Spectral-Aware Graph Pre-training and Prompt Tuning Framework for Network Traffic Anomaly Detection

LUO Haitong; ZHANG Weiyao; LIN Chungang; MENG Xuying; ZHANG Yujun

doi:10.12263/DZXB.20250576

您当前的位置：

首页 >

文章列表页 >

Spectral-Aware Graph Pre-training and Prompt Tuning Framework for Network Traffic Anomaly Detection

PAPERS | 更新时间：2026-06-04

- Spectral-Aware Graph Pre-training and Prompt Tuning Framework for Network Traffic Anomaly Detection
- ACTA ELECTRONICA SINICA Vol. 54, Issue 1, Pages: 167-182(2026)
- 作者机构：
  
  1.中国科学院计算技术研究所，北京 100190
  2.中国科学院大学，北京 100190
  3.紫金山实验室，江苏南京 211111
  4.中科南京信息高铁研究院，江苏南京 210008
  5.中国科学院大学南京学院，江苏南京 211135
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China(U24B600013;62372429)
- DOI：10.12263/DZXB.20250576
  CLC： TP393.0;
- Received：30 June 2025，
  
  Accepted：26 December 2025，
  
  Published：25 January 2026
- 稿件说明：
移动端阅览
罗海桐, 张蔚瑶, 林纯钢, 等. 面向网络流量异常检测的频谱感知图预训练与提示微调框架[J]. 电子学报, 2026, 54(01): 167-182.

LUO Haitong, ZHANG Weiyao, LIN Chungang, et al. Spectral-Aware Graph Pre-training and Prompt Tuning Framework for Network Traffic Anomaly Detection[J]. Acta Electronica Sinica, 2026, 54(01): 167-182.
罗海桐, 张蔚瑶, 林纯钢, 等. 面向网络流量异常检测的频谱感知图预训练与提示微调框架[J]. 电子学报, 2026, 54(01): 167-182. DOI：10.12263/DZXB.20250576

LUO Haitong, ZHANG Weiyao, LIN Chungang, et al. Spectral-Aware Graph Pre-training and Prompt Tuning Framework for Network Traffic Anomaly Detection[J]. Acta Electronica Sinica, 2026, 54(01): 167-182. DOI：10.12263/DZXB.20250576

摘要

随着网络技术的演进，流量规模呈指数级增长，攻击手段（如协议混淆、跳跃连接等）日益隐蔽复杂，传统检测方法已难以应对。尽管图神经网络（Graph Neural Networks，GNNs）在建模流量拓扑依赖方面展现出潜力，但在现实网络安全场景中，普遍存在两大瓶颈：一是网络流量图显著的结构异配性，即异常流量倾向于与特征迥异的正常节点建立非典型连接，导致基于同配性假设的图神经网络失效；二是高质量异常标签极度稀缺，全参数微调易引发过拟合或知识负迁移。为此，本文提出一种面向网络流量异常检测的频谱感知图预训练与提示微调框架。该框架摒弃了传统图学习对同配结构与大量标签的依赖，其核心创新在于：（1）引入互补的频谱滤波器组，首次将捕捉稳定通信模式的低通信号与识别异常连接扰动的高通信号进行联合建模，从频域视角精准刻画流量的异配结构；（2）设计频谱感知的对比学习机制，通过最大化跨频域视图的表示一致性，在预训练阶段提取鲁棒的频率不变特征；（3）提出参数高效的提示微调策略，在冻结主干参数的前提下，利用可学习的提示向量自适应调节高低频通道的融合权重，实现向少样本下游任务的精准迁移。在CICIDS2017、CICIDS2018及HIKARI2021三个真实数据集上的实验表明，该方法在少样本场景下的检测性能全面优于现有基准模型，最高提升幅度超20%，验证了其在复杂异配网络环境中的鲁棒性与实用性。

Abstract

With the evolution of network technologies

the scale of network traffic has grown exponentially

and attack methods (such as protocol obfuscation and skipping connections) have become increasingly covert and complex

posing unprecedented challenges to traditional detection methods. Although graph neural networks (GNNs) have demonstrated potential in modeling traffic topological dependencies

they generally face two major bottlenecks in real-world network security scenarios: first

the significant structural heterophily in network traffic graphs

where anomalous traffic tends to establish atypical connections with normal nodes possessing vastly different features

causing GNNs based on homophily assumptions to fail; second

the extreme scarcity of high-quality anomaly labels

where full-parameter fine-tuning easily induces overfitting or the negative transfer of pre-trained knowledge. To this end

this paper proposes a spectral-aware graph pre-training and prompt tuning framework tailored for network traffic anomaly detection. Abandoning the reliance of traditional graph learning paradigms on homophilic structures and massive labeled data

