from both data and model perspectives and analyzed their advantages and disadvantages. Finally, the paper discussed the problems in current research and the trends in future development.

Key words: network intrusion detection, unbalanced data, data augmentation, deep learning

CLC Number:

TP309

JIN Zhigang, LI Zimeng, CHEN Xuyang, LIU Zepei. Review of Network Intrusion Detection System for Unbalanced Data[J]. Netinfo Security, 2025, 25(8): 1240-1253.

Figures/Tables 5

文献	所属类别	数据集	方法或模型	实验效果	部署可行性
文献[33]	欠采样	自定义数据集	RUS	准确率可达99.05%，Recall可达99.00%，F1-Score可达99.00%	该自定义数据集攻击样式仅覆盖端口扫描、DoS等，实际部署中需增量更新
文献[39]	过采样	UNSW-NB15 / CICIDS2017 / CICIDS2018	ROS/堆叠特征嵌入	在UNSW上准确率可达99.95 %，Recall可达99.95%，F1-Score可达99.95%；在CIC-17上准确率可达99.99 %，Recall可达99.99%，F1-Score可达99.99%；在CIC-18上准确率可达99.94 %，Recall可达99.94%，F1-Score可达99.94%	使用3个数据集进行评估，结果覆盖面广，可信度高，但训练推理过程离线，缺少流式概念漂移评估
文献[41]	过采样	CICIDS2017	ADASYN	原文中未提及准确率指标，Recall可达92.30%，F1-Score可达95.30%	代码简单、易扩展，但当前训练模式为离线训练手动调参，实际部署性能还需验证
文献[43]	混合采样	CICIDS2017	ROS/GMM	原文中未提及准确率、Recall指标，F1-Score为99.55%	具有较强的实用性与部署潜力，但模型训练复杂、预处理复杂
文献[45]	混合采样	UNSW-NB15	SMOTE/重复编辑最近邻欠采样	准确率可达89.24%，Recall可达90.36%，F1-Score未提及	仅使用单个数据集进行验证操作，横向对比准确率较差
文献[49]	数据增强	SWaT	CWGAN	准确率可达98.52%，F1-Score与Recall指标未提及	鲁棒性较强，结构较为轻量化，具有较强的部署潜力，但生成模型在时序依赖方面的处理较少
文献[50]	数据增强	NSL-KDD/UNSW-NB15/CICIDS2017	VAE-CWGAN	在NSL-KDD上准确率可达98.91 %，Recall可达98.91%，F1-Score可达98.91%；在UNSW上准确率可达87.58%，Recall可达87.58%，F1-Score可达88.39%；在CIC-IDS-2017上准确率可达99.79%，Recall可达99.79%，F1-Score可达99.79%	具有良好的工程可迁移性，但未给出具体部署方案，部署中可能面临协议语义畸变问题
文献[17]	数据增强	NSL-KDD	CE-GAN	原文中未提及准确率指标Recall可达99.83%，F1-Score可达99.83%	采用条件聚合编码器，生成速度快，但在包级协议一致性上未给出验证
文献[51]	数据增强	NSL-KDD/CICIDS2017	M2M- VAEGAN	在CIC-IDS-2017上准确率可达99.45%，Recall可达99.45%，F1-Score可达99.45%；在NSL-KDD上准确率可达82.93%，Recall可达82.93%，F1-Score可达82.40%	整体准确率提升较大、模型复杂度可控，适合轻量部署，但在动态网络环境中的表现未知。对数据预处理要求较高
文献[53]	数据增强	NSL-KDD	去噪扩散概率模型	准确率可达78.85%，Recall可达65.59%，F1-Score可达70.13%	对DDPM的改进使其更适合处理流量中的高维稀疏分布，但DDPM对计算资源需求高，暂未验证在生产环境下的能力

文献	所属类别	数据集	方法或模型	实验效果	部署可行性
文献[58]	集成学习	NSL-KDD	双层结构ERT/Bagging	准确率可达82.48%，Recall可达96.40%，F1-Score可达82.58%	该工程成果提高了模型的泛化能力，但整体准确率偏低，且KNN计算开销较大，难以用于实时检测
文献[59]	集成学习	UNSW-NB2015	1D-CNN-BiLSTM /FL	准确率最高可达81.80%，Recall可达57.50%，F1-Score可达82.2%	在精度和对不平衡数据的鲁棒性上表现优越，但仍需提高模型的未知攻击检测能力
