关键词: 异常检测, 网络流量, 卷积神经网络, 长短期记忆, 深度学习

Abstract: In the current field of network traffic anomaly detection, problems such as complex model structures and high computational resource requirements are widespread, making it difficult to deploy and perform detection on resource-constrained devices. To address these problems, a network traffic anomaly detection model  based on gated feature fusion and multi-scale convolution, named GFMCAD, is proposed. Firstly, principal component analysis is combined with a clustering method to reduce the complexity of network traffic data. Secondly, parallel multi-scale convolution blocks composed of one-dimensional convolutional neural networks and multi-layer long short-term memory networks are used to extract spatial and temporal features of network traffic at different scales, respectively. Then, the extracted spatial and temporal features are adaptively fused through a gated feature fusion module. Finally, residual fully connected layers and the Softmax function are used to identify abnormal traffic. According to the experimental results on three benchmark datasets, GFMCAD achieves accuracies of 0.971 6, 0.965 8, and 0.987 5， respectively. Experimental results show that GFMCAD reduces the consumption of computational resources while improving the detection capability of the model.

Key words: anomaly detection, network traffic, convolutional neural network, long short-term memory, deep learning