Using Machine Learning to Detect Unusual Patterns and Behaviors in Network Security

Abstract

The development of the network anomaly detection model leveraged the computational robustness of the Anaconda programming environment. The concluding phase of this study, classification and performance evaluation, leverages features selected through the LDA algorithm to train machine learning classification models. Algorithms such as Random Forest and Support Vector Machine are employed, and the individual models undergo rigorous evaluation using metrics such as accuracy, precision, recall, and F1-score. This meticulous evaluation process ensures the reliability and efficacy of the models in discerning network intrusions. The Support Vector Machine (SVM) classification report for network anomaly detection using the CIC-DDoS2019 dataset indicates high performance across various evaluation metrics. With a precision of 0.9966 for class 0 and 0.9973 for class 1, the SVM demonstrates a strong ability to accurately classify instances of both normal and anomalous network traffic. Similarly, the recall scores of 0.9973 for class 0 and 0.9965 for class 1 indicate the model’s effectiveness in identifying the majority of instances belonging to each class. The F1 scores, which consider both precision and recall, are also high for both classes, with values of 0.9970 for class 0 and 0.9969 for class 1. Moreover, the overall accuracy of the SVM model is reported as jnis0.9969, indicating its ability to correctly classify a large proportion of instances in the dataset. By delineating the research methodology into these phases, leveraging advanced computational tools and libraries, and reporting high-performance metrics for the SVM model, this study presents a comprehensive framework for developing an effective network anomaly detection system using machine learning algorithm.

Keywords: Anomaly, Detection, Intrusion, Network, Support vector machine.

View PDF