STATISTICAL AND MACHINE LEARNING APPROACHES FOR DETECTING ANOMALIES IN LARGE-VOLUME NETWORK TRAFFIC

194
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
STATISTICAL AND MACHINE LEARNING APPROACHES FOR DETECTING ANOMALIES
IN LARGE-VOLUME NETWORK TRAFFIC
Rakhmono Ozodbek Sha ka jon ugli,
Assis an P o esso , Depa men o So wa e Enginee ing and
Cybe secu i y, Fe gana S a e Technical Uni e si y,
e-mail: ahm[email p o ec ed]
Abs ac : De ec ing anomalies in la ge-scale ne wo k a ic is one o he p essing issues in mode n
in o ma ion secu i y. The olume o a ic gene a ed as a esul o he expansion o In e ne se ices,
cloud compu ing, he de elopmen o IoT and 5G ne wo ks is inc easing d ama ically, and his
p ocess educes he e ec i eness o adi ional secu i y mechanisms. This a icle s udies and
compa es s a is ical me hods and machine lea ning (ML) app oaches o de ec anomalous beha io
in he ne wo k. The ad an ages o s a is ical app oaches, including Z-sco e, Chebyshe inequali y,
analysis o a iance and ime se ies models, a e explained by hei as pe o mance and e iciency
in eal- ime moni o ing, bu hei accu acy is limi ed in la ge-scale da a. Machine lea ning me hods
(Random Fo es , SVM, Neu al ne wo ks, K-means, DBSCAN, Au oencode ) p o ide high accu acy
and lexibili y, bu hey a e compu a ionally in ensi e. The esul s o he s udy show ha a hyb id
app oach - in eg a ing s a is ical and ML me hods - can signi ican ly inc ease e iciency.
Keywo ds: Ne wo k a ic analysis, anomaly de ec ion, big da a, s a is ical app oaches, supe ised
lea ning, unsupe ised lea ning, au oencode , hyb id model, IoT secu i y, cloud compu ing, 5G
ne wo ks, eal- ime moni o ing, pos -quan um c yp og aphy.
In oduc ion
The p oblem o de ec ing anomalous ac i i y in
la ge olumes o ne wo k a ic is one o he mos
p essing issues in mode n cybe secu i y sys ems. In he
p ocess o digi al ans o ma ion, due o he sha p
inc ease in he numbe o de ices connec ed o he
In e ne , he expansion o cloud se ices, and he
de elopmen o 5G and, in he u u e, 6G ne wo ks, he
olume o gene a ed a ic is inc easing exponen ially.
This g ow h complica es no only he e icien
ansmission and p ocessing o in o ma ion bu also he
assu ance o i s secu i y. T adi ional secu i y ools—
signa u e-based an i i uses, s a ic ule i ewalls, o
IDS/IPS sys ems—a e powe less o de ec many new
and p e iously unseen ypes o a acks [1]. This is
because a acke s inc easingly employ complex, mul i-
s age, and s eal hy echniques ha equi e ea ly
de ec ion o anomalous beha io be o e he ac ual
comp omise occu s.
№
P oblem
ype
Desc ip ion
Example
1
Volume
Millions o packe s a e
ansmi ed pe second,
equi ing signi ican
Backbone
ne wo ks
compu ing esou ces
o eal- ime p ocessing
2
Veloci y
De ec ion mus occu a
e y high speeds o
educe isk
5G packe
s eams
3
Va ie y
Di e en p o ocols,
se ices, and
applica ions make
classi ica ion di icul
HTTP,
MQTT,
VoIP
4
Ve aci y
Noisy and impe ec
da a dis o models
Missing
o
co up ed
low logs
Table 1. Key challenges in anomaly de ec ion
in a Big Da a en i onmen
The anomaly de ec ion p ocess in a Big Da a
en i onmen p esen s i s own unique challenges:
− Volume: Mode n ne wo ks ansmi millions o
packe s pe second, and p ocessing hem in eal
ime demands subs an ial compu a ional
esou ces.