the core innovations of this framework lie in: (1) Introducing complementary spectral filters to jointly model low-pass signals (capturing stable communication patterns) and high-pass signals (identifying abnormal connection perturbations) for the first time during the pre-training phase

accurately characterizing the strong heterophilic nature of network traffic from a frequency domain perspective; (2) Designing a spectral-aware contrastive learning mechanism to extract robust frequency-invariant features by maximizing representational consistency across cross-frequency views; (3) Proposing a parameter-efficient prompt tuning strategy that

while freezing backbone parameters

utilizes learnable prompt vectors to adaptively adjust the fusion weights of high- and low-frequency channels

achieving precise transfer to downstream few-shot tasks. Experiments on three real-world network security datasets

including CICIDS2017

CICIDS2018

and HIKARI2021

demonstrate that the proposed method comprehensively outperforms existing baseline models in detection performance under sample-scarce scenarios. With a maximum improvement exceeding 20%

these results verify the robustness and practicality of the proposed method in complex and heterophilic network environments.

关键词

Keywords

references

王晓曦 , 王永吉 , 周津慧 , 等 . 基于改进网络模型的大时滞网络拥塞控制算法 [J ] . 电子学报 , 2005 , 33 ( 5 ): 842 - 846 .

Wang Xiaoxi , Wang Yongji , Zhou Jinhui , et al . Congestion control algorithm based on improved model in large-delay networks [J ] . Acta Electronica Sinica , 2005 , 33 ( 5 ): 842 - 846 . (in Chinese)

Tippe P , Tippe A , Keller J . Detecting and attributing tor-obfuscated malware communications through traffic fingerprinting [C ] // Proceedings of the 2025 ACM Workshop on Information Hiding and Multimedia Security . San Jose : ACM , 2025 : 74 - 79 . DOI: 10.1145/3733102.3733140 http://dx.doi.org/10.1145/3733102.3733140

仇晶 , 陈荣融 , 朱浩瑾 , 等 . 基于溯源图的网络攻击调查研究综述 [J ] . 电子学报 , 2024 , 52 ( 7 ): 2529 - 2556 .

Qiu Jing , Chen Rongrong , Zhu Haojin , et al . A survey of network attack investigation based on provenance graph [J ] . Acta Electronica Sinica , 2024 , 52 ( 7 ): 2529 - 2556 . (in Chinese)

Ali Hassan Ahmed L , Hamad Y A M , Ali Abdalla A A M . Network-based intrusion detection datasets: A survey [C ] // Proceedings of 2022 International Arab Conference on Information Technology . Abu Dhabi : IEEE , 2022 : 1 - 7 . DOI: 10.1109/acit57182.2022.9994201 http://dx.doi.org/10.1109/acit57182.2022.9994201

金正晗 , 李建彬 , 李敬豪 , 等 . 一种用于不平衡数据的新型网络异常流量检测方法 [J ] . 广西科学 , 2024 , 31 ( 5 ): 966 - 975 .

Jin Zhenghan , Li Jianbin , Li Jinghao , et al . A novel network abnormal traffic detection method for imbalanced network data [J ] . Guangxi Sciences , 2024 , 31 ( 5 ): 966 - 975 . (in Chinese)

Jiang Bo , Zhang Ziyan , Lin Doudou , et al . Semi-supervised learning with graph learning-convolutional networks [C ] // Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Long Beach : IEEE , 2019 : 11305 - 11312 . DOI: 10.1109/cvpr.2019.01157 http://dx.doi.org/10.1109/cvpr.2019.01157

Veličković P , Cucurull G , Casanova A , et al . Graph attention networks [C ] // Proceedings of the 6th International Conference on Learning Representations . Vancouver : ICLR , 2018 .

Velickovic P , Fedus W , Hamilton W L , et al . Deep graph infomax [C ] // Proceedings of the 7th International Conference on Learning Representations . New Orleans : ICLR , 2019 : 4 .

