Web traffic (WT) refers to time-series data that captures the volume of data transmitted to and from a web server during a user's visit to a website. However, web traffic has different distributions coming from various sources as well as the imbalance between normal and abnormal categories, it is difficult to accurately and efficiently identify abnormal web traffic. Deep neural network approaches for web traffic anomaly detection have achieved cutting-edge classification performance. In order to achieve high-performance spatiotemporal detection of network attacks, we innovatively design WT-CFormer, which integrates Transformer and CNN, effectively capturing the temporal and spatial characteristics. We conduct a large numbr of experiments to evaluate the method we proposed. The results show that WT-CFormer has the highest performance, obtaining a recall as high as 96.79%, a precision of 97.35%, an F1 score of 97.07%, and an accuracy of 99.43%, which is 7.09%,1.15%, 4.77%, and 0.83% better than the state-of-the-art method, followed by C-LSTM, CTGA, random forest, and KNN algorithms. In addition, we find that the classification performance of WT-CFormer with only 50 training epochs outperforms C-LSTM with 500 training epochs, which greatly improves the convergence performance. Finally, we perform ablation experiments to demonstrate the necessity of each component within WT-CFormer.

翻译：网络流量（WT）是指用户访问网站期间，传输至Web服务器及从Web服务器传出的数据量所形成的时间序列数据。然而，网络流量因来源不同而具有不同的分布特性，且正常与异常类别之间存在不平衡，因此难以准确高效地识别异常网络流量。基于深度神经网络的网络流量异常检测方法已取得前沿的分类性能。为实现对网络攻击的高性能时空检测，我们创新性地设计了WT-CFormer，它融合了Transformer与CNN，能有效捕获时空特征。我们进行了大量实验以评估所提出的方法。结果表明，WT-CFormer具有最高的性能，召回率高达96.79%，精确率为97.35%，F1分数为97.07%，准确率为99.43%，相较于当前最优方法分别提升了7.09%、1.15%、4.77%和0.83%，其后依次为C-LSTM、CTGA、随机森林和KNN算法。此外，我们发现仅训练50个周期的WT-CFormer，其分类性能已优于训练500个周期的C-LSTM，这显著提升了收敛性能。最后，我们通过消融实验验证了WT-CFormer中各组件的必要性。