文献[60]	集成学习	UCI与电网攻击数据集	双层结构/XGBoost-DNN	准确率可达79.30%，Recall可达77.48%，F1-Score可达76.42%	架构适配性强，多指标性能表现优秀，但DNN模型仍需较强计算资源，模型组合复杂性较高
文献[66]	损失函数设计	KDDCup99	WCE	准确率可达97.86%，Recall可达99.98%，F1-Score可达98.04%	训练稳定性良好，模型的非线性表达能力较强。但数据集过时、单一，且未考虑实时高发的流量场景
文献[67]	损失函数设计	NSL-KDD	CFL	准确率可达88.08%，Recall可达88.02%，F1-Score可达87.69%	模型训练较为轻量化，训练过程可解释性较强。但未进行真实部署验证，且未评估部署成本与响应时间
文献[70]	代价敏感学习	CIC-IDS-2018/ IoT-23	CSL/ CTIAD	在CIC-IDS-2018上准确率可达99.96%，Recall可达98.48%，F1-Score可达95.88%；在IoT-32上准确率可达99.99%，Recall可达99.93%，F1-Score可达99.96%	该模型性能表现优异、模型结构合理、且计算资源要求较低，但模型的预处理流程复杂，且缺乏模型压缩与模型运算所需的时长统计，需要重新评估是否满足实时检测要求
文献[71]	代价敏感学习	NSL-KDD/CIDDS-001/CIC-IDS-2017	CSE-IDS（CSDNN +XGBOOST +RF）	在NSL-KDD上准确率可达92.00%，Recall可达91.00%，F1-Score可达91.00%；在CIDDS-001上准确率可达99.00%，Recall可达99.00%，F1-Score可达99.00%；在CIC-IDS-2017上准确率可达92.00%，Recall可达86.00%，F1-Score可达92.00%	该模型运行效率高，性能较强，可解释性较强。但缺乏完整实时在线性能测试，数据预处理较复杂

References 75

[1]	European Union Agency for Cybersecurity (ENISA). 2024 Report on the State of Cybersecurity in the Union- Condensed Version[EB/OL]. (2024-12-03)[2025-06-10]. https://www.enisa.europa.eu/sites/default/files/2024-11/2024%20Report%20on%20the%20State%20of%20Cybersecurity%20in%20the%20Union%20-%20Condensed%20version.pdf.
[2]	Office of the National Cyber Director. 2024 Report on the Cybersecurity Posture of the United States[EB/OL]. (2024-05-07)[2025-06-10]. https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/05/2024-Report-on-the-Cybersecurity-Posture-of-the-United-States.pdf.
[3]	LIU Qixu, XIAO Juxin, TAN Yaokang, et al. Survey of Industrial Internet Traffic Analysis Technology[J]. Journal of Communications, 2024, 45(8): 221-237.
	刘奇旭, 肖聚鑫, 谭耀康, 等. 工业互联网流量分析技术综述[J]. 通信学报, 2024, 45(8):221-237.
[4]	ABDELKHALEK A, MASHALY M. Addressing the Class Imbalance Problem in Network Intrusion Detection Systems Using Data Resampling and Deep Learning[J]. Journal of Supercomputing, 2023, 79(10): 10611-10644.
[5]	ZHOU Yu, YUE Xuezhen, LIU Xing, et al. A Natural Neighborhood Hypersphere Oversampling Method for Imbalanced Data Sets[J]. Journal of Harbin Institute of Technology, 2024, 56(12): 81-95.
	周玉, 岳学震, 刘星, 等. 不平衡数据集的自然邻域超球面过采样方法[J]. 哈尔滨工业大学学报, 2024, 56(12):81-95.
[6]	BEDI P, GUPTA N, JINDAL V. I-SiamIDS: An Improved Siam-IDS for Handling Class Imbalance in Network-Based Intrusion Detection Systems[J]. Applied Intelligence, 2021, 51(2): 1133-1151.
