A Survey on An Anomaly Detection Improvement in Computer Communication Network using ML Techniques

Abstract

In today\'s digital age, guarding network structure from cyber pitfalls is a major concern. Traditional hand-grounded Intrusion Detection Systems (IDS) often struggle to identify new or unknown attacks. This creates a need for smarter and more flexible results. This project introduces an anomaly-grounded Network Intrusion Detection System (NIDS) that uses ML approaches to spot unusual functioning in network traffic. The system analyzes patterns and differences from typical activity to detect implicit intrusions, including Denial-of-Service (DoS) attacks, probe attacks, User to Root (U2R) exploits, and Remote to Local (R2L) breaches in real-time. The system works with preprocessed network datasets like NSL-KDD or CICIDS. It extracts important features and trains supervised machine learning models such as Random Forest, Support Vector Machine, and K-Nearest Neighbors (KNN) for accurate classification.

Introduction

???? I. Introduction: The Need for NIDS

• In today’s digital world, computer networks are foundational to critical sectors (e.g., healthcare, defense, e-commerce).

• Increasing interconnectivity has escalated the risk of cyber threats like unauthorized access, data breaches, and malicious activities.

• Network Intrusion Detection Systems (NIDS) are tools that monitor network traffic in real-time to detect unusual or harmful activities.

• NIDS helps preserve privacy, integrity, availability, and resilience of digital systems.

?? Types of Network Attacks

1. Denial of Service (DoS): Overwhelms systems to block legitimate access.

2. Probe Attacks: Scans to identify vulnerabilities.

3. Remote-to-Local (R2L): Gaining unauthorized user access remotely.

4. User-to-Root (U2R): Escalating privileges from user to admin.

These varied threats require advanced detection systems that can handle a broad attack spectrum.

????? II. Background & Motivation

A. Limitations of Traditional NIDS:

• Signature-based and rule-based systems detect only known attacks.

• Vulnerable to zero-day attacks and evasive malware.

• High rates of false positives and negatives.

• Inflexible against evolving attack patterns.

B. Motivation:

• Need for intelligent, adaptive, and real-time detection systems.

• Machine learning (ML) and AI-based models can:

  • Detect both known and unknown attacks.

  • Adapt to new patterns.

  • Reduce false alarms.

  • Offer scalable, flexible security solutions.

???? III. Literature Survey Highlights

1. Ahmed (2024): Context-aware ML for Wireless Sensor Networks (WSNs); conceptually strong, but lacks large-scale validation.

2. Shafi et al.: Overview of 5G networks; comprehensive but outdated for post-5G/6G challenges.
   3–20. Other studies explored terahertz (THz) communication, IoT frameworks, neural routing, air pollution sensing, and ML for wireless security. Many offered strong concepts but lacked empirical deployment, real-world validation, or scalability insights.

Key Gap: Most focus on theoretical models or simulations with limited real-world applicability in NIDS.

???? IV. Proposed Methodology

A. Data Acquisition & Preprocessing

• Datasets: NSL-KDD, CICIDS 2017/2018

• Steps:

  • Clean and remove irrelevant/missing data

  • Encode categorical features (e.g., protocol type)

  • Normalize numerical features (e.g., duration, byte size)

  • Balance datasets to prevent model bias (e.g., equal attack vs normal samples)

B. Feature Selection

• Select critical attributes (e.g., number of failed logins, source bytes).

• Reduces noise and computational cost, and improves accuracy.

C. Model Selection & Training

• Three ML algorithms used:

  1. Random Forest (RF): Ensemble model for high accuracy and robustness.

  2. Support Vector Machine (SVM): Finds optimal class boundaries.

  3. K-Nearest Neighbors (KNN): Classifies based on similarity to known patterns.

• Data split: 80% training, 20% testing.

D. Model Evaluation Metrics

• Accuracy: Overall correct classifications.

• Precision: Ratio of correct positives.

• Recall: Detection rate of actual attacks.

• F1-Score: Balance between precision and recall.

• Confusion Matrix: Visual of true/false positives and negatives.

E. Real-Time Detection Pipeline

• Best-performing model deployed in a live system.

• Continuously analyzes traffic.

• Detects and flags anomalies in real-time.

• Triggers alerts and logs events for network administrators.

Conclusion

The project designs a machine learning modelwhichflags anomalies and malicious activities in real time. It improves accuracy and reduces false alarms, and it works better than traditional intrusion detection systems. Overall, it boosts cybersecurity through automation, scalability, and smart data analysis.

