1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Anomalies Detection and Traffic Monitoring System in Computer Networks

Anomalies Detection and Traffic Monitoring System in Computer Networks

CSN.
2025;
Volume 7, Number 2
: pp. 217 - 234
https://doi.org/10.23939/csn2025.02.217
Authors:
  1. O. V. Khoma
  2. I. Yu. Yurchak
  3. A. O. Khich
1
Lviv Polytechnic National University, Department of ‘Computer Design Systems’, Ukraine
2
Lviv Polytechnic National University, Department of ‘Computer Design Systems’, Ukraine
3
Lviv Polytechnic National University, Department of ‘Computer Design Systems’, Ukraine

The paper addresses the problem of anomaly detection in network traffic and proposes a comprehensive solution to enhance the level of cybersecurity for organizations of various scales. A comparative analysis of existing monitoring and anomaly detection systems has been carried out, including both open-source solutions and commercial products. Based on the conducted research, the technological stack for implementing a network traffic anomaly detection system has been justified, particularly the optimal combination of Python libraries for collecting and processing network traffic, data preparation, applying machine learning algorithms, and visualizing the results.

A fully functional system consisting of five main components has been developed: a network traffic collection module based on PyShark, a packet processing service for flow aggregation, an anomaly detection module using machine learning algorithms, an API module based on FastAPI, and a user web interface developed in React. The system ensures high accuracy in detecting potential threats, optimized use of computational resources, and convenient analysis of the network state.

An experimental study was conducted on the UNSW-NB15 dataset, which contains over 2.5 million records of network connections. A comparative analysis of three machine learning algorithms was performed: Random Forest, Support Vector Machine, and Logistic Regression. Random Forest demonstrated the best results with 94 % accuracy on the test set and an area under the ROC curve of 0.99, significantly outperforming the alternative algorithms.

A key feature of the proposed approach is the integration of machine learning methods with comprehensive analysis of various network traffic parameters, which significantly improves anomaly detection accuracy and minimizes the number of false positives compared to existing solutions.

anomaly detection
cybersecurity
data analysis
machine learning
network traffic
network security
python
random forest
  1. Vibhute A., Khan M., Patil C.H., Gaikwad S.V., et al. Network anomaly detection and  performance evaluation of Convolutional Neural Networks on UNSW-NB15 dataset. Procedia Computer Science, Vol. 235, 2024, pp. 2227–2236. DOI: https://doi.org/10.1016/j.procs.2024.04.211.
  2. Thiyam R., Dey D. An improved deep autoencoder-based network intrusion detection system with enhanced performance. International Journal of Internet Technology and Secured Transactions, v. 13(3), January 2024, pp. 270– 290. DOI:10.1504/IJITST.2024.136658.
  3. Yankun Xue, Chunying Kang, Hongchen Yu HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network. Computers & Security, Volume 151, April 2025, 104328, ISSN 0167-4048. DOI: https://doi.org/10.1016/j.cose.2025.104328.
  4. Zhang C, Zhang M, Yang G, Xue T, Zhang Z, Liu L, Wang L, Hou W, Chen Z. Three-Way Selection Random Forest Optimization Model for Anomaly Traffic Detection. Electronics. 2023; 12(8):1788. DOI: https://doi.org/10.3390/electronics12081788.
  5. Li E., Shang Z., Gungor O., Rosing T. LI, Elvin, et al. SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection. arXiv preprint arXiv:2502.07119, 2025.
  6. Guerra L., Chapuis T., Duc G., Mozharovskyi P., Nguyen V-T. Self-Supervised Learning of Graph Representations for Network Intrusion Detection. arXiv:2509.16625, 2025.
  7. Liu S., Zhao Z., He W., Wang J., Peng J., Ma H. Privacy-Preserving Hybrid Ensemble Model for Network Anomaly Detection. arXiv:2502.09001, 2025.
  8. Singh K., Kashyap A., Cherukuri A.K. Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models. arXiv:2505.16261, 2025.Cloud Computing Statistics / Market.us. URL: https://scoop.market.us/cloud-computing-statistics (Accessed: September 25, 2025).
  9. IDC Research Report / Worldwide IT Industry 2025 Predictions. URL: https://my.idc.com/getdoc.jsp?containerId=US51736824 (Accessed: September 25, 2025).
  10. Cisco Predicts More IP Traffic in the Next Five Years than in the History of the Internet / Cisco Newsroom. URL: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2018/m11/cisco-predicts... years-than-in-the-history-of-the-internet.html (Accessed: September 25, 2025).
  11. IBM Report: Escalating Data Breach Disruption Pushes Costs to New Highs / IBM Newsroom. URL: https://newsroom.ibm.com/2024-07-30-ibm-report-escalating-data-breach-di... (Accessed: September 25, 2025).
  12. The Cost of IT Downtime / The 20 Blog. URL: https://www.the20.com/blog/the-cost-of-it-downtime (Accessed: September 25, 2025).
  13. The UNSW-NB15 Dataset. URL: https://research.unsw.edu.au/projects/unsw-nb15-dataset (Accessed: September 25, 2025).
  14. Random Forest, Explained: A Visual Guide with Code Examples. URL: https://medium.com/data- science/random-forest-explained-a-visual-guide-with-code-examples-9f736a6e1b3c (Accessed: September 25, 2025).
  15. Support Vector Machine (SVM) Algorithm. URL: https://www.geeksforgeeks.org/machine-learning/support- vector-machine-algorithm/.
  16. Logistic Regression in Machine Learning. URL: https://www.geeksforgeeks.org/machine- learning/understanding-logistic-regression/ (Accessed: September 25, 2025).