Порівняльний аналіз класичних і машинних методів виявлення аномалій у слабонавантажених мережах
Вантажиться...
Дата
2025
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
У даній статті проведено порівняльний аналіз сучасних методів виявлення аномалій у слабонавантажених
комп'ютерних мережах. До аналізованих методів віднесено: алгоритм Isolation Forest, метод One-Class SVM, щільнісну
кластеризацію DBSCAN та нейромережевий підхід на основі LSTM-Autoencoder. Порівняння методів проведено за групами
характеристик: точність виявлення аномалій, обчислювальна складність, вимоги до навчальних даних та адаптивність до
специфіки слабонавантажених мереж.
У результаті проведеного аналізу виявлено, що вибір оптимального методу залежить від конкретних умов
застосування. Для систем реального часу з обмеженими ресурсами найбільш придатним є Isolation Forest, тоді як для складних
багатовимірних аномалій перевагу має LSTM-Autoencoder
This article presents a comprehensive comparative analysis of classical and machine learning–based methods for anomaly detection in lightly loaded computer networks. Such networks, including small enterprise infrastructures, industrial Internet of Things systems, sensor networks, and remote monitoring environments, are characterized by low traffic intensity, limited statistical data, and constrained computational resources. These features significantly reduce the effectiveness of traditional anomaly detection approaches designed for high-load network environments. The study examines four widely used methods: Isolation Forest, One-Class Support Vector Machine (One-Class SVM), DBSCAN density-based clustering, and an LSTM-based Autoencoder. The comparison is conducted according to key evaluation criteria, including anomaly detection accuracy, computational complexity, training data requirements, adaptability to low-data scenarios, and interpretability of results. Particular attention is paid to the ability of each method to operate under conditions of sparse observations and high variability of normal network behavior. The analysis demonstrates that no single method is universally optimal for all lightly loaded network scenarios. Isolation Forest shows the best balance between detection efficiency and computational cost, making it suitable for real-time systems with limited resources. One-Class SVM provides high detection accuracy for complex decision boundaries but requires careful parameter tuning and greater computational effort. DBSCAN offers strong interpretability and effectively detects cluster-based anomalies, although its performance depends heavily on parameter selection. LSTM-Autoencoder achieves superior results in detecting complex temporal anomalies but demands substantial training data and computational resources, which limits its applicability in typical lowload environments. The results highlight the importance of selecting anomaly detection methods based on specific operational constraints and data characteristics. The paper also emphasizes the potential of hybrid and ensemble approaches to improve robustness and detection reliability in lightly loaded networks. The findings contribute practical guidelines for designing efficient anomaly detection systems in resource-constrained network environments
This article presents a comprehensive comparative analysis of classical and machine learning–based methods for anomaly detection in lightly loaded computer networks. Such networks, including small enterprise infrastructures, industrial Internet of Things systems, sensor networks, and remote monitoring environments, are characterized by low traffic intensity, limited statistical data, and constrained computational resources. These features significantly reduce the effectiveness of traditional anomaly detection approaches designed for high-load network environments. The study examines four widely used methods: Isolation Forest, One-Class Support Vector Machine (One-Class SVM), DBSCAN density-based clustering, and an LSTM-based Autoencoder. The comparison is conducted according to key evaluation criteria, including anomaly detection accuracy, computational complexity, training data requirements, adaptability to low-data scenarios, and interpretability of results. Particular attention is paid to the ability of each method to operate under conditions of sparse observations and high variability of normal network behavior. The analysis demonstrates that no single method is universally optimal for all lightly loaded network scenarios. Isolation Forest shows the best balance between detection efficiency and computational cost, making it suitable for real-time systems with limited resources. One-Class SVM provides high detection accuracy for complex decision boundaries but requires careful parameter tuning and greater computational effort. DBSCAN offers strong interpretability and effectively detects cluster-based anomalies, although its performance depends heavily on parameter selection. LSTM-Autoencoder achieves superior results in detecting complex temporal anomalies but demands substantial training data and computational resources, which limits its applicability in typical lowload environments. The results highlight the importance of selecting anomaly detection methods based on specific operational constraints and data characteristics. The paper also emphasizes the potential of hybrid and ensemble approaches to improve robustness and detection reliability in lightly loaded networks. The findings contribute practical guidelines for designing efficient anomaly detection systems in resource-constrained network environments
Опис
Ключові слова
виявлення аномалій, слабонавантажені мережі, машинне навчання, кібербезпека, аналіз мережного трафіку, anomaly detection, lightly loaded networks, machine learning, cybersecurity, network traffic analysis
Бібліографічний опис
Пирч О. Порівняльний аналіз класичних і машинних методів виявлення аномалій у слабонавантажених мережах / О. Пирч, С. Мостовий // Вимірювальна та обчислювальна техніка в технологічних процесах. – 2025. – № 4. – С. 284-292.