{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T11:18:19Z","timestamp":1780053499608,"version":"3.54.0"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T00:00:00Z","timestamp":1732233600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T00:00:00Z","timestamp":1732233600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.61936008"],"award-info":[{"award-number":["No.61936008"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>Abnormal traffic detection is a crucial topic in the field of network security. However, existing methods face many challenges when processing complex high-dimensional traffic data. Especially in dealing with redundant features, data sparsity and nonlinear features, traditional methods often suffer from high computational complexity and low detection efficiency. It is challenging to capture potential patterns in complex data effectively and cannot fully meet the needs of practical applications. To address these challenges, this paper proposes an enhanced anomaly traffic detection framework using bidirectional generative adversarial networks (BiGAN) and contrastive learning. This method preprocesses high-dimensional data through steps such as data cleaning, normalization, and clustering to improve data quality. It uses BiGAN and contrastive learning technology to enhance the model's feature representation capabilities. Experimental results show that the method proposed in this paper performs well on multiple traffic data sets and significantly improves the accuracy and efficiency of anomaly detection. Overall, the solution proposed in this paper effectively overcomes the limitations of existing methods in high-dimensional data processing and provides a more advanced abnormal traffic detection strategy.<\/jats:p>","DOI":"10.1186\/s42400-024-00297-7","type":"journal-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T13:43:02Z","timestamp":1732282982000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Enhanced anomaly traffic detection framework using BiGAN and contrastive learning"],"prefix":"10.1186","volume":"7","author":[{"given":"Haoran","family":"Yu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wenchuan","family":"Yang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baojiang","family":"Cui","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Runqi","family":"Sui","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xuedong","family":"Wu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,11,22]]},"reference":[{"key":"297_CR1","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.comcom.2021.01.021","volume":"170","author":"M Abbasi","year":"2021","unstructured":"Abbasi M, Shahraki A, Taherkordi A (2021) Deep learning for network traffic monitoring and analysis (NTMA): a survey. Comput Commun 170:19\u201341. https:\/\/doi.org\/10.1016\/j.comcom.2021.01.021","journal-title":"Comput Commun"},{"key":"297_CR2","doi-asserted-by":"publisher","first-page":"16995","DOI":"10.1007\/s00521-023-08592-z","volume":"35","author":"Q Abu Al-Haija","year":"2023","unstructured":"Abu Al-Haija Q, Al-Fayoumi M (2023) An intelligent identification and classification system for malicious uniform resource locators (URLs). Neural Comput Appl 35:16995\u201317011. https:\/\/doi.org\/10.1007\/s00521-023-08592-z","journal-title":"Neural Comput Appl"},{"key":"297_CR3","doi-asserted-by":"publisher","first-page":"3489","DOI":"10.3390\/s23073489","volume":"23","author":"Q Abu Al-Haija","year":"2023","unstructured":"Abu Al-Haija Q, Alohaly M, Odeh A (2023) A lightweight double-stage scheme to identify malicious DNS over HTTPS traffic using a hybrid learning approach. Sensors 23:3489. https:\/\/doi.org\/10.3390\/s23073489","journal-title":"Sensors"},{"key":"297_CR4","doi-asserted-by":"publisher","first-page":"101266","DOI":"10.1016\/j.rineng.2023.101266","volume":"19","author":"QA Al-Haija","year":"2023","unstructured":"Al-Haija QA (2023) Cost-effective detection system of cross-site scripting attacks using hybrid