Network Anomalies Detection Using Traffic Patterns Analysis

Abstract

ABSTRACT The exponential growth of Internet users over the past decades underscores the pivotal role of the Internet in modern life. However, this surge in Internet usage has led to a corresponding increase in cyber security attacks, especially given the rise of digital currencies. The reliance on signature-based detection and challenges posed by SSL/TLS encryption highlights the pressing need for advanced approaches to network security. Traffic behaviour analysis solutions prove effective in addressing challenges. Models detecting network anomalies through traffic behaviours are crucial in overcoming issues. The methodology involves training machine learning-based models on a comprehensive dataset with diverse traffic features, ensuring accurate anomaly detection. This research addresses the critical issue of network security by proposing an innovative approach to anomaly detection using advanced machine learning techniques and leveraging a recently collected, up-to-date dataset. The trained model underwent evaluation using the same test dataset across all selected algorithms, ensuring a fair comparison. For the performance evaluation of each algorithm, a comprehensive set of evaluation metrics was employed, including accuracy, precision, recall, F1-score, and the area under the Receiver Operating Characteristic (ROC) curve. Utilizing a labeled dataset encompassing various attack types, the proposed traffic pattern-based anomaly detection experiments achieved remarkable results, with each tested machine learning algorithm surpassing 95% accuracy with binary classes. Random Forest, XGBoost, and K-Nearest Neighbors emerged as the top performers, boasting validation accuracy rates of 99.64%, 99.61%, and 99.05%, respectively. Furthermore, these algorithms performed well even in the presence of infrequent anomaly events. This research significantly advances network anomaly detection, offering valuable insights for cybersecurity practitioners. The study introduces a versatile and adaptable approach to effectively safeguard against dynamic cyber threats in the digital era.