You Yuning , Chen Tianlong , Sui Yongduo , et al . Graph contrastive learning with augmentations [C ] // Proceedings of the 34th International Conference on Neural Information Processing Systems . Vancouver : Curran Associates Inc. , 2020 : 488 . DOI: 10.48550/arXiv.2010.13902 http://dx.doi.org/10.48550/arXiv.2010.13902

Xia Jun , Wu Lirong , Chen Jintao , et al . SimGRACE: A simple framework for graph contrastive learning without data augmentation [C ] // Proceedings of the ACM Web Conference 2022 . Lyon : ACM , 2022 : 1070 - 1079 . DOI: 10.1145/3485447.3512156 http://dx.doi.org/10.1145/3485447.3512156

Liu Zemin , Yu Xingtong , Fang Yuan , et al . GraphPrompt: Unifying pre-training and downstream tasks for graph neural networks [C ] // Proceedings of the ACM Web Conference 2023 . Austin : ACM , 2023 : 417 - 428 . DOI: 10.1145/3543507.3583386 http://dx.doi.org/10.1145/3543507.3583386

Sun Xiangguo , Cheng Hong , Li Jia , et al . All in one: Multi-task prompting for graph neural networks [C ] // Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining . Long Beach : ACM , 2023 : 2120 - 2131 . DOI: 10.1145/3580305.3599256 http://dx.doi.org/10.1145/3580305.3599256

Fang Taoran , Zhang Yunchao , Yang Yang , et al . Universal prompt tuning for graph neural networks [C ] // Proceedings of the 37th International Conference on Neural Information Processing Systems . New Orleans : ACM , 2023 : 2285 . DOI: 10.52202/075280-2285 http://dx.doi.org/10.52202/075280-2285

Sun Mingchen , Zhou Kaixiong , He Xin , et al . GPPT: Graph pre-training and prompt tuning to generalize graph neural networks [C ] // Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining . Washington : ACM , 2022 : 1717 - 1727 . DOI: 10.1145/3534678.3539249 http://dx.doi.org/10.1145/3534678.3539249

Yu Xingtong , Zhang Jie , Fang Yuan , et al . Non-homophilic graph pre-training and prompt learning [C ] // Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V . 1 . Toronto : ACM , 2025 : 1844 - 1854 . DOI: 10.1145/3690624.3709219 http://dx.doi.org/10.1145/3690624.3709219

Chen Jingyu , Lei Runlin , Wei Zhewei . PolyGCL: GRAPH CONTRASTIVE LEARNING via learnable spectral polynomial filters [C ] // Proceedings of the 12th International Conference on Learning Representations . Vienna : ICLR , 2024 .

Tang Jianheng , Li Jiajin , Gao Ziqi , et al . Rethinking graph neural networks for anomaly detection [C ] // Proceedings of the 39th International Conference on Machine learning . Baltimore : PMLR , 2022 : 21076 - 21089 .

Bo Deyu , Wang Xiao , Shi Chuan , et al . Beyond low-frequency information in graph convolutional networks [C ] // Proceedings of the 35th AAAI Conference on Artificial Intelligence . AAAI , 2021 : 3950 - 3957 . DOI: 10.1609/aaai.v35i5.16514 http://dx.doi.org/10.1609/aaai.v35i5.16514

Luo Haitong , Meng Xuying , Wang Suhang , et al . Spectral-based graph neural networks for complementary item recommendation [C ] // Proceedings of the 38th AAAI Conference on Artificial Intelligence . Vancouver : AAAI , 2024 : 8868 - 8876 . DOI: 10.1609/aaai.v38i8.28734 http://dx.doi.org/10.1609/aaai.v38i8.28734

Roesch M . Snort-lightweight intrusion detection for networks [C ] // Proceedings of the 13th USENIX Conference on System Administration . Seattle : USENIX Association , 1999 : 229 - 238 .

Tavallaee M , Bagheri E , Lu Wei , et al . A detailed analysis of the KDD CUP 99 data set [C ] // Proceedings of 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications . Ottawa : IEEE , 2009 : 1 - 6 . DOI: 10.1109/cisda.2009.5356528 http://dx.doi.org/10.1109/cisda.2009.5356528

Hearst M A , Dumais S T , Osuna E , et al . Support vector machines [J ] . IEEE Intelligent Systems and Their Applications , 1998 , 13 ( 4 ): 18 - 28 . DOI: 10.1109/5254.708428 http://dx.doi.org/10.1109/5254.708428

李康和 , 黄震华 . 基于噪声过滤与特征增强的图神经网络欺诈检测方法 [J ] . 电子学报 , 2023 , 51 ( 11 ): 3053 - 3060 .

