Network traffic anomaly detection method based on stacked fusion time features

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-22 DOI:10.1016/j.comnet.2025.111729

Tianhao Hou , Zheng Zhang , Qiuling Wu , Yan Yan , Hao Li

{"title":"Network traffic anomaly detection method based on stacked fusion time features","authors":"Tianhao Hou , Zheng Zhang , Qiuling Wu , Yan Yan , Hao Li","doi":"10.1016/j.comnet.2025.111729","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid growth of Network Traffic (NT) necessitates reliable anomaly detection to mitigate security threats and ensure system stability. An accurate NT prediction strategy is key in this process. However, current network traffic anomaly detection (NTAD) methods are limited in accuracy due to their inability to adequately balance the modeling of short-term and long-term temporal dependencies in network traffic. This paper proposes an NTAD method based on a Stacked Fusion Time Feature (SFTF) framework to overcome this limitation. Specifically, a stacked time feature encoder is first constructed to capture time-series patterns across multiple resolutions, generating hierarchical feature sequences. These sequences are then fed into a multi-timescale feature fusion module based on a temporal convolutional network to integrate local and global temporal features. In addition, an interquartile range-based detection mechanism is established to identify anomalies from the prediction results. Experiments are conducted on two representative datasets, Yahoo S5 and SMD. On Yahoo S5, SFTF achieves an average AUC of 0.9647 and an <span><math><msub><mi>F</mi><mn>1</mn></msub></math></span> score of 0.9750; on SMD, SFTF attains an <span><math><msub><mi>F</mi><mn>1</mn></msub></math></span> score of 0.9713, with precision and recall of 0.9803 and 0.9622, respectively. These results demonstrate that SFTF can effectively identify abnormal states and accurately locate network anomalies across datasets with different temporal characteristics. The proposed method offers a robust and accurate solution for NTAD in large-scale, low-latency environments, with promising applications in bandwidth optimization and cybersecurity.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111729"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006954","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid growth of Network Traffic (NT) necessitates reliable anomaly detection to mitigate security threats and ensure system stability. An accurate NT prediction strategy is key in this process. However, current network traffic anomaly detection (NTAD) methods are limited in accuracy due to their inability to adequately balance the modeling of short-term and long-term temporal dependencies in network traffic. This paper proposes an NTAD method based on a Stacked Fusion Time Feature (SFTF) framework to overcome this limitation. Specifically, a stacked time feature encoder is first constructed to capture time-series patterns across multiple resolutions, generating hierarchical feature sequences. These sequences are then fed into a multi-timescale feature fusion module based on a temporal convolutional network to integrate local and global temporal features. In addition, an interquartile range-based detection mechanism is established to identify anomalies from the prediction results. Experiments are conducted on two representative datasets, Yahoo S5 and SMD. On Yahoo S5, SFTF achieves an average AUC of 0.9647 and an

F_{1}

score of 0.9750; on SMD, SFTF attains an

F_{1}

score of 0.9713, with precision and recall of 0.9803 and 0.9622, respectively. These results demonstrate that SFTF can effectively identify abnormal states and accurately locate network anomalies across datasets with different temporal characteristics. The proposed method offers a robust and accurate solution for NTAD in large-scale, low-latency environments, with promising applications in bandwidth optimization and cybersecurity.

查看原文本刊更多论文

基于堆叠融合时间特征的网络流量异常检测方法

随着网络流量的快速增长，需要可靠的异常检测来缓解安全威胁，保证系统的稳定性。在此过程中，准确的NT预测策略是关键。然而，当前的网络流量异常检测（nad）方法由于无法充分平衡网络流量的短期和长期时间依赖关系的建模，其准确性受到限制。本文提出了一种基于堆叠融合时间特征（SFTF）框架的NTAD方法来克服这一局限性。具体而言，首先构建了一个堆叠时间特征编码器，以捕获多分辨率的时间序列模式，生成分层特征序列。然后将这些序列输入到基于时间卷积网络的多时间尺度特征融合模块中，以整合局部和全局时间特征。此外，建立了基于四分位距离的检测机制，从预测结果中识别异常。在Yahoo S5和SMD两个具有代表性的数据集上进行了实验。在Yahoo S5上，SFTF的平均AUC为0.9647，F1得分为0.9750；在SMD上，SFTF的F1得分为0.9713，准确率为0.9803，召回率为0.9622。结果表明，SFTF可以有效识别异常状态，准确定位不同时间特征数据集的网络异常。该方法为大规模、低延迟环境下的nad提供了鲁棒性和准确性的解决方案，在带宽优化和网络安全方面具有广阔的应用前景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.