[7]	FENG Guangsheng, JIANG Shunpeng, HU Xianlang, et al. New Research Progress on Intrusion Detection Techniques for the Internet of Things[J]. Netinfo Security, 2024, 24(2): 167-178.
	冯光升, 蒋舜鹏, 胡先浪, 等. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2):167-178.
[8]	WU Hao, HAO Jiajia, LU Yunlong. Research on Distributed Network Intrusion Detection System for IoT Based on Honeyfarm[J]. Journal of Communications, 2024, 45(1): 106-118.
	吴昊, 郝佳佳, 卢云龙. 物联网场景下基于蜜场的分布式网络入侵检测系统研究[J]. 通信学报, 2024, 45(1):106-118. doi: 10.11959/j.issn.1000-436x.2024020
[9]	SU Yishan, ZHANG Hehe, ZHANG Rui, et al. Review of Security for Underwater Wireless Sensor Networks[J]. Journal of Electronics & Information Technology, 2023, 45(3): 1121-1133.
	苏毅珊, 张贺贺, 张瑞, 等. 水下无线传感器网络安全研究综述[J]. 电子与信息学报, 2023, 45(3):1121-1133.
[10]	ZHANG Hao, XIE Dazhi, HU Yunsheng, et al. A Review of Network Anomaly Detection Based on Semi-Supervised Learning[J]. Netinfo Security, 2024, 24(4): 491-508.
	张浩, 谢大智, 胡云晟, 等. 基于半监督学习的网络异常检测研究综述[J]. 信息网络安全, 2024, 24(4):491-508.
[11]	OZKAN M, SAMET R, ASLAN O, et al. A Comprehensive Systematic Literature Review on Intrusion Detection Systems[J]. IEEE Access, 2021, 9: 157727-157760.
[12]	AHMED U, NAZIR M, SARWAR A, et al. Signature-Based Intrusion Detection Using Machine Learning and Deep Learning Approaches Empowered with Fuzzy Clustering[J]. Scientific Reports, 2025, 15(1): 1-33.
[13]	ZHANG Weibao, LAZARO J P. A Survey on Network Security Traffic Analysis and Anomaly Detection Techniques[J]. International Journal of Emerging Technologies and Advanced Applications, 2024, 1(4): 8-16.
[14]	HADI H J, CAO Yue, LI Sifan, et al. Real-Time Collaborative Intrusion Detection System in UAV Networks Using Deep Learning[J]. IEEE Internet of Things Journal, 2024, 11(20): 33371-33391.
[15]	WU Xiaodong, JIN Zhigang, CHEN Xuyang, et al. Adversarial Learning-Augmented Incremental Intrusion Detection System[J]. Journal of Harbin Institute of Technology, 2024, 56(9): 31-37, 84.
	武晓栋, 金志刚, 陈旭阳, 等. 对抗学习辅助增强的增量式入侵检测系统[J]. 哈尔滨工业大学学报, 2024, 56(9):31-37,84.
[16]	ARSHAD S, ASHRAF W, ASHRAF S, et al. Comparative Study of Machine Learning Techniques for Intrusion Detection on CICIDS-2017 Dataset[C]// IEEE. 2023 10th International Conference on Computing for Sustainable Global Development (INDIACom). New York: IEEE, 2023: 929-934.
[17]	YANG Yang, LIU Xiaoyu, WANG Dianli, et al. A CE-GAN Based Approach to Address Data Imbalance in Network Intrusion Detection Systems[EB/OL]. (2025-03-06)[2025-06-10]. https://www.nature.com/articles/s41598-025-90815-5.
[18]	LIU Qixu, CHEN Yanhui, NI Jieshuo, et al. Survey on Machine Learning-Based Anomaly Detection for Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5): 994-1014.
	刘奇旭, 陈艳辉, 尼杰硕, 等. 基于机器学习的工业互联网入侵检测综述[J]. 计算机研究与发展, 2022, 59(5):994-1014.
