Anomaly Detection in Computer Networks Using Isolation Forest in Data Mining
DOI:
https://doi.org/10.15408/jti.v18i1.44285Keywords:
Network Anomaly Detection, Isolation Forest, Machine Learning, Network Traffic, Data Preprocessing, Intrusion Detection System, Feature Engineering.Abstract
The rapid growth of network data has increased the complexity of detecting anomalies, which are crucial for ensuring the security and integrity of information systems. This study investigates the use of the Isolation Forest algorithm for anomaly detection in network traffic, utilizing the Luflow Network Intrusion Detection dataset, which contains 590,086 records with 16 features related to network activities. The methodology encompasses data preprocessing (cleaning, normalization, and feature scaling), feature selection (bytes in, bytes out, entropy, and duration), model training, and performance evaluation. The results demonstrate that Isolation Forest can effectively identify anomalies based on feature patterns, isolating suspicious data points without the need for labeled datasets. However, performance metrics, such as accuracy (42.92%), precision (14.37%), recall (2.87%), and F1-score (4.79%), reveal challenges such as high false-positive rates and low sensitivity to true anomalies. These findings highlight the potential of the algorithm for dynamic, high-dimensional datasets but also indicate the need for further improvements through hyperparameter tuning, feature engineering, and alternative approaches. This study contributes to the development of adaptive anomaly detection frameworks for network security and suggests future integration into real-time systems for proactive threat mitigation. The study's findings are particularly relevant for enhancing network security in environments such as corporate and governmental networks, where real-time anomaly detection is crucial.
References
B. Arifwidodo, Y. Syuhada, and S. Ikhwan, “Analisis Kinerja Mikrotik Terhadap Serangan Brute Force Dan DDoS,” Techno.Com, vol. 20, no. 3, pp. 392–399, 2021, doi: 10.33633/tc.v20i3.4615.
T. Tan and B. Soewito, “Manajemen Risiko Serangan SiberMenggunakan Framework NistCybersecurity Di Universitas Zxc,” J. Inf. Syst. Applied, Manag. Account. Res., vol. 6, no. 2, pp. 411–422, 2022, doi: 10.52362/jisamar.v6i2.781.
S. Wang, J. F. Balarezo, S. Kandeepan, A. Al-Hourani, K. G. Chavez, and B. Rubinstein, “Machine learning in network anomaly detection: A survey,” IEEE Access, vol. 9, pp. 152379–152396, 2021, doi: 10.1109/ACCESS.2021.3126834.
S. Situmorang and Yahfizham, “Analisis Kinerja Algoritma Machine Learning Dalam Deteksi Anomali Jaringan,” J. Mat. dan Ilmu Pengetah. Alam, vol. 1, no. 4, pp. 258–269, 2023, [Online]. Available: https://doi.org/10.59581/konstanta.v1i4.1722
Gregorius Hendita, “Sistem Firewall untuk Pencegahan DDOS ATTACK di Masa Pandemi Covid-19,” J. Informatics Adv. Comput. , vol. 3, no. 1, pp. 52–56, 2022, [Online]. Available: https://journal.univpancasila.ac.id/index.php/jiac/article/view/3853
M. A. -, E. I. Alwi, and I. As’ad, “Analisis Forensik Terhadap Serangan Ddos Ping of Death Pada Server,” Cyber Secur. dan Forensik Digit., vol. 5, no. 1, pp. 23–31, 2022, doi: 10.14421/csecurity.2022.5.1.3423.
Rakhmadi Rahman, Andi Maharani, and Nur Azisah Basir, “Detektor Anomali Jaringan dengan Analisis Perilaku untuk Mengidentifikasi Ancaman Persisten,” SABER J. Tek. Inform. Sains dan Ilmu Komun., vol. 2, no. 4, pp. 01–11, 2024, doi: 10.59841/saber.v1i3.1596.
R. M. Imam, P. Sukarno, and M. A. Nugroho, “Deteksi Anomali Jaringan Menggunakan Hybrid Algorithm,” e-Proceeding Eng., vol. 6, no. 2, pp. 8766–8787, 2019, [Online]. Available: https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/viewFile/9868/9727
J. Lesouple, C. Baudoin, M. Spigai, and J.-Y. Tourneret, “Generalized isolation forest for anomaly detection,” Pattern Recognit. Lett., vol. 149, pp. 109–119, Sep. 2021, doi: 10.1016/J.PATREC.2021.05.022.
M. Carletti, M. Terzi, and G. A. Susto, “Interpretable Anomaly Detection with DIFFI: Depth-based feature importance of Isolation Forest,” Eng. Appl. Artif. Intell., vol. 119, p. 105730, Mar. 2023, doi: 10.1016/J.ENGAPPAI.2022.105730.
