Detecting Network Anomalies in NetFlow Traffic with Machine Learning Algorithms

Early detection of anomalies in network traffic data is critical for robust cybersecurity. This study investigates the effectiveness of various Machine Learning and Deep Learning models for identifying anomalous patterns in NetFlow v9 traffic. We address data preprocessing challenges and explore feature engineering techniques to optimize anomaly detection system performance. Our study evaluates the performance of several models based on key metrics like accuracy, Area Under the Curve (AUC), and computational efficiency. The results highlight the strengths and limitations of each model, emphasizing the importance of balancing performance with real-world deployment feasibility. Random Forest emerged as the most effective model, achieving an accuracy of 93.8% and an AUC of 0.99. Additionally, it demonstrated superior training and testing times, requiring only 0.19 seconds for training and 0.23 microseconds per prediction. Conversely, the Recurrent Neural Network model exhibited limitations in training efficiency and overall performance. Through a nuanced analysis of model performance and computational considerations, this study contributes to advancing anomaly detection techniques for network security applications.