ANALYSIS OF THE EFFECTIVENESS OF BORDER TRAFFIC ANOMALY DETECTION BASED ON MACHINE LEARNING MODELS
DOI:
https://doi.org/10.28925/2663-4023.2025.29.898Keywords:
anomaly detection, neural networks, network traffic, machine learning, digital twin, DoS attacks, model, Node-REDAbstract
Abstract. The article presents an approach to constructing a real-time anomaly detection model for DoS (Denial of Service) network traffic and its integration into a monitoring system. This opens new opportunities for visualization, investigation, and development of intrusion detection systems (IDS) and their digital twins, providing a flexible platform for modeling cyber-physical threats and responding to them. The study synthesizes a range of models with various neural network architectures, including CNN (Convolutional Neural Networks), LSTM (Long Short-Term Memory), and Autoencoder variants, performs a comparative analysis, and selects an effective model for predicting anomalies in network traffic using diverse metrics. The chosen model exchanges data with the Node-RED environment, which implements the traffic monitoring system and provides graphical representation of intrusion detection results, automated responses, and additional network traffic simulation. The model functions as a digital twin of the anomaly detection system. This approach enables the development of a prototype system that can be rapidly deployed without the need for complex computational resources or cluster systems. A key feature of the applied approach is the combination of modern neural network models with automated response logic, which allows its behavior to approximate that of an autonomous protection system capable of responding promptly to cyber-physical threats in real time. This significantly expands the capabilities of digital twins in education, testing, and development of modern cybersecurity systems, while also enhancing the effectiveness of research and practical implementations in the field of information security. The presented solution opens prospects for further integration of complex deep learning models, hybrid architectures, and automated network traffic monitoring systems.
Downloads
References
Skladannyi, P., Kostiuk, Y., Rzaeva, S., Samoilenko, Y., & Savchenko, T. (2025). Development of modular neural networks for detecting different classes of network attacks. Cybersecurity: Education, Science, Technique, 3(27), 534–548. https://doi.org/10.28925/2663-4023.2025.27.772
Bondarchuk, A. P., & Zhebka, V. V. (2023). Protection of a heterogeneous telecommunication network from the influence of destabilizing factors. Telecommunication and Information Technologies, 78(1). https://doi.org/10.31673/2412-4338.2023.010416
Haidur, H. I., Gakhov, S. O., & Bryhynets, A. A. (2023). Detection of network anomalies with neural networks algorithms. Telecommunication and Information Technologies, 78(1). https://doi.org/10.31673/2412-4338.2023.016173
Savchenko, T., Lutska, N., Vlasenko, L., Sashnova, M., Zahorulko, A., Minenko, S., Ibaiev, E., & Tytarenko, N. (2025). Risk analysis and cybersecurity enhancement of Digital Twins in dairy production. Technology audit and production reserves, 2(2(82)), 37–49. https://doi.org/10.15587/2706-5448.2025.325422
da Silva Ruffo, V. G., Brandão Lent, D. M., Komarchesqui, M., Schiavon, V. F., de Assis, M. V. O., Carvalho, L. F., & Proença, M. L. (2024). Anomaly and intrusion detection using deep learning for software-defined networks: A survey. Expert Systems With Applications, 256, 124982. https://doi.org/10.1016/j.eswa.2024.124982
Yin, F., He, B. (2021). Cascaded fault detection system of error back-propagation network based on node association degree. Computer Communications, 175, 142–149. https://doi.org/10.1016/j.comcom.2021.04.011
Ullah, W., Hussain, T., Khan, Z. A., Haroon, U., & Baik, S. W. (2022). Intelligent dual stream CNN and echo state network for anomaly detection. Knowledge-Based Systems, 109456. https://doi.org/10.1016/j.knosys.2022.109456
Dong, S., Su, H., & Liu, Y. (2022). A-CAVE: Network abnormal traffic detection algorithm based on variational autoencoder. ICT Express. https://doi.org/10.1016/j.icte.2022.11.006
Aktar, S., & Yasin Nur, A. (2023). Towards DDoS Attack Detection using Deep Learning Approach. Computers & Security, 103251. https://doi.org/10.1016/j.cose.2023.103251
Bamber, S. S., Katkuri, A. V. R., Sharma, S., & Angurala, M. (2024). A Hybrid CNN-LSTM Approach for Intelligent Cyber Intrusion Detection System. Computers & Security, 104146. https://doi.org/10.1016/j.cose.2024.104146
Qi, G., Mao, J., Huang, K., You, Z., & Lin, J. (2024). Multi-Head attention enhanced parallel dilated convolution and residual learning for network traffic anomaly detection. Computers, Materials & Continua, 1–10. https://doi.org/10.32604/cmc.2024.058396
Calvo-Bascones, P., Voisin, A., Do, P., & Sanz-Bobi, M. A. (2023). A collaborative network of digital twins for anomaly detection applications of complex systems. snitch digital twin concept. Computers in Industry, 144, 103767. https://doi.org/10.1016/j.compind.2022.103767
Liu, Z., Lang, Z.-Q., Gui, Y., Zhu, Y.-P., & Laalej, H. (2024). Digital twin-based anomaly detection for real-time tool condition monitoring in machining. Journal of Manufacturing Systems, 75, 163–173. https://doi.org/10.1016/j.jmsy.2024.06.004
Latsou, C., Farsi, M., & Erkoyuncu, J. A. (2023). Digital twin-enabled automated anomaly detection and bottleneck identification in complex manufacturing systems using a multi-agent approach. Journal of Manufacturing Systems, 67, 242–264. https://doi.org/10.1016/j.jmsy.2023.02.008
Lindemann, B., Maschler, B., Sahlab, N., & Weyrich, M. (2021). A survey on anomaly detection for technical systems using LSTM networks. Computers in Industry, 131, 103498. https://doi.org/10.1016/j.compind.2021.103498
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Тетяна Савченко, Наталія Луцька, Лідія Власенко, Наталя Томенко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
