Real Time Anomaly Detection in Network Traffic: A Comparative Analysis of Machine Learning Algorithms

Abstract

In the constantly changing field of cybersecurity, real-time intrusion detection using machine learning algorithms has become crucial for protecting network infrastructures. This paper presents a comprehensive literature survey focusing on the comparative study of diverse machine learning algorithms employed for anomaly detection in network traffic. The objective is to critically evaluate the effectiveness of various algorithms in identifying and mitigating threats in real-time scenarios. The study delves into the nuances of prominent machine learning models, including Decision Trees, Random Forests, Support Vector Machines, Neural Networks, and ensemble methods, as they apply to the domain of anomaly detection. Each algorithm is scrutinized based on its ability to adapt to dynamic network behaviors, handle imbalanced datasets, and provide accurate real-time threat assessments. Throughout the survey, key research contributions are analyzed, encompassing methodologies, datasets, and performance metrics. Comparative insights are provided to emphasize the strengths and weaknesses of each algorithm, elucidating their appropriateness for real-time intrusion detection in network traffic. Notably, the examination extends beyond traditional approaches, exploring recent advancements such as deep learning and ensemble techniques. The findings from this comparative study aim to provide practitioners and researchers with valuable insights into selecting the most suitable machine learning algorithm for real-time anomaly detection in the context of network security. By understanding the comparative performance of these algorithms, organizations can make informed decisions to enhance their cybersecurity posture and fortify their defenses against emerging threats.