<![CDATA[The rapid growth of network data has increased the complexity of detecting anomalies, which are crucial for ensuring the security and integrity of information systems. This study investigates the use of the Isolation Forest algorithm for anomaly detection in network traffic, utilizing the Luflow Network Intrusion Detection dataset, which contains 590,086 records with 16 features related to network activities. The methodology encompasses data preprocessing (cleaning, normalization, and feature scaling), feature selection (bytes in, bytes out, entropy, and duration), model training, and performance evaluation. The results demonstrate that Isolation Forest can effectively identify anomalies based on feature patterns, isolating suspicious data points without the need for labeled datasets. However, performance metrics, such as accuracy (42.92%), precision (14.37%), recall (2.87%), and F1-score (4.79%), reveal challenges such as high false-positive rates and low sensitivity to true anomalies. These findings highlight the potential of the algorithm for dynamic, high-dimensional datasets but also indicate the need for further improvements through hyperparameter tuning, feature engineering, and alternative approaches. This study contributes to the development of adaptive anomaly detection frameworks for network security and suggests future integration into real-time systems for proactive threat mitigation. The study's findings are particularly relevant for enhancing network security in environments such as corporate and governmental networks, where real-time anomaly detection is crucial.]]>
Copyrights © 2025
