Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection

HUANG Yu-zhe; GUAN Yong-yuan; WEI Song-jie

doi:10.12263/DZXB.20250385

您当前的位置：

首页 >

文章列表页 >

Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection

PAPERS | 更新时间：2025-12-27

- Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection
- ACTA ELECTRONICA SINICA Vol. 53, Issue 9, Pages: 3410-3424(2025)
- 作者机构：
  
  南京理工大学计算机科学与工程学院/网络空间安全学院，江苏南京 210094
- 作者简介：
- 基金信息：
  
  Industrial Internet Innovation and Development Project by China Ministry of Industry and Information Technology(TC200H01V)
- DOI：10.12263/DZXB.20250385
  CLC： TP393.06;TP18
- Received：15 May 2025，
  
  Accepted：04 September 2025，
  
  Published：25 September 2025
- 稿件说明：
移动端阅览
黄昱哲, 管永原, 魏松杰. 面向时序异常检测的可变视距多向扫描方法[J]. 电子学报, 2025, 53(09): 3410-3424.

HUANG Yu-zhe, GUAN Yong-yuan, WEI Song-jie. Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection[J]. Acta Electronica Sinica, 2025, 53(09): 3410-3424.
黄昱哲, 管永原, 魏松杰. 面向时序异常检测的可变视距多向扫描方法[J]. 电子学报, 2025, 53(09): 3410-3424. DOI：10.12263/DZXB.20250385

HUANG Yu-zhe, GUAN Yong-yuan, WEI Song-jie. Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection[J]. Acta Electronica Sinica, 2025, 53(09): 3410-3424. DOI：10.12263/DZXB.20250385

摘要

基于时序分析的网络异常检测，已经引起学术界和工业界的广泛关注.为了突破现有相关工作的训练成本高、检测效率低等限制，本文提出了一种基于Mamba-DSCNN架构的时间序列分类模型ScanMamba.通过设计的可变视距多向扫描机制和时空特征融合机制，ScanMamba显著提升了对复杂网络流量时间序列数据的建模能力.首先，融合Mamba状态空间模型与深度可分离卷积网络（Depthwise Separable Convolutional Neural Networks，DSCNN），在多时间分辨率下通过下采样实现视距的动态变化，可以捕捉不同尺度上的时序依赖特征.其次，采用多方向扫描融合策略，增强了对长期依赖关系和非线性模式的建模能力.随后，设计了多尺度池化模块，并结合注意力机制进行特征加权融合，有效提升了分类性能.最后，将残差连接与深度监督机制引入训练过程中，缓解了梯度消失问题，加速了模型收敛并提升了泛化能力.基于CIC-IDS2017的实验结果表明，ScanMamba在准确率、召回率、

值上分别达到0.983 1、0.984 9、0.983 7，在准确率上较Mamba-ECANet提高了约3%；针对高强度攻击，

值分别达到0.998 0和0.984 7，在DDoS检测上较传统LSTM（Long Short-Term Memory）方法提升了3.3%.降低状态空间维度可使训练时间减少约10%，且性能仅下降0.25%.ScanMamba的平均单条数据推理耗时约为6.3 ms，相较于传统LSTM模型的11.2 ms与Transformer类结构的9.6 ms具备明显优势.

Abstract

Network traffic time series anomaly detection

as a crucial component of time series research

has garnered widespread attention and study in both academia and industry. To address issues such as high training costs and low detection efficiency in existing methods

this paper proposes ScanMamba

a novel time series classification model based on the Mamba-DSCNN architecture. The model significantly enhances the modeling capability

for complex network traffic time series data through a designed variable-range multidirectional scanning mechanism and a spatiotemporal feature fusion mechanism. Specifically

ScanMamba integrates the Mamba State Space Model with a depthwise separable convolutional neural network (DSCNN) to dynamically adjust the effective receptive field across multiple temporal resolutions via downsampling

capturing temporal dependency features at different scales. A multidirectional scanning fusion strategy is employed to strengthen the modeling of long-range dependencies and nonlinear patterns. A multiscale pooling module combined with an attention mechanism performs weighted feature fusion

effectively boosting classification performance. During training

the incorporation of residual connections and a deep supervision mechanism mitigates gradient vanishing

accelerates model convergence

and enhances generalization capability. Experimental results on the CIC-IDS2017 dataset demonstrate that ScanMamba achieves accuracy

recall

and

scores of 0.983 1

0.984 9

and 0.983 7

respectively. Its accuracy outperforms Mamba-ECANet by approximately 3%. For high-intensity attacks

ScanMamba attains

scores of 0.998 0 and 0.984 7

representing a 3.3 improvement over traditional LSTM methods in DDoS detection. Reducing the state space dimensionality decreased training time by approximately 10% with only a 0.25 performance drop. The average inference latency per data point for ScanMamba is 6.3 ms

significantly surpassing the traditional LSTM models of 11.2 ms and the Transformer-based architectures of 9.6 ms.