Li Kanghe , Huang Zhenhua . Noise filtering and feature enhancement based graph neural network method for fraud detection [J ] . Acta Electronica Sinica , 2023 , 51 ( 11 ): 3053 - 3060 . (in Chinese)

Lee W , Stolfo S J , Mok K W . A data mining framework for building intrusion detection models [C ] // Proceedings of the 1999 IEEE Symposium on Security and Privacy . Oakland : IEEE , 1999 : 120 - 132 . DOI: 10.1145/312129.312212 http://dx.doi.org/10.1145/312129.312212

Liao Yihua , Vemuri V R . Use of K-nearest neighbor classifier for intrusion detection [J ] . Computers & Security , 2002 , 21 ( 5 ): 439 - 448 . DOI: 10.1016/s0167-4048(02)00514-x http://dx.doi.org/10.1016/s0167-4048(02)00514-x

Vinayakumar R , Soman K P , Poornachandran P . Applying convolutional neural network for network intrusion detection [C ] // Proceedings of 2017 International Conference on Advances in Computing, Communications and Informatics . Udupi : IEEE , 2017 : 1222 - 1228 . DOI: 10.1109/icacci.2017.8126009 http://dx.doi.org/10.1109/icacci.2017.8126009

Wang Wei , Zhu Ming , Zeng Xuewen , et al . Malware traffic classification using convolutional neural network for representation learning [C ] // Proceedings of 2017 International Conference on Information Networking . Da Nang : IEEE , 2017 : 712 - 717 . DOI: 10.1109/ICOIN.2017.7899588 http://dx.doi.org/10.1109/ICOIN.2017.7899588

Shone N , Ngoc T N , Phai V D , et al . A deep learning approach to network intrusion detection [J ] . IEEE Transactions on Emerging Topics in Computational Intelligence , 2018 , 2 ( 1 ): 41 - 50 . DOI: 10.1109/tetci.2017.2772792 http://dx.doi.org/10.1109/tetci.2017.2772792

Huoh T L , Luo Yan , Li Peilong , et al . Flow-based encrypted network traffic classification with graph neural networks [J ] . IEEE Transactions on Network and Service Management , 2023 , 20 ( 2 ): 1224 - 1237 . DOI: 10.1109/tnsm.2022.3227500 http://dx.doi.org/10.1109/tnsm.2022.3227500

Zuo Xingtao , Fang Cheng , Han Ping . Network traffic anomaly detection based on spatio-temporal dynamic graph [C ] // Proceedings of 2024 IEEE 14th International Conference on Electronics Information and Emergency Communication . Beijing : IEEE , 2024 : 221 - 225 . DOI: 10.1109/iceiec61773.2024.10561828 http://dx.doi.org/10.1109/iceiec61773.2024.10561828

Sun Zhenlu , Teixeira A M H , Toor S . GNN-IDS: Graph neural network based intrusion detection system [C ] // Proceedings of the 19th International Conference on Availability, Reliability and Security . Vienna : ACM , 2024 : 14 . DOI: 10.1145/3664476.3664515 http://dx.doi.org/10.1145/3664476.3664515

Hamilton W L , Ying R , Leskovec J . Inductive representation learning on large graphs [C ] // Proceedings of the 31st International Conference on Neural Information Processing Systems . Long Beach : Curran Associates Inc. , 2017 : 1025 - 1035 . DOI: 10.7551/mitpress/11474.003.0014 http://dx.doi.org/10.7551/mitpress/11474.003.0014

Abu-El-Haija S , Perozzi B , Kapoor A , et al . MixHop: Higher-order graph convolutional architectures via sparsified neighborhood mixing [C ] // Proceedings of the 36th International Conference on Machine Learning . Long Beach : PMLR , 2019 : 21 - 29 .

Duan Rui , Guang Mingjian , Wang Junli , et al . Unifying homophily and heterophily for spectral graph neural networks via triple filter ensembles [C ] // Proceedings of the 38th International Conference on Neural Information Processing Systems . Vancouver : Curran Associates Inc. , 2024 : 2966 . DOI: 10.52202/079017-2966 http://dx.doi.org/10.52202/079017-2966

Lester B , Al-Rfou R , Constant N . The power of scale for parameter-efficient prompt tuning [C ] // Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing . Punta Cana : Association for Computational Linguistics , 2021 : 3045 - 3059 . DOI: 10.18653/v1/2021.emnlp-main.243 http://dx.doi.org/10.18653/v1/2021.emnlp-main.243

Li X L , Liang P . Prefix-tuning: Optimizing continuous prompts for generation [C ] // Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long papers) . Online : Association for Computational Linguistics , 2021 : 4582 - 4597 . DOI: 10.18653/v1/2021.acl-long.353 http://dx.doi.org/10.18653/v1/2021.acl-long.353

Karimi Mahabadi R , Ruder S , Dehghani M , et al . Parameter-efficient multi-task fine-tuning for transformers via shared hypernetworks [C ] // Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long papers) . Online : Association for Computational Linguistics , 2021 : 565 - 576 . DOI: 10.18653/v1/2021.acl-long.47 http://dx.doi.org/10.18653/v1/2021.acl-long.47

