APPLICATION OF MACHINE LEARNING METHODS FOR ANOMALY DETECTION IN NETWORK TRAFFIC
DOI:
https://doi.org/10.34185/1991-7848.itmm.2026.01.082Keywords:
machine learning, anomaly detection, network traffic, cybersecurity, intrusion detection system, Random Forest, classification, NSL-KDDAbstract
This paper investigates the effectiveness of machine learning methods for anomaly detection in network traffic. The main approaches to building intelligent intrusion detection systems (IDS) are analyzed, including signature-based analysis and machine learning-based methods. An experimental comparison of Random Forest, Support Vector Machine, k-Nearest Neighbors, and Multilayer Perceptron algorithms was performed on the NSL-KDD dataset. Classification quality was assessed using Accuracy, Precision, Recall, and F1-score metrics. The results showed that the Random Forest method provides the best balance of accuracy and computational efficiency for real-time network anomaly detection tasks. The prospects of applying ensemble methods and deep learning for improving cyber threat detection quality are identified.
References
Buczak A.L., Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials. 2016. Vol. 18, No. 2. P. 1153–1176. DOI: https://doi.org/10.1109/COMST.2015.2494502
Ahmad Z., Shahid Khan A., Wai Shiang C., Abdullah J., Ahmad F. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies. 2021. Vol. 32, No. 1. e4150. DOI: https://doi.org/10.1002/ett.4150
Tavallaee M., Bagheri E., Lu W., Ghorbani A.A. A Detailed Analysis of the KDD CUP 99 Data Set. Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA). 2009. P. 1–6. DOI: https://doi.org/10.1109/CISDA.2009.5356528
Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Proceedings of the Network and Distributed System Security Symposium (NDSS). 2018. DOI: https://dx.doi.org/10.14722/ndss.2018.23204
