C-LSTM Traffic Anomaly Detection Model Based on Attention Mechanism

Amid the rapid expansion of digital infrastructure and the escalating sophistication of cyberattack strategies, network traffic anomaly detection has emerged as a critical cybersecurity mechanism for securing modern digital ecosystems. To overcome the shortcomings of traditional machine learning methods—specifically their limited accuracy in traffic pattern recognition—this paper proposes a novel C-LSTM anomaly detection model enhanced by an attention mechanism. Building on advancements in deep learning architectures, the proposed model integrates CNNs and Bi-LSTM networks to comprehensively capture spatial and temporal traffic features. The attention mechanism mitigates Bi-LSTM's inherent vulnerability to vanishing gradients during long-sequence data processing by adaptively reweighting feature significance, thereby optimizing detection performance. The model was rigorously validated using the NSL-KDD and UNSW-NB15 standard benchmark datasets and evaluated against contemporary state-of-the-art detection methods. Experimental results demonstrate superior performance, with classification accuracies of 97.3% on NSL-KDD and 95.8% on UNSW-NB15, alongside a 12% reduction in false positives compared to baseline models. Notably, the attention mechanism achieved incremental accuracy improvements of 1.62% (NSL-KDD) and 1.48% (UNSW-NB15) compared to the baseline CNN-LSTM model. These findings demonstrate the model's effectiveness in enhancing anomaly detection robustness, providing a practical framework for real-world cybersecurity implementations.