COMPARATIVE ANALYSIS OF CLASSIC AND MACHINE METHODS FOR ANOMALIES DETECTION IN LIGHTLY LOADED NETWORKS

Abstract

This article presents a comprehensive comparative analysis of classical and machine learning–based methods for anomaly detection in lightly loaded computer networks. Such networks, including small enterprise infrastructures, industrial Internet of Things systems, sensor networks, and remote monitoring environments, are characterized by low traffic intensity, limited statistical data, and constrained computational resources. These features significantly reduce the effectiveness of traditional anomaly detection approaches designed for high-load network environments.

The study examines four widely used methods: Isolation Forest, One-Class Support Vector Machine (One-Class SVM), DBSCAN density-based clustering, and an LSTM-based Autoencoder. The comparison is conducted according to key evaluation criteria, including anomaly detection accuracy, computational complexity, training data requirements, adaptability to low-data scenarios, and interpretability of results. Particular attention is paid to the ability of each method to operate under conditions of sparse observations and high variability of normal network behavior.

The analysis demonstrates that no single method is universally optimal for all lightly loaded network scenarios. Isolation Forest shows the best balance between detection efficiency and computational cost, making it suitable for real-time systems with limited resources. One-Class SVM provides high detection accuracy for complex decision boundaries but requires careful parameter tuning and greater computational effort. DBSCAN offers strong interpretability and effectively detects cluster-based anomalies, although its performance depends heavily on parameter selection. LSTM-Autoencoder achieves superior results in detecting complex temporal anomalies but demands substantial training data and computational resources, which limits its applicability in typical low-load environments.

The results highlight the importance of selecting anomaly detection methods based on specific operational constraints and data characteristics. The paper also emphasizes the potential of hybrid and ensemble approaches to improve robustness and detection reliability in lightly loaded networks. The findings contribute practical guidelines for designing efficient anomaly detection systems in resource-constrained network environments.