关键词

Keywords

references

胡向东 , 万润楠 . 基于改进随机森林的工业互联网安全态势评估方法 [J ] . 电子学报 , 2024 , 52 ( 3 ): 783 - 791 .

HU X D , WAN R N . Method of security situation assessment based on improved random forest for industrial Internet [J ] . Acta Electronica Sinica , 2024 , 52 ( 3 ): 783 - 791 . (in Chinese)

胡向东 , 吕高飞 , 白银 . 基于优化支持向量回归的工业互联网安全态势预测方法 [J ] . 电子学报 , 2023 , 51 ( 2 ): 446 - 454 .

HU X D , LYU G F , BAI Y . A method of security situation prediction for industrial Internet based on optimized support vector regression [J ] . Acta Electronica Sinica , 2023 , 51 ( 2 ): 446 - 454 . (in Chinese)

MASEER Z K , KADHIM Q K , AL-BANDER B , et al . Meta-analysis and systematic review for anomaly network intrusion detection systems: Detection methods, dataset, validation methodology, and challenges [J ] . IET Networks , 2024 , 13 ( 5/6 ): 339 - 376 .

DIANA L , DINI P , PAOLINI D . Overview on intrusion detection systems for computers networking security [J ] . Computers , 2025 , 14 ( 3 ): 87 .

ALI W A , MANASA K N , ALJUNID M , et al . Review of current machine learning approaches for anomaly detection in network traffic [J ] . Journal of Telecommunications and the Digital Economy , 2020 , 8 ( 4 ): 64 - 95 .

VIKRAM A , MOHANA . Anomaly detection in network traffic using unsupervised machine learning approach [C ] // 2020 5th International Conference on Communication and Electronics Systems . Piscataway : IEEE , 2020 : 476 - 479 .

RADFORD B J , APOLONIO L M , TRIAS A J , et al . Network traffic anomaly detection using recurrent neural networks [EB/OL ] . ( 2018-03-28 )[ 2025-05-10 ] . https://arXiv.org/abs/1803.10769 https://arXiv.org/abs/1803.10769 .

ABDULGANIYU O H , TCHAKOUCHT T A , SAHEED Y K , et al . XIDINTFL-VAE: XGBoost-based intrusion detection of imbalance network traffic via class-wise focal loss variational autoencoder [J ] . The Journal of Supercomputing , 2024 , 81 : 16 .

GEIGER A , LIU D Y , ALNEGHEIMISH S , et al . TadGAN: Time series anomaly detection using generative adversarial networks [C ] // 2020 IEEE International Conference on Big Data . Piscataway : IEEE , 2021 : 33 - 43 .

XU J H , WU H X , WANG J M , et al . Anomaly transformer: Time series anomaly detection with association discrepancy [EB/OL ] . ( 2022-06-29 )[ 2025-05-10 ] . https://arXiv.org/abs/2110.02642 https://arXiv.org/abs/2110.02642 .

ZHOU P J . A survey of streaming data anomaly detection in network security [J ] . PeerJ Computer Science , 2025 , 11 : e3066 .

SHIEH C S , HO F A , HORNG M F , et al . Open-set recognition in unknown DDoS attacks detection with reciprocal points learning [J ] . IEEE Access , 2024 , 12 : 56461 - 56476 .

ABDULAAL A , LIU Z H , LANCEWICKI T . Practical approach to asynchronous multivariate time series anomaly detection and localization [C ] // Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining . New York : ACM , 2021 : 2485 - 2494 .

CAI S H , ZHAO Y W , LYU J A , et al . DDP-DAR: Network intrusion detection based on denoising diffusion probabilistic model and dual-attention residual network [J ] . Neural Networks , 2025 , 184 : 107064 .

LI D , CHEN D C , JIN B H , et al . MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks [C ] // Artificial Neural Networks and Machine Learning-ICANN 2019: Text and Time Series . Cham : Springer , 2019 : 703 - 716 .