learning approach. Results Eng 19:101266. https:\/\/doi.org\/10.1016\/j.rineng.2023.101266","journal-title":"Results Eng"},{"key":"297_CR5","doi-asserted-by":"publisher","first-page":"12336","DOI":"10.3390\/app122312336","volume":"12","author":"AA Alsulami","year":"2022","unstructured":"Alsulami AA, Abu Al-Haija Q, Tayeb A, Alqahtani A (2022) An intrusion detection and classification system for IoT traffic with improved data engineering. Appl Sci 12:12336. https:\/\/doi.org\/10.3390\/app122312336","journal-title":"Appl Sci"},{"key":"297_CR6","doi-asserted-by":"publisher","first-page":"947","DOI":"10.1016\/j.procs.2018.05.110","volume":"132","author":"K Bhushan","year":"2018","unstructured":"Bhushan K, Gupta BB (2018) Hypothesis test for low-rate ddos attack detection in cloud computing environment. Procedia Comput Sci 132:947\u2013955. https:\/\/doi.org\/10.1016\/j.procs.2018.05.110","journal-title":"Procedia Comput Sci"},{"issue":"3","key":"297_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):1\u201358. https:\/\/doi.org\/10.1145\/1541880.1541882","journal-title":"ACM Comput Surv (CSUR)"},{"key":"297_CR8","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla NV, Bowyer KW, Hall LO et al (2002) SMOTE: synthetic minority over-sampling technique. J Artif Intell Res 16:321\u2013357. https:\/\/doi.org\/10.1613\/jair.953","journal-title":"J Artif Intell Res"},{"issue":"1","key":"297_CR9","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1109\/MSP.2017.2765202","volume":"35","author":"A Creswell","year":"2018","unstructured":"Creswell A, White T, Dumoulin V et al (2018) Generative adversarial networks: an overview. IEEE Signal Process Mag 35(1):53\u201365. https:\/\/doi.org\/10.1109\/MSP.2017.2765202","journal-title":"IEEE Signal Process Mag"},{"key":"297_CR10","doi-asserted-by":"publisher","unstructured":"Donahue J, Kr\u00e4henb\u00fchl P, Darrell T. (2016) Adversarial feature learning. arXiv preprint arXiv:1605.09782. https:\/\/doi.org\/10.48550\/arXiv.1605.09782","DOI":"10.48550\/arXiv.1605.09782"},{"key":"297_CR11","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1016\/j.comcom.2022.10.024","volume":"198","author":"X Duan","year":"2023","unstructured":"Duan X, Fu Y, Wang K (2023) Network traffic anomaly detection method based on multi-scale residual classifier. Comput Commun 198:206\u2013216. https:\/\/doi.org\/10.1016\/j.comcom.2022.10.024","journal-title":"Comput Commun"},{"issue":"1","key":"297_CR12","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1038\/s43586-022-00184-w","volume":"2","author":"M Greenacre","year":"2022","unstructured":"Greenacre M, Groenen PJF, Hastie T et al (2022) Principal component analysis. Nat Rev Method Prime 2(1):100. https:\/\/doi.org\/10.1038\/s43586-022-00184-w","journal-title":"Nat Rev Method Prime"},{"issue":"6","key":"297_CR13","doi-asserted-by":"publisher","first-page":"5070","DOI":"10.1109\/TDSC.2023.3240315","volume":"20","author":"Y Javed","year":"2023","unstructured":"Javed Y, Khayat MA, Elghariani AA et al (2023) PRISM: a hierarchical intrusion detection architecture for large-scale cyber networks. IEEE Trans Dependable Secure Comput 20(6):5070\u20135086. https:\/\/doi.org\/10.1109\/TDSC.2023.3240315","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"297_CR14","doi-asserted-by":"publisher","unstructured":"Joshi M, Hadi T H (2015) A review of network traffic analysis and prediction techniques. arXiv preprint arXiv:1507.05722. https:\/\/doi.org\/10.48550\/arXiv.1507.05722","DOI":"10.48550\/arXiv.1507.05722"},{"key":"297_CR15","unstructured":"Lee H, Tsao Y (2018) Generative adversarial network and its applications to speech signal and natural language processing. In: IEEE Int Conf Acoust Speech Signal Process"},{"key":"297_CR16","unstructured":"Li C, Liu H, Chen C, et al. (2017) Alice: towards understanding adversarial learning for joint distribution matching. NeurIPS. 