A COMPARATIVE STUDY: ANOMALY DETECTION IN NETWORK TRAFFIC USING MACHINE LEARNING

Abstract

Network anomalies often signal cyber threats, making their detection crucial for enhancing security measures in today’s interconnected systems. This study compares the efficacy of three machine learning algorithms—Isolation Forest, One-Class SVM, and Autoencoders—in detecting anomalies in network traffic. Utilizing the NSL-KDD and CICIDS2017 datasets, we evaluate the models’ performance based on accuracy, precision, recall, and F1-score. Our analysis reveals that Autoencoders outperform the other algorithms in identifying complex anomalies, highlighting their potential for real-world applications such as detecting DDoS attacks and unauthorized access attempts. The findings underscore the importance of selecting appropriate machine learning techniques for effective network intrusion detection, paving the way for robust cybersecurity solutions. We also discuss challenges like data imbalance and model interpretability, offering insights for future research directions in applying deep learning to network security.