Anomaly Detection in Network Traffic Using Unsupervised Learning

This paper examines the possibility of using unsupervised learning as a method for network traffic anomaly detection. It employed and differentiated a variety of approaches including Autoencoder, Self-organizing map, Isolation forest, Gaussian mixture model, and K-means clustering. This research sought to assess the proposed model using several datasets of real traffic and attack simulations. As revealed by the results in this paper, autoencoder-based models yield higher performance than other models with an average F1-score of 0. 92% and 96% of a detection rate on the known threats to be achieved. There was almost no delay between the two components, and the ensemble strategy that included a lightweight autoencoder and isolation forest achieved the highest real-time processing rate of flows per second within 10000. They demonstrated that the method is also scalable up to 100 million flows per day. Another crucial factor in AI-security systems, which was discussed in the course of the research, is interpretability. Due to these studies, the advancement of unsupervised anomaly detection in network security has been significantly enhanced since this work offers applicable means for identifying the existing and recognized potential and known zero-day threats.