DEVELOPMENT OF A REAL-TIME NETWORK PROTECTION SYSTEM BASED ON MACHINE LEARNING ALGORITHMS
Keywords:
intrusion detection system, machine learning, Random Forest, Isolation Forest, network security, anomaly detection, real-time processing, concept driftAbstract
This article examines the architecture and practical implementation of a real-time intrusion detection system (IDS) that combines supervised and unsupervised machine learning methods for network traffic analysis. The proposed system integrates a Random Forest classifier with an Isolation Forest anomaly detector, operating on a streaming pipeline built with Apache Kafka and scikit-learn. Experiments conducted on the CICIDS2017 and NSL-KDD benchmark datasets demonstrate that the hybrid model achieves a detection accuracy of 97.4% and an average classification latency of 18 ms per packet – figures that satisfy operational requirements for production network environments. The article further analyses common feature engineering choices specific to network flow data, describes model retraining strategies for concept drift adaptation, and discusses deployment considerations for resource-constrained edge environments.