[19]	HAMID M H A, YUSOFF M, MOHAMED A. Survey on Highly Imbalanced Multi-Class Data[J]. International Journal of Advanced Computer Science and Applications, 2022, 13(6): 211-229.
[20]	DARPA. The 1999 DARPA Off-Line Intrusion Detection Evaluation[J]. Computer Networks, 2000, 34(4): 579-595.
[21]	TAVALLAEE M, BAGHERI E, LU W, et al. A Detailed Analysis of the KDD CUP 99 Data Set[C]// IEEE. Computational Intelligence for Security and Defense Applications. New York: IEEE, 2009: 1-6.
[22]	SONG J, TAKAKURA H, OKABE Y, et al. Statistical Analysis of Honeypot Data and Building of Kyoto 2006+ Dataset for NIDS Evaluation[C]// ACM. Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. New York: ACM, 2011: 29-36.
[23]	SRINARAYANI K, PADMAVATHI B, KAVITHA D. Detection of Botnet Traffic Using Deep Learning Approach[C]// IEEE. 2023 International Conference on Sustainable Computing and Data Communication Systems. New York: IEEE, 2023: 201-206.
[24]	MOUSTAFA N, SLAY J.UNSW-NB15:A Comprehensive Data Set for Network Intrusion Detection Systems(UNSW-NB15 Network Data Set)[C]// IEEE. Military Communications and Information Systems Conference. New York: IEEE, 2015: 1-6.
[25]	MACIÁ-FERNÁNDEZ G, CAMACHO J, MAGÁN-CARRIÓN R, et al. UGR'16: A New Dataset for the Evaluation of Cyclostationarity-Based Network IDSs[J]. Computers & Security, 2018, 73: 411-424.
[26]	KURNIABUDI K, STIAWAN D, DARMAWIJOYO, et al. CICIDS-2017 Dataset Feature Analysis with Information Gain for Anomaly Detection[J]. IEEE Access, 2020, 8: 132911-132921.
[27]	GOCS L, JOHANYAK Z C. Identifying Relevant Features of CSE-CIC-IDS 2018 Dataset for the Development of an Intrusion Detection System[EB/OL]. (2023-07-20)[2025-06-10]. https://arxiv.org/abs/2307.11544v1.
[28]	SARHAN M. NF-UQ-NIDS-v2[EB/OL]. [2025-06-10]. https://espace.library.uq.edu.au/view/UQ:631a24a.
[29]	FOTOUHI S, ASADI S, KATTAN M W. A Comprehensive Data Level Analysis for Cancer Diagnosis on Imbalanced Data[EB/OL]. (2019-01-03)[2025-06-10]. https://www.sciencedirect.com/science/article/pii/S1532046418302302.
[30]	KUMAR, LALOTRA G S, SASIKALA P, et al. Addressing Binary Classification over Class Imbalanced Clinical Datasets Using Computationally Intelligent Techniques[EB/OL]. (2022-07-13)[2025-06-10]. https://pubmed.ncbi.nlm.nih.gov/35885819/.
[31]	MCDERMOTT M B, ZHANG Haoran, HANSEN L H, et al. A Closer Look at AUROC and AUPRC under Class Imbalance[C]// Neural Information Processing Systems Foundation. Proceedings of the 38th International Conference on Neural Information Processing Systems(NIPS '24). New York: Curran Associates Inc, 2025: 44102-44163.
[32]	CHICCO D, JURMAN G.The Advantages of the Matthews Correlation Coefficient (MCC) over F1 Score and Accuracy in Binary Classification Evaluation[EB/OL]. (2020-01-02)[2025-06-10]. https://bmcgenomics.biomedcentral.com/articles/10.1186/s12864-019-6413-7.
[33]	ARIFIN M A S, STIAWAN D, SUPRAPTO B Y, et al. Oversampling and Undersampling for Intrusion Detection System in the Supervisory Control and Data Acquisition IEC 60870-5-104[J]. IET Cyber-Physical Systems: Theory & Applications, 2024, 9(3): 282-292.
[34]	TANIMOTO A, YAMADA S, TAKENOUCHI T, et al. Improving Imbalanced Classification Using Near-Miss Instances[EB/OL]. (2022-09-01)[2025-06-30]. https://www.sciencedirect.com/science/article/pii/S0957417422005280.
