METHOD FOR DETECTING ANOMALIES IN CORPORATE NETWORKS
DOI:
https://doi.org/10.26906/SUNZ.2025.3.193Keywords:
corporate network, anomaly detection, network traffic, autoencoder, machine learning, cybersecurity, reconstruction error, unsupervised learning, neural network, behavior profiling, information securityAbstract
The relevance of this study lies in the fact that existing anomaly detection methods often demonstrate insufficient accuracy and responsiveness in real-world operational environments. The object of research: the network traffic of a corporate information system, which is analyzed to detect abnormal behavior potentially indicating cyberattacks, security policy violations, or internal threats. Purpose of the article: the development, implementation, and experimental validation of an anomaly detection method for corporate networks based on an autoencoder model, which makes it possible to effectively identify deviations from normal network traffic without the need for pre-labeled data. Research results. In the modeling process, synthetic data simulating both typical and anomalous network activity was generated. Histograms and boxplots indicate that normal samples are characterized by low and stable mean squared error values, while anomalous samples demonstrate significant deviations. The ROC curve with AUC = 1.00 confirms that the model can reliably distinguish between the two categories. The confusion matrix showed a nearly perfect match between predicted and actual labels, indicating high accuracy and sensitivity of the model. The training curve demonstrates stable learning without overfitting, and the selected dynamic threshold minimized the false positive rate. The proposed approach can be integrated into security monitoring systems to detect atypical activities in real time. Conclusions. The conducted experiments demonstrated high classification accuracy, clear separation between normal and anomalous samples based on reconstruction error, and stable model training. The obtained results confirm the feasibility of using deep learning for automated network security monitoring, and the proposed method can be successfully applied in real corporate IT infrastructures to detect security incidents in real time.Downloads
References
1. Blazquez-Gartfa, A., Conde A., Mori U., Lozano J. A review on outlier/anomaly detection in time series data, ACM Comput. Surv. Vol. 54. No. 3. 2021. DOI: http://dx.doi.org/10.1145/3444690. DOI: https://doi.org/10.1145/3444690
2. Vaishali Bhatia; Shabnam Choudhary; K.R Ramkumar. A Comparative Study on Various Intrusion Detection Techniques Using Machine Learning and Neural Network. 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), 2020. https://doi.org/10.1109/ICRITO48877.2020.9198008 DOI: https://doi.org/10.1109/ICRITO48877.2020.9198008
3. Y. Mirsky, T. Doitshman, Y.Elovici, A. Shabtai. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Cornell University. Computer Science,2018. 15 p. https://doi.org/10.48550/arXiv.1802.09089 DOI: https://doi.org/10.14722/ndss.2018.23204
4. D. Abshari, M. Sridhar. A Survey of Anomaly Detection in Cyber-Physical Systems, 2025. https://arxiv.org/html/2502.13256v1
5. M. Ring, S. Wunderlich, D. Scheuring, D. Landes, A. Hotho. A survey of network-based intrusion detection data sets. Elsevier. ScinceDirect. Computers & Security, vol. 86, 2019. P. 147-167. https://doi.org/10.1016/j.cose.2019.06.005 . DOI: https://doi.org/10.1016/j.cose.2019.06.005
6. Flach P. A. Machine Learning: The Art and Science of Algoritms that Makes Sense of Data. Cambridge: Cambridge University Press, 2012. 291 p. https://doi.org/10.1017/CBO9780511973000 . DOI: https://doi.org/10.1017/CBO9780511973000
7. R.Abu-Zaid, A.Hammad. Streamlining Data Processing Efficiency in Large-Scale Applications: Proven Strategies for Optimizing Performance, Scalability, and Resource Utilization in Distributed Architectures. International Journal of Machine Intelligence. International Journal of Machine Intelligence for Smart Applications, 14(8), 2024. P. 31-49. https://dljournals.com/index.php/IJMISA/article/view/27 .
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Yelyzaveta Hloba, Vladyslav Smirnov, Mykola Naraievskyi, Volodymyr Fedorchenko
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
