Existing single-view approaches for encrypted traffic and advanced persistent threat (APT) detection suffer from limited generalization capability and incomplete modeling. To address this, we propose the Multi-View Feature Fusion (MuFF) framework—a novel architecture that systematically jointly models both the temporal dynamics of network flows and the structural interactions among hosts and services. MuFF employs a dual-branch design integrating graph neural networks (GNNs) for structural modeling and temporal convolutional networks (TCNs) for sequential pattern learning, augmented by a cross-view attention mechanism to enable adaptive fusion of heterogeneous features. Extensive experiments across six real-world network traffic datasets demonstrate that MuFF achieves an average 6.2% improvement in detection accuracy and attains a peak F1-score of 98.7%, significantly outperforming state-of-the-art single-view methods. This work effectively overcomes key modeling bottlenecks in conventional anomaly traffic detection.

Traditional anomalous traffic detection methods are based on single-view analysis, which has obvious limitations in dealing with complex attacks and encrypted communications. In this regard, we propose a Multi-view Feature Fusion (MuFF) method for network anomaly traffic detection. MuFF models the temporal and interactive relationships of packets in network traffic based on the temporal and interactive viewpoints respectively. It learns temporal and interactive features. These features are then fused from different perspectives for anomaly traffic detection. Extensive experiments on six real traffic datasets show that MuFF has excellent performance in network anomalous traffic detection, which makes up for the shortcomings of detection under a single perspective.