Anomaly detection research using Isolation Forest in Machine Learning-Reference-Cited by-同舟云学术

Anomaly detection research using Isolation Forest in Machine Learning

Published:2024-04-16 Issue:1 Volume:51 Page:106-112
ISSN:2542-095X
Container-title:Herald of Dagestan State Technical University. Technical Sciences
language:
Short-container-title:Vestn. Dagest. gos. teh. univ., Teh. nauki

Author:

Kechedzhiev A. S.¹,Tsvetkova O. L.¹

Affiliation:

1. Don State Technical University

Abstract

Objective. The study is devoted to assessing the applicability of the Isolation Forest method in the task of detecting anomalies in network traffic data characterized by insufficient markup. The main purpose of the work is to evaluate the effectiveness of Isolation Forest with limited data markup and its potential in critical areas such as cybersecurity and financial analytics.Method. The study includes data preprocessing, training the model on the training set, and evaluating the model's performance on the test set using accuracy metrics, error matrix, and classification report. To implement this research, the Python programming language and the scikit-learn library were chosen to implement the Isolation Forest, as well as Pandas for working with data.Result. Evaluating the applicability of the Isolation Forest method on unstructured data revealed its potential for identifying anomalous patterns without the need for extensive labeling. This confirms the effectiveness of Isolation Forest in environments where access to labeled data is limited or absent.Conclusion. The results demonstrate high anomaly detection recall despite relatively low overall accuracy, indicating the importance of contextual interpretation of metrics in the task of detecting rare events in data.

Publisher

FSB Educational Establishment of Higher Education Daghestan State Technical University

Reference10 articles.

1. Popova, I.A. Detection of anomalies in a data set using unsupervised machine learning algorithms Isolation Forest and Local Outlier Factor/ I.A. Popova StudNet. 2020; 3(12):1460-1470. – EDN XILRBX. (In Russ)

2. Gaiduk, K.A. On the issue of implementing algorithms for identifying internal threats using machine learning / K.A. Gaiduk, A.Yu. Iskhakov. Bulletin of SibGUTI. 2022;16(4):P. 80-95. – DOI 10.55648/1998-6920-2022- 16-4-80-95. – EDN SGBSIH. (In Russ)

3. Savitsky, D.E. Detecting anomalies when processing streaming data in real time / D.E. Savitsky, M.E. Dunaev, K.S. Zaitsev. International Journal of Open Information Technologies. 2022;10(6):70-76. – EDN IGAWAO. (In Russ)

4. Terskikh, M. G. Detection of anomalous user behavior in Windows security event logs using machine learning algorithms / M. G. Terskikh, E. M. Tishina. Theory and practice of modern science. 2018; 5(35): 821-839. – EDN UYMTHC. (In Russ)

5. Dynamic user authentication based on analysis of work with a computer mouse / A. V. Berezniker, M. A. Kazachuk, I. V. Mashechkin [etc.]. Bulletin of Moscow University. Episode 15: Computational mathematics and cybernetics. 2021; 4: 3-16. – EDN XIQNIZ. (In Russ)