Deep Learning Approach for Protocol Anomaly Detection Using Status Code Sequences

This paper addresses the limitations of traditional protocol anomaly detection methods in handling dynamic state changes and unstructured behaviors. A deep protocol anomaly detection algorithm based on status code sequence modeling is proposed. The method uses the status codes returned during protocol communication as the core input. A state embedding layer is employed to transform discrete status codes into continuous vector representations. A gated recurrent unit (GRU) is then used to capture temporal dependencies and behavior patterns within the status sequence. Based on this structure, the model integrates sequence reconstruction and contrastive learning mechanisms. Reconstruction error is used to characterize the normal distribution of sequences. Contrastive loss is introduced to enhance the model’s ability to distinguish abnormal states. The paper also conducts a series of sensitivity experiments on key hyperparameters, including the number of hidden units, activation functions, and the temperature coefficient. These experiments verify the influence of each module on the overall performance of the model. The proposed method achieves superior performance across multiple evaluation metrics. It effectively identifies potential abnormal behaviors at the protocol layer. The method also demonstrates good generalizability and strong detection capability.