Network Traffic Anomaly Detection Method Based on Deep Neural Network

Along with the fast growth of the Internet and web technology, the magnitude of network traffic has increased dramatically, and network attacks and security threats have become increasingly complex and diverse. The current network traffic data has high feature dimensions in complex network environments. Traditional ML methods such as RF are difficult to fully capture the temporal changes of network traffic and extract high-dimensional features, resulting in low detection accuracy. This paper uses the advantages of GRU in processing temporal dynamic information and CNN's ability to extract local features, combined with CBAM, to detect network traffic. The study first uses the CNN module to extract features from the original network traffic data, extracting feature maps such as instantaneous fluctuations in packet size and periodic change patterns of traffic. Then, the CBAM module is embedded in the CNN. After each convolution operation in the CNN generates a feature map, the feature map is directly input into the CBAM module for weighted processing, and the CA and SAMs are used to enhance important features. Finally, the feature map processed by CBAM is flattened into a one-dimensional vector and input into the GRU network for time series modeling to capture the long-term dependencies in the traffic data and detect abnormal traffic. The experiment was based on the public data sets NSL-KDD, ISCX-IDS, and CTU-13 to conduct NT-AD experiments. The outcome indicates that the accuracy of the GRU-CNN-CBAM model on the CTU-13 dataset is 98.5%, which is 29.2% higher than the RF model, and the F1 value reaches 96.8%. Experiments show that DNNs can fully capture the temporal changes and high-dimensional features of network traffic, significantly improving the accuracy of NT-AD.