References

[1] Ahmed, O. (2024). Enhancing Intrusion Detection in Wireless Sensor Networks through Machine Learning Techniques and Context Awareness Integration. International Journal of Mathematics, Statistics, and Computer Science, [2] Shafi, M.; Molisch, A.F.; Smith, P.J.; Haustein, T.; Zhu, P.; De Silva, P.; Tufvesson, F.; Benjebbour, A.; Wunder, G. 5G: A Tutorial Overview of Standards, Trials, Challenges, Deployment, and Practice. IEEE J. Sel. Areas Commun. 2017 [3] Yu, H.; Lee, H.; Jeon, H. What is 5G? Emerging 5G Mobile Services and Network Requirements. Sustainability 2017 [4] Nagatsuma, T. Terahertz communications: Past, present and future. In Proceedings of the 2015 40th International Conference on Infrared, Millimeter, and Terahertz waves (IRMMW-THz), Hong Kong, China, 23–28 August 2015; pp. 1–2. [5] Crowe, T.W.; Deal, W.R.; Schröter, M.; Tzuang, C.K.C.; Wu, K. Terahertz RF Electronics and System Integration. Proc. IEEE 2017, 105, 985–989 [6] Tarish, H.A., \"Enhancing 5G communication in business networks with an innovative secured narrowband IoT framework\", Journal of Intelligent Systems [7] Raheema, A.Q., Tarish, H.A., \"Analyze and Design of Secure User Authentication Protocol for Wireless Sensor Networks\", AIP Conference Proceedings [8] Shafi, M.; Molisch, A.F.; Smith, P.J.; Haustein, T.; Zhu, P.; De Silva, P.; Tufvesson, F.; Benjebbour, A.; Wunder, G. 5G: A Tutorial Overview of Standards, Trials, Challenges, Deployment, and Practice. IEEE J. Sel. Areas Commun. 2017, 35, 1201–1221 [9] Segan, S. What Is 5G? [10] Sengupta, K.; Nagatsuma, T.; Mittleman, D.M. Terahertz integrated electronic and hybrid electronic photonic systems. Nat. Electron. 2018, 1, 622–635 [11] Tarish, H.A., Raheema, A.Q., \"Central Multipath Routing to Minimize Congestion in Tcp/Ip Networks Using Neural Networks\", Lecture Notes in Networks and Systems2021, 243, pp. 499–507 [12] Gordon, I.E.; Rothman, L.S.; Hill, C.; Kochanov, R.V.; Tan, Y.; Bernath, P.F.; Birk, M.; Boudon, V.; Campargue, A.; Chance, K.; et al. The HITRAN2016 molecular spectroscopic database. J. Quant. Spectrosc. Radiat. Transf. 2017, 203, 3–69 [13] Yang, Y.; Mandehgar, M.; Grischkowsky, D.R. Understanding THz Pulse Propagation in the Atmosphere. IEEE Trans. Terahertz Sci. Technol. 2012 [14] Goldsmith, A. Wireless Communications; Cambridge University Press: New York, NY, USA, 2005. [15] Z Ahmad, A Shahid Khan, K Nisar, I Haider, R Hassan, MR Haque, “Anomaly detection using deep neural network for IoT architecture”, Applied Sciences 11(15), 7050, 2021 [16] C. Zhang, P. Patras, and H. Haddadi, “Deep learning in mobile and wireless networking: A survey,” IEEE Communications surveys & tutorials, vol. 21, no. 3, pp. 2224–2287, Mar. 2019. [17] N. Kato, B. Mao, F. Tang, Y. Kawamoto, and J. Liu, “Ten challenges in advancing machine learning technologies toward 6G,” IEEE Wireless Communications, vol. 27, no. 3, pp. 96–103, Apr. 2020. [18] [Barros, M.T.; Mullins, R.; Balasubramaniam, S. Integrated Terahertz Communication with Reflectors for 5G Small-Cell Networks. IEEE Trans. Veh. Technol. 2017, 66, 5647–5657 [19] Hilbert, J.L. Tunable RF Components and Circuits, 1st ed.; Applications in Mobile Handsets, CRC Press: Boca Raton, FL, USA, 2018 [20] Shin, J.Y.; Sirer, E.G.;Weatherspoon, H.; Kirovski, D. On the feasibility of completely wireless datacenters. In Proceedings of the 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Austin, TX, USA, 29–30 October 2019 [21] You, R.; Lu, Z.; Hou, Q.; Jiang, T. Study of Pollution Air Monitoring System Based on Space-borne Terahertz Radiometer. In Proceedings of the 10th UK-Europe Workshop on Millimetre Waves andTerahertz Technologies, Liverpool, UK, 11–13 September 2017 [22] Ericsson AI and Automation, “Employing AI techniques to enhance returns on 5G network investments,” Ericsson, Tech. Rep., May 2019 [23] W. Y. B. Lim, N. C. Luong, D. T. Hoang, Y. Jiao, Y.-C. Liang, Q. Yang, D. Niyato, and C. Miao, “Federated learning in mobile edge networks: A comprehensive survey,” IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 2031–2063, Apr. 2020 [24] Mendis, R.; Nagai, M.; Wang, Y.; Karl, N.; Mittleman, D.M. Terahertz Artificial Dielectric Lens. Sci. Rep. 2016 [25] Federici, J.F.; Su, K.; Moeller, L.; Barat, R.B. Experimental comparison of terahertz and infrared data signal attenuation in dust clouds. JOSA A 2012, 29, 2360–2366.

Copyright

Copyright © 2025 Nagarathna C, Pritiparna Kar, Shivani R, Sneha G C, Vinutaa Reddy. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.