MFFusion: A Multi-level Features Fusion Model for Malicious Traffic Detection based on Deep Learning

Network malicious traffic detection is one of the essential tasks of computer networks, which has become an obstacle to network development as networks are expanding in size and complexity. Current works generally investigate a variety of features, while most of them suffer from high characteristic design cost, difficult feature selection, and poor real-time performance, etc. More seriously, data imbalance makes models hard to train, resulting in the low detection rate of abnormal samples. In this paper, we propose a multi-level feature fusion model (MFFusion) that combines data timing, byte, and statistical features to extract valid information from multiple perspectives, to obtain a more efficient and robust model. To deal with the problem of data imbalance, we propose the adaptive balance training method (ABT) and design a new loss function called Attention Loss. Experiments show that ABT can stabilize the training process, reduce the training time, and improve the model performance; Attention Loss adjusts the weights of samples adaptively, which improves the detection rate of abnormal samples. MFFusion has achieved the excellent performance of detection rate and false alarm rate on a series of real network datasets, outperforming other state of art works. We also apply MFFusion to IoT network anomaly detection with the latest IoT malicious traffic dataset IoT23. Experiments show that MFFusion is versatile, and it is suitable for network anomaly detection in the IoT environment, whose performance has reached the application level.