[35]	XU Zhongyuan, YANG Xiuhua, WANG Ye, et al. Network Intrusion Detection Algorithm for Imbalanced Datasets[J]. Journal of Jilin University (Information Science Edition), 2023, 41(6): 1112-1119.
	徐忠原, 杨秀华, 王业, 等. 面向不平衡数据集的网络入侵检测算法[J]. 吉林大学学报(信息科学版), 2023, 41(6):1112-1119.
[36]	FARSHIDVARD A, HOOSHMAND F, MIRHASSANI S A. A Novel Two-Phase Clustering-Based Under-Sampling Method for Imbalanced Classification Problems[EB/OL]. (2023-03-01)[2025-06-10]. https://www.sciencedirect.com/science/article/abs/pii/S0957417422020218.
[37]	AHSAN R, SHI W, CORRIVEAU J-P. Network Intrusion Detection Using Machine Learning Approaches: Addressing Data Imbalance[J]. IET Cyber-Physical Systems, 2022, 7(1): 30-39.
[38]	LE T T H, SHIN Y, KIM M, et al. Towards Unbalanced Multiclass Intrusion Detection with Hybrid Sampling Methods and Ensemble Classification[EB/OL]. (2024-03-21)[2025-06-10]. https://www.sciencedirect.com/science/article/pii/S1568494624002916.
[39]	TALUKDER M A, ISLAM M, UDDIN M A, et al. Machine Learning-Based Network Intrusion Detection for Big and Imbalanced Data Using Oversampling, Stacking Feature Embedding and Feature Extraction[EB/OL]. (2024-02-22)[2025-06-10]. https://journalofbigdata.springeropen.com/articles/10.1186/s40537-024-00886-w.
[40]	WIDODO A O, SETIAWAN B, INDRASWARI R. Machine Learning-Based Intrusion Detection on Multi-Class Imbalanced Dataset Using SMOTE[J]. Procedia Computer Science, 2024, 234: 578-583.
[41]	CHEN Zhewei, ZHOU Linyue, YU Wenwen. ADASYN-Random Forest Based Intrusion Detection Model[C]// ACM. Proceedings of the 2021 4th International Conference on Signal Processing and Machine Learning. New York: ACM, 2021: 152-159.
[42]	ALKHAWALDEH I M, ALBALKHI I, NASWHAN A J. Challenges and Limitations of Synthetic Minority Oversampling Techniques in Machine Learning[J]. World Journal of Methodology, 2023, 13(5): 373-378. doi: 10.5662/wjm.v13.i5.373 pmid: 38229946
[43]	GUO Santian, LIU Yi. Network Intrusion Detection Method Combining Class Balance and CNN[J]. Computer Applications and Software, 2023, 40(7): 326-332.
	郭三田, 柳毅. 一种类平衡和CNN结合的网络入侵检测方法[J]. 计算机应用与软件, 2023, 40(7):326-332.
[44]	GONG Zhongyuan, JIANG Jinyun, JIANG Nan, et al. An Improved Hybrid Sampling Model for Network Intrusion Detection Based on Data Imbalance[C]// Springer. AIS&P:International Conference on Artificial Intelligence Security and Privacy. Heidelberg: Springer, 2024: 164-175.
[45]	CHEN Hong, YOU Yuzhu, JIN Haibo, et al. Fusion of Improved Sampling Technology and SRFCNN-BiLSTM Intrusion Detection Method[J]. Computer Engineering and Applications, 2025, 61(9): 315-324. doi: 10.3778/j.issn.1002-8331.2404-0028
	陈虹, 由雨竹, 金海波, 等. 融合改进采样技术和SRFCNN-BiLSTM的入侵检测方法[J]. 计算机工程与应用, 2025, 61(9):315-324. doi: 10.3778/j.issn.1002-8331.2404-0028
[46]	GUO Derui, XIE Yufei. Research on Network Intrusion Detection Model Based on Hybrid Sampling and Deep Learning[EB/OL]. (2025-03-04)[2025-06-10]. https://www.mdpi.com/1424-8220/25/5/1578.
