Transformer-based anomaly detection in network intrusion detection systems

Singh Manpreet, Yamamoto Kenji, Costa Rafael

doi:10.1063/5.0246983

Conference Paper

Transformer-based anomaly detection in network intrusion detection systems

Singh Manpreet¹, Yamamoto Kenji², Costa Rafael³

¹PEC University of Technology, Chandigarh, India

²Osaka University, Japan

³University of Sao Paulo, Brazil

Published Online

March 18, 2026

DOI

10.1063/5.0246983

ISSN

1551-7616

Publisher

DAPC Publishing

Abstract

This paper introduces a transformer-based architecture for network intrusion detection that captures temporal dependencies in network traffic flows. Evaluated on the CICIDS-2017 and UNSW-NB15 benchmark datasets, our model achieves F1 scores of 0.987 and 0.964 respectively, outperforming existing LSTM and CNN-based approaches. The attention mechanism provides interpretable feature importance scores that aid security analysts in understanding detected threats.

Topics

CybersecurityDeep LearningAnomaly DetectionTransformersNetwork Security

Full Text Preview

We propose NetFormer, a 6-layer transformer encoder that processes sequences of 64 network flow records. Each flow is represented by 78 features including packet sizes, inter-arrival times, flag counts, and protocol distributions. Positional encoding captures temporal ordering of flows within sessions. Multi-head attention (8 heads) identifies correlations between flow features that characterize attack patterns. The model is trained with focal loss to handle severe class imbalance.

Published Through

DAPC Publishing

Official Publication Partner

SCOPUS Indexed

Maximum Visibility & Tracking

Peer Reviewed

Rigorous Academic Standards

Back to all publications