Towards Anomaly Traffic Detection with Causal Interpretability Methods

The large non-independent and identically distributed (N-IID) samples result in a lack of stability and causal interpretability in the detection results of existing detectionmethods. To solve these problems, we propose an abnormal traffic detectionmethod based on causal interpretability. Thismethod first removes the false associations between features through Fourier feature transformation. Subsequently, a structural causal model (SCM) is constructed and pruned based on causal effects, and counterfactual diagnosis, thereby restoring the causal relationship between abnormal labels and traffic features. Verification on the CICIDS2019 and ToN_IoT datasets shows that this method effectively removes noise features, redundant information and false associations to effectively restore the causal relationships between network attacks and abnormal traffic features, ensuring good detection precision, guaranteeing detection stability when traffic is polluted and causal interpretability for network anomalies.