30"},{"key":"297_CR17","doi-asserted-by":"publisher","first-page":"102392","DOI":"10.1016\/j.cose.2021.102392","volume":"109","author":"Z Liu","year":"2021","unstructured":"Liu Z, Hu C, Shan C (2021) Riemannian manifold on stream data: Fourier transform and entropy-based DDoS attacks detection method. Comput Secur 109:102392. https:\/\/doi.org\/10.1016\/j.cose.2021.102392","journal-title":"Comput Secur"},{"key":"297_CR18","doi-asserted-by":"publisher","unstructured":"Liu Z, Chen Y, Li J, et al. (2022) Improving contrastive learning with model augmentation. arXiv preprint arXiv:2203.15508. https:\/\/doi.org\/10.48550\/arXiv.2203.15508","DOI":"10.48550\/arXiv.2203.15508"},{"key":"297_CR19","doi-asserted-by":"publisher","unstructured":"Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). MilCIS: 1\u20136. https:\/\/doi.org\/10.1109\/MilCIS.2015.7348942","DOI":"10.1109\/MilCIS.2015.7348942"},{"issue":"6","key":"297_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3457904","volume":"54","author":"E Papadogiannaki","year":"2021","unstructured":"Papadogiannaki E, Ioannidis S (2021) A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Comput Surv (CSUR) 54(6):1\u201335. https:\/\/doi.org\/10.1145\/3457904","journal-title":"ACM Comput Surv (CSUR)"},{"key":"297_CR21","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.sigpro.2013.12.026","volume":"99","author":"MAF Pimentel","year":"2014","unstructured":"Pimentel MAF, Clifton DA, Clifton L et al (2014) A review of novelty detection. Signal Process 99:215\u2013249. https:\/\/doi.org\/10.1016\/j.sigpro.2013.12.026","journal-title":"Signal Process"},{"key":"297_CR22","doi-asserted-by":"publisher","unstructured":"Radford A, Metz L, Chintala S (2015) Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434. https:\/\/doi.org\/10.48550\/arXiv.1511.06434","DOI":"10.48550\/arXiv.1511.06434"},{"issue":"1","key":"297_CR23","doi-asserted-by":"publisher","first-page":"31","DOI":"10.17849\/insm-47-01-31-39.1","volume":"47","author":"SJ Rigatti","year":"2017","unstructured":"Rigatti SJ (2017) Random forest. J Insur Med 47(1):31\u201339. https:\/\/doi.org\/10.17849\/insm-47-01-31-39.1","journal-title":"J Insur Med"},{"key":"297_CR24","doi-asserted-by":"publisher","unstructured":"Rosay A, Cheval E, Carlier F, et al (2022) Network intrusion detection: A comprehensive analysis of CIC-IDS2017. ICISSP: 25\u201336. https:\/\/doi.org\/10.5220\/0000157000003120","DOI":"10.5220\/0000157000003120"},{"key":"297_CR25","doi-asserted-by":"publisher","unstructured":"Schlegl T, Seeb\u00f6ck P, Waldstein S M, et al. (2017) Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. ICIP in medical imaging. Cham: Springer International Publishing. 146\u2013157. https:\/\/doi.org\/10.1007\/978-3-319-59050-9_12","DOI":"10.1007\/978-3-319-59050-9_12"},{"issue":"1","key":"297_CR26","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1109\/COMST.2022.3208196","volume":"25","author":"M Shen","year":"2022","unstructured":"Shen M, Ye K, Liu X et al (2022) Machine learning-powered encrypted network traffic analysis: a comprehensive survey. IEEE Commun Surv Tutorials 25(1):791\u2013824. https:\/\/doi.org\/10.1109\/COMST.2022.3208196","journal-title":"IEEE Commun Surv Tutorials"},{"issue":"1","key":"297_CR27","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1109\/TDSC.2021.3131531","volume":"20","author":"D Tang","year":"2021","unstructured":"Tang D, Wang X, Li X et al (2021) AKN-FGD: adaptive kohonen network based fine-grained detection of ldos attacks. IEEE Trans Dependable Secure Comput 20(1):273\u2013287. https:\/\/doi.org\/10.1109\/TDSC.2021.3131531","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"297_CR28","first-page":"6827","volume":"33","author":"Y Tian","year":"2020","unstructured":"Tian Y, Sun C, Poole B et al (2020) What makes for good views for contrastive learning? NeurIPS 33:6827\u20136839","journal-title":"NeurIPS"},{"issue":"19","key":"297_CR29","doi-asserted-by":"publisher","first-page":"3138","DOI":"10.3390\/electronics11193138","volume":"11","author":"J Toldinas","year":"2022","unstructured":"Toldinas