Abstract With the increasingly complex network architecture under the development of information technology, it is more and more difficult to recognize various network traffic. Based on the direction of machine learning for network traffic anomaly detection, this paper proposes a three-stage CNN-LSTM attention mechanism model for feature extraction of original traffic and a PCA-based improvement for spatial feature learning of CNN to construct its anomaly traffic detection model. Meanwhile, based on the abnormal traffic detection, with discriminative network and generative network as the main parts, we propose the cyber security threat intelligence prediction model based on the use of a domain adaptive model to realize the shared representation of source and target domains. In the experiment of the abnormal traffic detection model, the accuracy rate of this paper’s detection model is 93.56%, the check-all rate is 99.2%, the F1 value is 84.9%, and the Kappa value is 80.66%. The detection level in the face of DOS attacks is the highest, with 98.28% and 99.63% checking full rate and checking accuracy, respectively. In the experiments of the network security threat intelligence prediction model, the prediction model of this paper reduces the time consumed by about 72% on average compared to rule file matching in dealing with large-scale network traffic. In high-risk cybersecurity threat attack types, it has an average prediction accuracy of 88.83% and a recall rate of over 90%.