SU Y , ZHAO Y J , NIU C H , et al . Robust anomaly detection for multivariate time series through stochastic recurrent neural network [C ] // Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining . New York : ACM , 2019 : 2828 - 2837 .

XUE Y K , KANG C Y , YU H C . HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network [J ] . Computers & Security , 2025 , 151 : 104328 .

LIU C , HE L T , XIONG G , et al . FS-net: A flow sequence network for encrypted traffic classification [C ] // IEEE INFOCOM 2019 - IEEE Conference on Computer Communications . New York : ACM , 2019 : 1171 - 1179 .

ZHAO X J , MIAO W W , YUAN G Q , et al . Abnormal traffic detection system based on feature fusion and sparse transformer [J ] . Mathematics , 2024 , 12 ( 11 ): 1643 .

蔡美玲 , 汪家喜 , 刘金平 , 等 . 基于Transformer GAN架构的多变量时间序列异常检测 [J ] . 中国科学: 信息科学 , 2023 , 53 ( 5 ): 972 - 992 .

CAI M L , WANG J X , LIU J P , et al . Transformer-GAN architecture for anomaly detection in multivariate time series [J ] . Scientia Sinica (Informationis) , 2023 , 53 ( 5 ): 972 - 992 . (in Chinese)

段雪源 , 付钰 , 王坤 . 基于VAE-WGAN的多维时间序列异常检测方法 [J ] . 通信学报 , 2022 , 43 ( 3 ): 1 - 13 .

DUAN X Y , FU Y , WANG K . Multi-dimensional time series anomaly detection method based on VAE-WGAN [J ] . Journal on Communications , 2022 , 43 ( 3 ): 1 - 13 . (in Chinese)

胡梦娜 , 何强 , 贾俊铖 , 等 . EB-GAN: 基于BiGAN的网络流量异常检测方法 [J ] . 计算机应用与软件 , 2023 , 40 ( 6 ): 303 - 309 .

HU M N , HE Q , JIA J C , et al . Eb-Gan: Network traffic anomaly detection method based on bigan [J ] . Computer Applications and Software , 2023 , 40 ( 6 ): 303 - 309 . (in Chinese)

GU A , DAO T . Mamba: Linear-time sequence modeling with selective state spaces [EB/OL ] . ( 2023 )[2025 ] . https://3dvar.com/Gu2023Mamba.pdf https://3dvar.com/Gu2023Mamba.pdf .

WANG T Z , XIE X H , WANG W D , et al . Netmamba: Efficient network traffic classification via pre-training unidirectional mamba [C ] // 2024 IEEE 32nd International Conference on Network Protocols . Piscataway : IEEE , 2025 : 1 - 11 .

SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C ] // Proceedings of the 4th International Conference on Information Systems Security and Privacy . Beijing : Science and Technology Publications , 2018 : 108 - 116 .

ZHAO J J , LIU Y M , ZHANG Q L , et al . CNN-AttBiLSTM mechanism: A DDoS attack detection method based on attention mechanism and CNN-BiLSTM [J ] . IEEE Access , 2023 , 11 : 136308 - 136317 .

ZHANG H T , ZHU D W , GAN Y X , et al . End-to-end learning-based study on the mamba-ECANet model for data security intrusion detection [J ] . Journal of Information, Technology and Policy , 2024 : 1 - 17 .

WANG S Y , XU W X , LIU Y W . Res-TranBiLSTM: An intelligent approach for intrusion detection in the Internet of Things [J ] . Computer Networks , 235 : 109982 .

LO W W , LAYEGHY S , SARHAN M , et al . E-GraphSAGE: A graph neural network based intrusion detection system for IoT [C ] // NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium . Piscataway : IEEE , 2022 : 1 - 9 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Deep Adversarial Learning Latent Representation Distribution Model for Anomaly Detection

Object Detection Based on EIMYOLO for High-Resolution Remote Sensing Images

A Survey of Network Attack Investigation Based on Provenance Graph

Related Author

XI Liang

LIU Han

FAN Hao-yi

ZHANG Feng-bin

CAO Feng

ZENG Ke-wen

LI De-yu

LUO Xi-zhao

Related Institution

School of Computer Science and Technology， Harbin University of Science and Technology

School of Information and Technology, Shanxi University

School of Computer Science and Technology, Soochow University

School of Electronics and Information Engineering, Suzhou University of Science and Technology

Cyberspace Institute of Advanced Technology, Guangzhou University

⁰