J, Ven\u010dkauskas A, Liutkevi\u010dius A et al (2022) Framing network flow for anomaly detection using image recognition and federated learning. Electronics 11(19):3138. https:\/\/doi.org\/10.3390\/electronics11193138","journal-title":"Electronics"},{"issue":"4","key":"297_CR30","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1587\/transinf.2015ICP0016","volume":"99","author":"X Wang","year":"2016","unstructured":"Wang X, Chen M, Xing C et al (2016) Defending ddos attacks in software-defined networking based on legitimate source and destination ip address database. IEICE T INF SYST 99(4):850\u2013859. https:\/\/doi.org\/10.1587\/transinf.2015ICP0016","journal-title":"IEICE T INF SYST"},{"key":"297_CR31","first-page":"10890","volume":"34","author":"L Wu","year":"2021","unstructured":"Wu L, Li J, Wang Y et al (2021) R-drop: regularized dropout for neural networks. NeurIPS 34:10890\u201310905","journal-title":"NeurIPS"},{"key":"297_CR32","doi-asserted-by":"publisher","unstructured":"Yin W, Kann K, Yu M, et al. (2017) Comparative study of CNN and RNN for natural language processing. arXiv preprint arXiv:1702.01923. https:\/\/doi.org\/10.48550\/arXiv.1702.01923","DOI":"10.48550\/arXiv.1702.01923"},{"key":"297_CR33","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1007\/978-3-540-92910-9_15","volume":"1","author":"H Yu","year":"2012","unstructured":"Yu H, Kim S (2012) SVM tutorial-classification, regression and ranking. Handbook Nat Comput 1:479\u2013506","journal-title":"Handbook Nat Comput"},{"issue":"7","key":"297_CR34","doi-asserted-by":"publisher","first-page":"1235","DOI":"10.1162\/neco_a_01199","volume":"31","author":"Y Yu","year":"2019","unstructured":"Yu Y, Si X, Hu C et al (2019) A review of recurrent neural networks: LSTM cells and network architectures. Neural Comput 31(7):1235\u20131270. https:\/\/doi.org\/10.1162\/neco_a_01199","journal-title":"Neural Comput"},{"key":"297_CR35","doi-asserted-by":"publisher","unstructured":"Ze-Dong Z, Hao-Tong S, Song-Jie W (2022) Network anomaly detection based on traffic clustering with group-entropy similarity. ISNCC. 1\u20135. https:\/\/doi.org\/10.1109\/ISNCC55209.2022.9851762","DOI":"10.1109\/ISNCC55209.2022.9851762"},{"key":"297_CR36","doi-asserted-by":"publisher","unstructured":"Zenati H, Romain M, Foo CS et al. (2018) Adversarially learned anomaly detection. In: ICDM. 727\u2013736. https:\/\/doi.org\/10.1109\/ICDM.2018.00088","DOI":"10.1109\/ICDM.2018.00088"},{"key":"297_CR37","doi-asserted-by":"publisher","first-page":"108422","DOI":"10.1016\/j.patcog.2021.108422","volume":"123","author":"F Zhu","year":"2022","unstructured":"Zhu F, Gao J, Yang J et al (2022) Neighborhood linear discriminant analysis. Pattern Recogn 123:108422. https:\/\/doi.org\/10.1016\/j.patcog.2021.108422","journal-title":"Pattern Recogn"},{"issue":"5","key":"297_CR38","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1002\/sam.11161","volume":"5","author":"A Zimek","year":"2012","unstructured":"Zimek A, Schubert E, Kriegel HP (2012) A survey on unsupervised outlier detection in high-dimensional numerical data. Stat Anal Data Min 5(5):363\u2013387. https:\/\/doi.org\/10.1002\/sam.11161","journal-title":"Stat Anal Data Min"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00297-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00297-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00297-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T14:02:58Z","timestamp":1732284178000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00297-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,22]]},"references-count":38,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["297"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00297-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,22]]},"assertion":[{"value":"7 June 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 September 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 November 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"71"}}