An Industrial Network Traffic Anomaly Detection Method Based on Improved DeepFM Model

Aiming to address the issue of low accuracy in industrial network traffic anomaly detection, we propose an improved DeepFM model for multi-type anomaly detection. The dataset undergoes preprocessing, including encoding and non-string numerical operations. The SMOTE-ENN algorithm is utilized to balance the data through oversampling and undersampling. The improved DeepFM model is employed to extract linear, non-linear, and temporal features from the industrial network traffic data. These features are then fed into an anomaly detector classifier constructed based on Softmax to achieve high-performance detection of traffic attacks. The effectiveness of the model is verified using the UNSW-NB15 dataset, with experimental results demonstrating a detection accuracy of 0.95 for DoS attacks, 0.94 for Fuzzers attacks, and 0.92 for Worms attacks, significantly surpassing other algorithms, which confirms the effective utilization of the proposed model for industrial network traffic anomaly detection.