HYBRID DETECTION FRAMEWORK FOR REAL-TIME NETWORK ANOMALIES USING THRESHOLD-BASED TRIGGERS AND TEMPORAL SLIDING WINDOW PROFILING

ABSTRACT

The real-time identification of anomalous traffic in modern networks is still a big challenge for cyber security. We propose a hybrid anomaly detection model, which combines the threshold-based triggers with the sliding window temporal profiles, to improve the early detection of DoS attacks and network anomalies. Abnormal behaviors such as traffic volume surges, port scanning, and packet abnormalities are detected and alerted. The proposal's performance is experimentally evaluated, and it is observed that the port scan anomaly accounts for 55.6% of detection traffic volume anomaly for 33.3%, and packet size anomaly is 11 1%. Medium-severity alerts receive more focus in the framework and are sensitive to operational threats. The following steps incorporate federated learning and XAI for more accurate detection and transparent cause.

Keywords: Network Anomaly Detection, Real-Time Monitoring, Threshold-Based Detection, Sliding Window Analysis, Denial-of-Service (DoS), Traffic Analysis, Hybrid Detection Framework, Cybersecurity, Temporal Profiling, Intrusion Detection System (IDS)