[47]	SUN Bo, ZHOU Qian, CHEN Haiyan. Imbalanced Data Learning Approach with Class Overlap Degree as the Optimization Goal[J]. Control Theory & Applications, 2024, 41(11): 2139-2146.
	孙博, 周倩, 陈海燕. 以类重叠度为优化目标的不平衡数据学习方法[J]. 控制理论与应用, 2024, 41(11):2139-2146.
[48]	AGUIAR G, KRAWCZYK B, CANO A. A Survey on Learning from Imbalanced Data Streams: Taxonomy, Challenges, Empirical Study, and Reproducible Experimental Framework[J]. Machine Learning, 2024, 113(7): 4165-4243.
[49]	WANG Huazhong, TIAN Zilei. Intrusion Detection Method of ICS Based on Improved CGAN Algorithm[J]. Netinfo Security, 2023, 23(1): 36-43.
	王华忠, 田子蕾. 基于改进CGAN算法的工控系统入侵检测方法[J]. 信息网络安全, 2023, 23(1):36-43.
[50]	LIU Taotao, FU Yu, WANG Kun, et al. Network Traffic Anomaly Detection Method Based on VAE-CWGAN and Fusion of Statistical Importance of Feature[EB/OL]. (2024-02-26)[2025-06-10].http://kns.cnki.net/kcms/detail/11.2102.TN.20240223.1312.006.html.
	刘涛涛, 付钰, 王坤, 等. 基于VAE-CWGAN和特征统计重要性融合的网络流量异常检测方法[EB/OL]. (2024-02-26)[2025-06-10]. http://kns.cnki.net/kcms/detail/11.2102.TN.20240223.1312.006.html.
[51]	KANG Fuyuan, FENG Tao, LIN Jiaqi. VAE-GAN-Guided Cross-Class Generation: A Class Imbalance Data Augmentation Method for Network Intrusion Detection[EB/OL]. (2025-05-22)[2025-06-10]. https://www.scilit.com/publications/9d16dd07de0fdc264a63f808e2213aed.
[52]	JIN Zhigang, DING Yu, WU Xiaodong, et al. Federated Dual Correction Intrusion Detection System: Efficient Aggregation for Heterogeneous Data[EB/OL]. (2025-02-12)[2025-06-10]. https://www.sciencedirect.com/science/article/abs/pii/S1389128625000842.
[53]	WANG Ziang, TANG Yanjun, WANG Zichen, et al. Research on Network Traffic Intrusion Detection Method Based on Denoising Diffusion Probability Model[J]. Journal of Information Security Research, 2024, 10(5): 421-430.
	王子昂, 汤艳君, 王子晨, 等. 基于去噪扩散概率模型的网络流量入侵检测方法研究[J]. 信息安全研究, 2024, 10(5):421-430.
[54]	ZHOU Hongfang, PAN Heng, ZHENG Kangyun, et al. A Novel Oversampling Method Based on Wasserstein CGAN for Imbalanced Classification[EB/OL]. (2025-02-01)[2025-06-10]. https://cybersecurity.springeropen.com/articles/10.1186/s42400-024-00290-0.
[55]	JIANG Xi, LIU Shinan, GEMBER-JACOBSON A, et al. Generative, High-Fidelity Network Traces[C]// ACM. Proceedings of the 22nd ACM Workshop on Hot Topics in Networks, in HotNets '23. New York:ACM, 2023: 131-138.
[56]	NUKAVARAPU S K, AYYAT M, NADEEM T. MirageNet-Towards a GAN-Based Framework for Synthetic Network Traffic Generation[C]// IEEE.2022 IEEE Global Communications Conference(GLOBECOM 2022). New York: IEEE, 2022: 3089-3095.
[57]	LUER F, BOHM C. Anomaly Detection Using Generative Adversarial Networks: Reviewing Methodological Progress and Challenges[J]. ACM SIGKDD Explorations, 2024, 25(2): 29-41.
[58]	ZHANG Zichen, KONG Shanshan, XIAO Tianyun, et al. A Network Intrusion Detection Method Based on Bagging Ensemble[EB/OL]. (2024-07-05)[2025-06-10]. https://www.mdpi.com/2073-8994/16/7/850.
