En esta página

Machine learning-based network anomaly detection: design, implementation, and evaluation

Schummer Bengoa, Pilar ORCID: https://orcid.org/0009-0000-1134-179X, Río Ponce, Alberto del ORCID: https://orcid.org/0000-0002-6832-4381, Serrano Romero, Javier ORCID: https://orcid.org/0000-0003-2111-187X, Jiménez Bermejo, David ORCID: https://orcid.org/0000-0002-7382-4276, Sánchez Illán, Guillermo ORCID: https://orcid.org/0009-0007-0927-6344 and Llorente Gómez, Álvaro ORCID: https://orcid.org/0000-0001-8737-2402 (2024). Machine learning-based network anomaly detection: design, implementation, and evaluation. "AI", v. 5 (n. 4); pp. 2967-2983. ISSN 2673-2688. https://doi.org/10.3390/ai5040143.

Descripción

Título: Machine learning-based network anomaly detection: design, implementation, and evaluation
Autor/es:
Tipo de Documento: Artículo
Título de Revista/Publicación: AI
Fecha: 17 Diciembre 2024
ISSN: 2673-2688
Volumen: 5
Número: 4
Materias:
ODS:
Palabras Clave Informales: Anomaly detection, explainable AI, machine learning, network anomalies, network performance
Escuela: E.T.S.I. Telecomunicación (UPM)
Departamento: Sistemas Informáticos
Licencias Creative Commons: Reconocimiento

Texto completo

[thumbnail of 10316838.pdf] PDF (Portable Document Format) - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (6MB)

Resumen

Background: In the last decade, numerous methods have been proposed to define and detect outliers, particularly in complex environments like networks, where anomalies significantly deviate from normal patterns. Although defining a clear standard is challenging, anomaly detection systems have become essential for network administrators to efficiently identify and resolve irregularities. Methods: This study develops and evaluates a machine learning-based system for network anomaly detection, focusing on point anomalies within network traffic. It employs both unsupervised and supervised learning techniques, including change point detection, clustering, and classification models, to identify anomalies. SHAP values are utilized to enhance model interpretability. Results: Unsupervised models effectively captured temporal patterns, while supervised models, particularly Random Forest (94.3%), demonstrated high accuracy in classifying anomalies, closely approximating the actual anomaly rate. Conclusions: Experimental results indicate that the system can accurately predict network anomalies in advance. Congestion and packet loss were identified as key factors in anomaly detection. This study demonstrates the potential for real-world deployment of the anomaly detection system to validate its scalability.

Proyectos asociados

Tipo
Código
Acrónimo
Responsable
Título
Horizonte Europa
101092696
CODECO
Sin especificar
Cognitive Decentralised Edge Cloud Orchestration
Horizonte Europa
101070118
NEMO
Sin especificar
Next Generation Meta Operating System
Horizonte Europa
101168182
CyberNEMO
Sin especificar
End-to-end Cybersecurity to NEMO meta-OS

Más información

ID de Registro: 88684
Identificador DC: https://oa.upm.es/88684/
Identificador OAI: oai:oa.upm.es:88684
URL Portal Científico: https://portalcientifico.upm.es/es/ipublic/item/10316838
Identificador DOI: 10.3390/ai5040143
URL Oficial: https://www.mdpi.com/2673-2688/5/4/143
Depositado por: iMarina Portal Científico
Depositado el: 10 Abr 2025 10:54
Ultima Modificación: 10 Abr 2025 10:54

El Archivo Digital UPM es el repositorio digital institucional mantenido por la Biblioteca de la Universidad Politécnica de Madrid. Desarrollado y gestionado con EPrints.

Sindicación: Atom, RSS 2.0 y RSS 1.0 (HTML)
Recolección: OAI 2.0