C-LSTM Traffic Anomaly Detection Model Based on Attention Mechanism

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-09-28 DOI:10.1002/cpe.70314

Qinlu He, Fan Zhang, Genqing Bian, Weiqi Zhang, Zhen Li

{"title":"C-LSTM Traffic Anomaly Detection Model Based on Attention Mechanism","authors":"Qinlu He, Fan Zhang, Genqing Bian, Weiqi Zhang, Zhen Li","doi":"10.1002/cpe.70314","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Amid the rapid expansion of digital infrastructure and the escalating sophistication of cyberattack strategies, network traffic anomaly detection has emerged as a critical cybersecurity mechanism for securing modern digital ecosystems. To overcome the shortcomings of traditional machine learning methods—specifically their limited accuracy in traffic pattern recognition—this paper proposes a novel C-LSTM anomaly detection model enhanced by an attention mechanism. Building on advancements in deep learning architectures, the proposed model integrates CNNs and Bi-LSTM networks to comprehensively capture spatial and temporal traffic features. The attention mechanism mitigates Bi-LSTM's inherent vulnerability to vanishing gradients during long-sequence data processing by adaptively reweighting feature significance, thereby optimizing detection performance. The model was rigorously validated using the NSL-KDD and UNSW-NB15 standard benchmark datasets and evaluated against contemporary state-of-the-art detection methods. Experimental results demonstrate superior performance, with classification accuracies of 97.3% on NSL-KDD and 95.8% on UNSW-NB15, alongside a 12% reduction in false positives compared to baseline models. Notably, the attention mechanism achieved incremental accuracy improvements of 1.62% (NSL-KDD) and 1.48% (UNSW-NB15) compared to the baseline CNN-LSTM model. These findings demonstrate the model's effectiveness in enhancing anomaly detection robustness, providing a practical framework for real-world cybersecurity implementations.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 25-26","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70314","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Amid the rapid expansion of digital infrastructure and the escalating sophistication of cyberattack strategies, network traffic anomaly detection has emerged as a critical cybersecurity mechanism for securing modern digital ecosystems. To overcome the shortcomings of traditional machine learning methods—specifically their limited accuracy in traffic pattern recognition—this paper proposes a novel C-LSTM anomaly detection model enhanced by an attention mechanism. Building on advancements in deep learning architectures, the proposed model integrates CNNs and Bi-LSTM networks to comprehensively capture spatial and temporal traffic features. The attention mechanism mitigates Bi-LSTM's inherent vulnerability to vanishing gradients during long-sequence data processing by adaptively reweighting feature significance, thereby optimizing detection performance. The model was rigorously validated using the NSL-KDD and UNSW-NB15 standard benchmark datasets and evaluated against contemporary state-of-the-art detection methods. Experimental results demonstrate superior performance, with classification accuracies of 97.3% on NSL-KDD and 95.8% on UNSW-NB15, alongside a 12% reduction in false positives compared to baseline models. Notably, the attention mechanism achieved incremental accuracy improvements of 1.62% (NSL-KDD) and 1.48% (UNSW-NB15) compared to the baseline CNN-LSTM model. These findings demonstrate the model's effectiveness in enhancing anomaly detection robustness, providing a practical framework for real-world cybersecurity implementations.

Abstract Image

查看原文本刊更多论文

基于注意机制的C-LSTM流量异常检测模型

随着数字基础设施的快速扩张和网络攻击策略的日益复杂，网络流量异常检测已成为保护现代数字生态系统的关键网络安全机制。为了克服传统机器学习方法在交通模式识别方面的不足，本文提出了一种基于注意力机制的C-LSTM异常检测模型。基于深度学习架构的进步，提出的模型集成了cnn和Bi-LSTM网络，以全面捕获时空流量特征。注意机制通过自适应地重新加权特征显著性，缓解了Bi-LSTM在长序列数据处理过程中固有的梯度消失脆弱性，从而优化了检测性能。该模型使用NSL-KDD和UNSW-NB15标准基准数据集进行了严格验证，并与当代最先进的检测方法进行了评估。实验结果表明，与基线模型相比，NSL-KDD的分类准确率为97.3%，UNSW-NB15的分类准确率为95.8%，同时误报率降低了12%。值得注意的是，与基线CNN-LSTM模型相比，注意机制的准确率分别提高了1.62% （NSL-KDD）和1.48% （UNSW-NB15）。这些发现证明了该模型在增强异常检测鲁棒性方面的有效性，为现实世界的网络安全实施提供了一个实用的框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.