Hu Zhuhua , Bai Yong , Huang Mengxing , et al . A self-adaptive progressive support selection scheme for collaborative wideband spectrum sensing [J ] . Sensors , 2018 , 18 ( 9 ): 3011 . DOI: 10.3390/s18093011 http://dx.doi.org/10.3390/s18093011

Li Xianghui , Hu Xianghui , Shen Chong , et al . TFF_aDCNN: A pre-trained base model for intelligent wideband spectrum sensing [J ] . IEEE Transactions on Vehicular Technology , 2023 , 72 ( 10 ): 12912 - 12926 . DOI: 10.1109/tvt.2023.3271970 http://dx.doi.org/10.1109/tvt.2023.3271970

Hu Zhuhua , Bai Yong , Zhao Yaochi , et al . Adaptive and blind wideband spectrum sensing scheme using singular value decomposition [J ] . Wireless Communications and Mobile Computing , 2017 , 2017 ( 1 ): 3279452 . DOI: 10.1155/2017/3279452 http://dx.doi.org/10.1155/2017/3279452

Chen Zhiqian , Chen Fanglan , Zhang Lei , et al . Bridging the gap between spatial and spectral domains: A unified framework for graph neural networks [J ] . ACM Computing Surveys , 2024 , 56 ( 5 ): 126 . DOI: 10.1145/3627816 http://dx.doi.org/10.1145/3627816

Bachman P , Hjelm R D , Buchwalter W . Learning representations by maximizing mutual information across views [C ] // Proceedings of the 33rd International Conference on Neural Information Processing Systems . Vancouver : Curran Associates Inc. , 2019 : 1392 .

Sharafaldin I , Habibi Lashkari A , Ghorbani A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C ] // Proceedings of the 4th International Conference on Information Systems Security and Privacy . Funchal : SciTePress , 2018 : 108 - 116 . DOI: 10.5220/0006639801080116 http://dx.doi.org/10.5220/0006639801080116

胡星高 . 基于小样本的网络恶意流量检测技术研究 [D ] . 成都 : 四川大学 , 2021 .

Hu Xinggao . Research on network malicious traffic detection technology based on few shot [D ] . Chengdu : Sichuan University , 2021 . (in Chinese)

Fernandes R , Lopes N . Network intrusion detection packet classification with the HIKARI-2021 dataset: A study on ML algorithms [C ] // Proceedings of 2022 10th International Symposium on Digital Forensics and Security . Istanbul : IEEE , 2022 : 1 - 5 . DOI: 10.1109/isdfs55398.2022.9800807 http://dx.doi.org/10.1109/isdfs55398.2022.9800807

Shi Yunsheng , Huang Zhengjie , Feng Shikun , et al . Masked label prediction: Unified message passing model for semi-supervised classification [C ] // Proceedings of the thirtieth International Joint Conference on Artificial Intelligence . Montreal : International Joint Conferences on Artificial Intelligence Organization , 2021 : 1548 - 1554 . DOI: 10.24963/ijcai.2021/214 http://dx.doi.org/10.24963/ijcai.2021/214

Davis J , Goadrich M . The relationship between precision-recall and ROC curves [C ] // Proceedings of the 23rd International Conference on Machine Learning . Pittsburgh : ACM , 2006 : 233 - 240 . DOI: 10.1145/1143844.1143874 http://dx.doi.org/10.1145/1143844.1143874

Zi Chenyi , Zhao Haihong , Sun Xiangguo , et al . ProG: A graph prompt learning benchmark [C ] // Proceedings of the 38th International Conference on Neural Information Processing Systems . Vancouver : Curran Associates Inc. , 2024 : 3023 . DOI: 10.52202/079017-3023 http://dx.doi.org/10.52202/079017-3023

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Joint Detection and Classification in Unsupervised Graph Learning

BottleneckNet: A Graph Neural Network for Post-Synthesis Timing Bottleneck Prediction in Large-Scale Digital ICs

Research on Tri-Subspace Decoupling Clustering Graph Neural Network for EEG-Based Emotion Recognition

Speech Large Language Models: Architecture, Training and Challenges Analysis

A Fast Inter-Patient Domain-Adaptive Arrhythmia Detection Method for Class-Imbalanced ECG Data

Related Author

ZHANG Yujun

MENG Xuying

WEI Ziling

LI Sicong

WANG Fei

CHEN Shuhui

LIU Yang

ZHANG Ze-tao

Related Institution

University of Chinese Academy of Sciences, Nanjing

Nanjing Institute of InforSuperBah

Purple Mountain Laboratory

College of Computer Science, National University of Defense Technology

Hisilicon, Huawei Technologies Co., Ltd.

⁰