It is urgent to establish an efficient and comprehensive security system architecture facing the increasingly severe network threat. Aiming at the security problems in information systems, a deep security detection framework based on ATT&CK is proposed. There are three modules: information collection, analysis engine, and security response. The anomaly detection results of the technical layer based on ATT&CK knowledge base association analysis are mapped to the attack links of the tactical layer, thus realizing the bottom-up system security detection. An improved transformer anomaly detection method based on FLOATER positional coding is applied in the security detection framework to realize the early detection of network threats. Based on the continuous dynamic system, the positional coding function is learned to capture the temporal features of the sequence. Then multi-head attention is used to encode the input sequence. Moreover, the model training is optimized by the adversarial method. The experimental results demonstrated that the method applied in this work outperforms traditional deep learning models in terms of detection accuracy and F1 score.