[59]	WEI Bo, HU Caifu, REN Ruibin. A Novel Method for Handling Imbalanced Data Distribution in NIDS[EB/OL]. (2024-11-20)[2025-06-10]. http://kns.cnki.net/kcms/detail/11.2422.TN.20241120.1323.019.html.
	魏波, 胡财富, 任芮彬. 面向不平衡数据的二阶段网络入侵检测新方法[EB/OL]. (2024-11-20)[2025-06-10]. http://kns.cnki.net/kcms/detail/11.2422.TN.20241120.1323.019.html.
[60]	ZHANG Ziying, CHEN Yuwei, WANG Yuhua. An Intrusion Detection Architecture for ICS Based on XGBoost-DNN[J]. Journal of Harbin Engineering University, 2024, 45(11): 2243-2249.
	张子迎, 陈玉炜, 王宇华. 基于XGBoost-DNN的工业控制系统入侵检测架构[J]. 哈尔滨工程大学学报, 2024, 45(11):2243-2249.
[61]	KHAN A A, CHAUDHARI O, CHANDRA R. A Review of Ensemble Learning and Data Augmentation Models for Class Imbalanced Problems[EB/OL]. (2024-06-15)[2025-06-10]. https://www.sciencedirect.com/science/article/pii/S0957417423032803.
[62]	HAJMOHAMMED M, CHOUNTAS P, CHAUSSAIET T J. A Concept Drift Based Approach to Evaluating Model Performance and Theoretical Lifespan[C]// IEEE. 2024 14th International Conference on Pattern Recognition Systems. New York: IEEE, 2024: 1-6.
[63]	DASH N, CHAKRAVARTY S, RATH A K, et al. An Optimized LSTM-Based Deep Learning Model for Anomaly Network Intrusion Detection[EB/OL]. (2025-01-10)[2025-06-10]. https://www.nature.com/articles/s41598-025-85248-z.
[64]	LU Kezhong, CHEN Chaofan, CAI Huan, et al. Online Classification Algorithm for Concept Drift and Class Imbalance Data Stream[J]. Acta Electronica Sinica, 2022, 50(3): 585-597. doi: 10.12263/DZXB.20210094
	陆克中, 陈超凡, 蔡桓, 等. 面向概念漂移和类不平衡数据流的在线分类算法[J]. 电子学报, 2022, 50(3):585-597. doi: 10.12263/DZXB.20210094
[65]	ZHOU Ping, ZHANG Yu. A Review of Concept Drift Detection and Adaptation Methods from an Industrial Perspective[J]. Control and Decision, 2025, 40(6): 1774-1792.
	周平, 张宇. 基于工业视角的概念漂移检测与适应方法综述[J]. 控制与决策, 2025, 40(6):1774-1792.
[66]	ZHOU Ziyun, HUANG Hong, FANG Binhao. Application of Weighted Cross-Entropy Loss Function in Intrusion Detection[J]. Journal of Computer and Communications, 2021, 9: 1-21.
[67]	KHANAM S, AHMEDY I, IDRIS M Y I, et al. Towards an Effective Intrusion Detection Model Using Focal Loss Variational Autoencoder for IoT[EB/OL]. (2022-08-04)[2025-06-10].https://www.mdpi.com/1424-8220/22/15/5822.
[68]	WANG Peng, SONG Yafei, WANG Xiaodan, et al. FATIDS: An IoT Intrusion Detection Method for Class-Imbalanced Samples[EB/OL]. (2024-07-22)[2025-06-10]. https://doi.org/10.13229/j.cnki.jdxbgxb.20240403.
	王鹏, 宋亚飞, 王晓丹, 等. FATIDS:面向类不平衡样本的物联网入侵检测方法[EB/OL]. (2024-07-22)[2025-06-10]. https://doi.org/10.13229/j.cnki.jdxbgxb.20240403.
[69]	ZHANG Zhaoyi, LAI Yingxu, CHEN Ye, et al. Fast Tracing Method for Sybil Attack in VANETs[C]// IEEE. 2023 IEEE 98th Vehicular Technology Conference. New York: IEEE, 2023: 1-6.
