Anomaly Detection in Computer Networks Using Isolation Forest in Data Mining

Hartati Tammamah Lubis, Roslina Roslina, Lili Tanti

Abstract


The rapid growth of network data has increased the complexity of detecting anomalies, which are crucial for ensuring the security and integrity of information systems. This study investigates the use of the Isolation Forest algorithm for anomaly detection in network traffic, utilizing the Luflow Network Intrusion Detection dataset, which contains 590,086 records with 16 features related to network activities. The methodology encompasses data preprocessing (cleaning, normalization, and feature scaling), feature selection (bytes in, bytes out, entropy, and duration), model training, and performance evaluation. The results demonstrate that Isolation Forest can effectively identify anomalies based on feature patterns, isolating suspicious data points without the need for labeled datasets. However, performance metrics, such as accuracy (42.92%), precision (14.37%), recall (2.87%), and F1-score (4.79%), reveal challenges such as high false-positive rates and low sensitivity to true anomalies. These findings highlight the potential of the algorithm for dynamic, high-dimensional datasets but also indicate the need for further improvements through hyperparameter tuning, feature engineering, and alternative approaches. This study contributes to the development of adaptive anomaly detection frameworks for network security and suggests future integration into real-time systems for proactive threat mitigation. The study's findings are particularly relevant for enhancing network security in environments such as corporate and governmental networks, where real-time anomaly detection is crucial.


Keywords


Network Anomaly Detection, Isolation Forest, Machine Learning, Network Traffic, Data Preprocessing, Intrusion Detection System, Feature Engineering.

Full Text:

PDF

References


B. Arifwidodo, Y. Syuhada, and S. Ikhwan, “Analisis Kinerja Mikrotik Terhadap Serangan Brute Force Dan DDoS,” Techno.Com, vol. 20, no. 3, pp. 392–399, 2021, doi: 10.33633/tc.v20i3.4615.

T. Tan and B. Soewito, “Manajemen Risiko Serangan SiberMenggunakan Framework NistCybersecurity Di Universitas Zxc,” J. Inf. Syst. Applied, Manag. Account. Res., vol. 6, no. 2, pp. 411–422, 2022, doi: 10.52362/jisamar.v6i2.781.

S. Wang, J. F. Balarezo, S. Kandeepan, A. Al-Hourani, K. G. Chavez, and B. Rubinstein, “Machine learning in network anomaly detection: A survey,” IEEE Access, vol. 9, pp. 152379–152396, 2021, doi: 10.1109/ACCESS.2021.3126834.

S. Situmorang and Yahfizham, “Analisis Kinerja Algoritma Machine Learning Dalam Deteksi Anomali Jaringan,” J. Mat. dan Ilmu Pengetah. Alam, vol. 1, no. 4, pp. 258–269, 2023, [Online]. Available: https://doi.org/10.59581/konstanta.v1i4.1722

Gregorius Hendita, “Sistem Firewall untuk Pencegahan DDOS ATTACK di Masa Pandemi Covid-19,” J. Informatics Adv. Comput. , vol. 3, no. 1, pp. 52–56, 2022, [Online]. Available: https://journal.univpancasila.ac.id/index.php/jiac/article/view/3853

M. A. -, E. I. Alwi, and I. As’ad, “Analisis Forensik Terhadap Serangan Ddos Ping of Death Pada Server,” Cyber Secur. dan Forensik Digit., vol. 5, no. 1, pp. 23–31, 2022, doi: 10.14421/csecurity.2022.5.1.3423.

Rakhmadi Rahman, Andi Maharani, and Nur Azisah Basir, “Detektor Anomali Jaringan dengan Analisis Perilaku untuk Mengidentifikasi Ancaman Persisten,” SABER J. Tek. Inform. Sains dan Ilmu Komun., vol. 2, no. 4, pp. 01–11, 2024, doi: 10.59841/saber.v1i3.1596.

R. M. Imam, P. Sukarno, and M. A. Nugroho, “Deteksi Anomali Jaringan Menggunakan Hybrid Algorithm,” e-Proceeding Eng., vol. 6, no. 2, pp. 8766–8787, 2019, [Online]. Available: https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/viewFile/9868/9727

J. Lesouple, C. Baudoin, M. Spigai, and J.-Y. Tourneret, “Generalized isolation forest for anomaly detection,” Pattern Recognit. Lett., vol. 149, pp. 109–119, Sep. 2021, doi: 10.1016/J.PATREC.2021.05.022.

M. Carletti, M. Terzi, and G. A. Susto, “Interpretable Anomaly Detection with DIFFI: Depth-based feature importance of Isolation Forest,” Eng. Appl. Artif. Intell., vol. 119, p. 105730, Mar. 2023, doi: 10.1016/J.ENGAPPAI.2022.105730.




DOI: https://doi.org/10.15408/jti.v18i1.44285

Refbacks

  • There are currently no refbacks.


Copyright (c) 2025 Hartati Tammamah Lubis, Roslina, Lili Tanti

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

3rd Floor, Dept. of Informatics, Faculty of Science and Technology, UIN Syarif Hidayatullah Jakarta
Jl. Ir. H. Juanda No.95, Cempaka Putih, Ciputat Timur.
Kota Tangerang Selatan, Banten 15412
Tlp/Fax: +62 21 74019 25/ +62 749 3315
Handphone: +62 8128947537
E-mail: jurnal-ti@apps.uinjkt.ac.id


Creative Commons Licence
Jurnal Teknik Informatika by Prodi Teknik Informatika Universitas Islam Negeri Syarif Hidayatullah Jakarta is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Based on a work at http://journal.uinjkt.ac.id/index.php/ti.

JTI Visitor Counter: View JTI Stats

 Flag Counter