ANALYSIS OF TRAFFIC ANOMALY DETECTION MODELS IN MODERN INFORMATION AND COMMUNICATION SYSTEMS AND NETWORKS

Abstract

The aim of the study is to analyze existing models for detecting anomalies in network traffic to assess their advantages and disadvantages, as well as to develop criteria for determining the feasibility of using these models in information and communication systems (ICS). This allows for a deeper understanding of the capabilities and limitations of different approaches to detecting threats in networks and assessing the effectiveness of the methods used to ensure system security. This paper provides a detailed analysis of current research in this area, which collects various approaches to detecting attacks such as SQL injections, DoS attacks, botnets, man-in-the-middle attacks, and other network traffic anomalies. The work focuses on comparing models such as machine learning, fuzzy logic, hybrid models, the use of neural networks, genetic algorithms, autoencoders, as well as traditional methods, including signature analysis and data classification. One of the main tasks is to develop criteria by which to compare models, including the type of attack, the approach used, the complexity of the configuration, the load on the network, the analysis of incoming and outgoing traffic, and the accuracy of the model. These criteria help determine which model is the best for a particular type of attack, which is most suitable for working in resource-limited environments or for use in scalable systems. The study collected data on the effectiveness of various models based on real-world examples, demonstrating their accuracy, ability to adapt in real time, and efficiency in processing large volumes of network traffic. Hybrid models that combine different methods to increase the efficiency of anomaly detection were also considered. Despite the high accuracy results, there are limitations for some models, such as high setup complexity or computational costs. In particular, the use of methods based on genetic algorithms requires significant computing resources, while simpler models based on machine learning can be quickly set up and work effectively with limited resources. In other words, the accuracy and speed of models are directly related to their ability to integrate into existing ICS, where computing limitations and data processing speed requirements are also important. In addition, the impact of network load on the effectiveness of an anomaly detection system is considered, where it was found that for large volumes of traffic, the choice of low-load methods is critical. Models with a high level of computational costs can adversely affect network performance, which is an important aspect when implementing them in real-world conditions.