WT-CFormer: High-Performance Web Traffic Anomaly Detection Based on Spatiotemporal Analysis

Web traffic (WT) refers to time-series data that captures the volume of data transmitted to and from a web server during a user's visit to a website. However, web traffic has different distributions coming from various sources as well as the imbalance between normal and abnormal categories, it is difficult to accurately and efficiently identify abnormal web traffic. Deep neural network approaches for web traffic anomaly detection have achieved cutting-edge classification performance. In order to achieve high-performance spatiotemporal detection of network attacks, we innovatively design WT-CFormer, which integrates Transformer and CNN, effectively capturing the temporal and spatial characteristics. We conduct a large numbr of experiments to evaluate the method we proposed. The results show that WT-CFormer has the highest performance, obtaining a recall as high as 96.79%, a precision of 97.35%, an F1 score of 97.07%, and an accuracy of 99.43%, which is 7.09%,1.15%, 4.77%, and 0.83% better than the state-of-the-art method, followed by C-LSTM, CTGA, random forest, and KNN algorithms. In addition, we find that the classification performance of WT-CFormer with only 50 training epochs outperforms C-LSTM with 500 training epochs, which greatly improves the convergence performance. Finally, we perform ablation experiments to demonstrate the necessity of each component within WT-CFormer.