[70]	LIAO Liyun, ZHANG Bolei, WU Lifa. IoT Anomaly Detection Model Based on Cost-Sensitive Learning[J]. Netinfo Security, 2023, 23(11): 94-103.
	廖丽云, 张伯雷, 吴礼发. 基于代价敏感学习的物联网异常检测模型[J]. 信息网络安全, 2023, 23(11):94-103.
[71]	GUPTA N, JINDAL V, BEDI P. CSE-IDS: Using Cost-Sensitive Deep Learning and Ensemble Algorithms to Handle Class Imbalance[EB/OL]. (2021-10-17)[2025-06-10]. https://www.sciencedirect.com/science/article/abs/pii/S0167404821003230.
[72]	JIN Zhigang, CHEN Xuyang, LIU Zepei, et al. Incremental Intrusion Detection Mechanism Considering Cost-Sensitivity[EB/OL]. (2025-03-25)[2025-06-10]. http://kns.cnki.net/kcms/detail/23.1235.t.20250324.1711.006.html.
	金志刚, 陈旭阳, 刘泽培, 等. 考虑代价敏感性的增量式入侵检测机制[EB/OL]. (2025-03-25)[2025-06-10]. http://kns.cnki.net/kcms/detail/23.1235.t.20250324.1711.006.html.
[73]	LEEVY J L, KHOSHGOFTAAR T M, PETER J M. Mitigating Class Imbalance for IoT Network Intrusion Detection: A Survey[C]// IEEE. 2021 IEEE the Seventh International Conference on Big Data Computing Service and Applications (BigDataService). New York: IEEE, 2021: 143-148.
[74]	ZHOU Weidong, XIA Chunhe, WANG Tianbo, et al. HIDIM: A Novel Framework of Network Intrusion Detection for Hierarchical Dependency and Class Imbalance[EB/OL]. (2024-10-30)[2025-06-10]. https://www.sciencedirect.com/science/article/abs/pii/S0167404824004607.
[75]	ZHANG Yawen, ZHANG Yuchen, WU Yue, et al. Research on Improvement of Generation Adversarial Networks for Network Traffic Datasets Augmentation[J]. Computer Engineering and Applications, 2024, 60(18): 275-284. doi: 10.3778/j.issn.1002-8331.2306-0022
	张雅雯, 张玉臣, 吴越, 等. 面向网络流量数据增强的生成对抗网络改进研究[J]. 计算机工程与应用, 2024, 60(18):275-284. doi: 10.3778/j.issn.1002-8331.2306-0022

数据集	规模/条	数据分布情况	不平衡率（IR）
DARPA IDEVAL 1999^[20]	约500万	已标注的攻击仅有200余次，数据严重不平衡	攻击流量内部IR约10，正常流量与攻击流量IR大于50
NSL-KDD^[21]	约20万	训练集中攻击流量占比约为46.5%，但少数类样本数量较少	攻击流量内部IR大于100（U2R攻击、R2L攻击数量不到 100次）
Kyoto 2006+^[22]	约9300万	蜜罐流量子集中的攻击比例约为47%，但完整集攻击比例低于1%	攻击流量内部IR大于100（U2R攻击数量不到100次）
CTU-13 Botnet^[23]	约280万	标注的攻击约占1.45%	正常流量与攻击流量IR大于100
UNSW-NB15^[24]	约250万	攻击流量约占12.65%，攻击类别内部失衡严重。	攻击流量内部IR大于100（Worms攻击一百余次）
UGR'16^[25]	约169亿	攻击流量占比远小于1%	攻击流量内部IR大于100（SSH scan攻击不到100次）
CICIDS-2017^[26]	约312万	攻击流量约占20%	攻击流量内部IR大于100（Heartbleed攻击不到100次）
CSE-CIC-IDS2018^[27]	约1600万	攻击流量约占17%	攻击流量内部IR大于100（Web Attacks千余次）
NF-UQ-NIDS-v2^[28]	约7500万	攻击流量约占66%，攻击流量内部失衡	攻击流量内部IR大于100（Worms攻击百余次）