Architecture of a Prototype System for Network Traffic Anomaly Detection Based on Machine Learning and Visual Analytics
Аннотация
The paper presents the architecture of a prototype system for detecting network traffic anomalies. The system is based on a three-tier architecture using the Flask web framework to create a RESTful API. Anomaly detection is implemented using the Isolation Forest unsupervised machine learning algorithm (100 estimators, contamination factor 0.05) from the scikit-learn library, which processes data pre-normalized using StandardScaler in one-hour windows. The analysis results, including a multi-level classification of anomaly severity (with norma lized scores in the range of 0–1, where values greater than 0.8 correspond to the critical level) and ensuring compatibility with SIEM systems, are interactively visualized using Chart.js. Key theoretical and practical challenges, such as data quality, feature selection, scalability (algorithmic complexity O(n log n)), parameter optimization, and interpretability of results, are discussed.