An Empirical Study of Machine Learning Algorithms for Network Flow Anomaly Detection
DOI:
https://doi.org/10.29304/jqcsm.2026.18.22517Keywords:
Anomaly Detection, Network Log Data, Cybersecurity, Machine Learning, Intrusion Detection SystemsAbstract
Cyberattacks have increased significantly, while networks are becoming more complex and difficult to defend; therefore, there is a pressing need to find intelligent ways to identify and respond to abnormal activity threatening information security. Current systems can identify abnormalities based on static and repetitive network behavior that do not apply to the constantly changing nature of the volatile Information Technology (IT) environment we operate in today. This study uses Artificial Intelligence (AI) and Machine Learning (ML) to develop an anomaly-detection model from Network Log Data to help bridge this gap. This study utilized a complete dataset with several important network-flow characteristics (ports, protocols, duration of flows, number of packets in each flow, length of packets, labels of flows (normal or malicious)) that are commonly found in network log data. Preprocessing of data included filling-in missing values, converting categorical variables into numeric format, and eliminating all illogical records. In order to test the ability to evaluate the performance of the developed model, the total dataset was split equally between training (70%) and testing (30%). Four Machine Learning algorithms (Random Forest, Support Vector Machine, K-Nearest Neighbors and Decision Trees) were applied to distinguish between normal and abnormal network behaviors. The results of the experiments indicated that the aforementioned models provide good accuracy and efficiency in dealing with large and diverse datasets. Overall, this research aims to provide a systematic comparison of machine language models within the context of a network dataset for analyzing network logs and identifying anomalies, thereby contributing to the improvement of various cybersecurity systems and supporting proactive defense strategies for networks. The results will offer a real-world example of the performance tradeoffs associated with different models to assist organizations in making informed decisions when selecting an appropriate model for their specific network environment.
Downloads
References
References
W. Abbass, N. Abbas, U. Majeed, W. Nawaz, Q. Abbas, and A. H. Farooqi, “A Cyber Resilient Framework for V2X Enabled Roundabouts in Intelligent Transportation Systems,” IEEE Access, 2025, doi: 10.1109/ACCESS.2025.3604095.
A. Hussain, M. Yasir, N. Iqbal, S. Tripura, and A. Aslam, “Heart Disease Classification Using Machine Learning Techniques: An Impact Analysis of GridSearchCV-based Optimization,” in 2025 5th International Conference on Emerging Smart Technologies and Applications (eSmarTA), IEEE, 2025, pp. 1–8. doi: 10.1109/eSmarTA66764.2025.11132291.
K. R. Ahmed, R. S. Shammah, S. Kowser, O. Faruq, M. A. Sufian, and M. R. Ahmmed, “Strengthening Digital Security in MIS: A Business Analytics Approach to Deepfake Detection,” in 2025 International Conference on Quantum Photonics, Artificial Intelligence, and Networking (QPAIN), IEEE, 2025, pp. 1–6. doi: 10.1109/QPAIN66474.2025.11171733.
N. A. A. Taleb et al., “New Approach for Network Threat Detection and Prevention Using Real-time Data Analysis and Deep Learning,” in 2025 5th International Conference on Emerging Smart Technologies and Applications (eSmarTA), IEEE, 2025, pp. 1–7. doi: 10.1109/eSmarTA66764.2025.11132116.
Y. Zhang, R. C. Muniyandi, and F. Qamar, “A Review of Deep Learning Applications in Intrusion Detection Systems: Overcoming Challenges in Spatiotemporal Feature Extraction and Data Imbalance,” Applied Sciences, vol. 15, no. 3, p. 1552, 2025, doi: 10.3390/app15031552.
E. Edozie, A. N. Shuaibu, B. O. Sadiq, and U. K. John, “Artificial intelligence advances in anomaly detection for telecom networks,” Artif Intell Rev, vol. 58, no. 4, p. 100, 2025, doi: 10.1007/s10462-025-11108-x.
H. A. Salman, A. Kalakech, and A. Steiti, “Random forest algorithm overview,” Babylonian Journal of Machine Learning, vol. 2024, pp. 69–79, 2024.
