Abstract: The intelligent learning method plays a crucial role in network data anomaly analysis. However, traditional intelligent anomaly analysis methods often struggle to strike a balance among the interpretability of network data analysis results, the consumption of computing resources for anomaly analysis, and the accuracy of analyzing network data stream sequences. To address these challenges, a novel network data flow anomaly detection model combining hybrid feature selection and Transformer is proposed. This model conducts data preprocessing via a hybrid feature selection method and performed anomaly detection based on an enhanced Transformer model. A hybrid feature selection algorithm, utilizing both tree models and mutual information, is employed to reduce the dimensionality of network data features. The Encoder part of the Transformer serves as the core of the classification task, and convolution operations are integrated to enhance the local perception ability of network data stream sequences. Classification is then performed using a classification header. The proposed method has been simulated and validated using the publicly available intrusion detection dataset CICIDS2017. Experimental results demonstrate that the proposed model effectively detects network data flow anomalies, outperforming existing intrusion detection methods based on neural networks.