S. J. Rigatti, “Random forest,” J Insur Med, vol. 47, no. 1, pp. 31–39, 2017.
M. Bansal, A. Goyal, and A. Choudhary, “A comparative analysis of K-nearest neighbor, genetic, support vector machine, decision tree, and long short term memory algorithms in machine learning,” Decision analytics journal, vol. 3, p. 100071, 2022, doi: 10.1016/j.dajour.2022.100071.
E. Fix, Discriminatory analysis: nonparametric discrimination, consistency properties, vol. 1. USAF school of Aviation Medicine, 1985.
O. Kramer, “K-nearest neighbors,” in Dimensionality reduction with unsupervised nearest neighbors, Springer, 2013, pp. 13–23. doi: 10.1007/978-3-642-38652-7_2.
S. B. Imandoust and M. Bolandraftar, “Application of k-nearest neighbor (knn) approach for predicting economic events: Theoretical background,” Int J Eng Res Appl, vol. 3, no. 5, pp. 605–610, 2013.
J. Su and H. Zhang, “A fast decision tree learning algorithm,” in Aaai, 2006, pp. 500–505.
A. Navada, A. N. Ansari, S. Patil, and B. A. Sonkamble, “Overview of use of decision tree algorithms in machine learning,” in 2011 IEEE control and system graduate research colloquium, IEEE, 2011, pp. 37–42. doi: 10.1109/ICSGRC.2011.5991826.
H. Kim and T. Shon, “Industrial network-based behavioral anomaly detection in AI-enabled smart manufacturing,” J Supercomput, vol. 78, no. 11, pp. 13554–13563, 2022, doi: 10.1007/s11227-022-04408-4.
K. N. Qureshi, G. Jeon, and F. Piccialli, “Anomaly detection and trust authority in artificial intelligence and cloud computing,” Computer Networks, vol. 184, p. 107647, 2021, doi: 10.1016/j.comnet.2020.107647.
W. Ullah et al., “Artificial Intelligence of Things-assisted two-stream neural network for anomaly detection in surveillance Big Video Data,” Future Generation Computer Systems, vol. 129, pp. 286–297, 2022, doi: 10.1016/j.future.2021.10.033.
V. P. PM and S. Soumya, “Advancements in anomaly detection techniques in network traffic: The role of artificial intelligence and machine learning,” Journal of Scientific Research and Technology, pp. 38–48, 2024, doi: 10.61808/jsrt114.
H. Cao, “The Detection of Abnormal Behavior by Artificial Intelligence Algorithms under Network Security,” IEEE Access, 2024, doi: 10.1109/ACCESS.2024.3436541.
S. Andropov, A. Guirik, M. Budko, and M. Budko, “Network anomaly detection using artificial neural networks,” in 2017 20th conference of open innovations association (FRUCT), IEEE, 2017, pp. 26–31. doi: 10.23919/FRUCT.2017.8071288.
I. H. Ji, J. H. Lee, M. J. Kang, W. J. Park, S. H. Jeon, and J. T. Seo, “Artificial intelligence-based anomaly detection technology over encrypted traffic: A systematic literature review,” Sensors, vol. 24, no. 3, p. 898, 2024, doi: 10.3390/s24030898.
I. Fosić, D. Žagar, K. Grgić, and V. Križanović, “Anomaly detection in NetFlow network traffic using supervised machine learning algorithms,” J Ind Inf Integr, vol. 33, p. 100466, 2023, doi: 10.1016/j.jii.2023.100466.
W. Zhang and J. P. Lazaro, “A survey on network security traffic analysis and anomaly detection techniques,” International Journal of Emerging Technologies and Advanced Applications, vol. 1, no. 4, pp. 8–16, 2024, doi: 10.62677/IJETAA.2404117.
S. Ness, V. Eswarakrishnan, H. Sridharan, V. Shinde, N. V. P. Janapareddy, and V. Dhanawat, “Anomaly Detection in Network Traffic using Advanced Machine Learning Techniques,” IEEE Access, 2025, doi: 10.1109/ACCESS.2025.3526988.
M. Janati and F. Messaoudi, “Intrusion Detection System-Based Network Behavior Analysis: A Systemic Literature Review,” International Journal of Advanced Computer Science and Applications, vol. 16, no. 3, 2025, doi: 10.14569/IJACSA.2025.0160378.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Hasanain Mohammed Manji al-Rzoky
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