− Speed: To ensu e ea ly anomaly de ec ion,
algo i hms mus ope a e a ex emely high
195
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
speeds; delayed p ocessing inc eases he isk
a he han mi iga ing i .
− Di e si y: Ne wo k a ic is composed o a
wide ange o p o ocols, se ices, and
applica ions, making i di icul o clea ly
dis inguish be ween no mal and malicious
ac i i y. Fo ins ance, he ini ial phase o a
DDoS a ack can o en esemble egula use
ac i i y [2][3].
Addi ionally, in la ge-scale da a en i onmen s,
a ic in o ma ion is o en noisy and incomple e,
which can dis o s a is ical models and lead o
inc eased alse-posi i e a es. Al hough machine
lea ning (ML) me hods hold signi ican p omise o
add essing hese issues, hey equi e la ge, well-labeled
da ase s o aining. In eal ne wo ks, howe e , such
labeled da a is o en sca ce, making he e ec i e
aining o models challenging. Fu he mo e, he
con inuous a iabili y and high eloci y o Big Da a
s eams necessi a e equen model upda es and
e aining [4].
The e o e, esea ch on de ec ing anomalous
ac i i y in la ge-scale ne wo k a ic is no only o
heo e ical bu also o signi ican p ac ical impo ance.
By in eg a ing s a is ical me hods wi h machine
lea ning app oaches, i becomes possible o balance
accu acy and speed, enhance eal- ime moni o ing, and
p e en eme ging cybe h ea s. In his con ex , his
esea ch p o ides an impo an scien i ic and applied
ounda ion a he in e sec ion o cybe secu i y, Big
Da a analy ics, and a i icial in elligence [5].
S a is ical and machine lea ning app oaches
play a cen al ole in he p ocess o de ec ing anomalies
in la ge-scale ne wo k a ic. S a is ical me hods a e
p ima ily based on analyzing he no mal dis ibu ion o
ne wo k lows. Pa ame e s such as packe size, a ic
a e, and connec ion equency be ween IP add esses
ypically ollow ce ain beha io al pa e ns. De ia ions
om hese expec ed dis ibu ions a e ea ed as
po en ial anomalies o a acks. The main ad an age o
such me hods is hei compu a ional simplici y and
eal- ime applicabili y. Howe e , in en i onmen s wi h
high a ic di e si y, hei accu acy diminishes,
making i di icul o de ec sub le, mul i-s age, o
s eal hy a acks.
C i e ia
S a is ical
Me hods
Machine
Lea ning
Me hods
Speed
High
Medium
Accu acy
Mode a e
High
Adap abili y
Low
High
Resou ce Usage
Low
High
De ec s Unknown
A acks
No
Yes
Table 2. Compa ison o S a is ical and Machine
Lea ning app oaches
As he olume and di e si y o ne wo k da a
con inue o inc ease, adi ional ule-based sys ems a e
no longe su icien o de ec ing ad anced o unknown
h ea s. Hence, he in eg a ion o da a-d i en analy ical
echniques has become essen ial o de eloping
adap i e and in elligen ne wo k p o ec ion
mechanisms.
Machine lea ning me hods enable mo e
ad anced pa e n ecogni ion and adap abili y.
Supe ised lea ning algo i hms, such as logis ic
eg ession, andom o es , and SVM classi ie s, a e
capable o dis inguishing be ween no mal and
malicious a ic a e aining on labeled da ase s.
Howe e , he equi emen o balanced and labeled
da a o en limi s hei p ac ical applicabili y. In
con as , unsupe ised lea ning echniques—such as
K-Means clus e ing, DBSCAN, o Isola ion Fo es —
de ec anomalies by iden i ying de ia ions and ou lie s
wi hin unlabeled da a, allowing hem o de ec new and
p e iously unseen a ack ypes. Semi-supe ised
lea ning combines hese pa adigms by modeling
no mal beha io om la ge unlabeled da ase s and
lagging de ia ions as po en ial anomalies, which is
pa icula ly use ul when labeled a ack da a is limi ed.
In ecen yea s, deep lea ning (DL) has eme ged
as one o he mos p omising di ec ions in anomaly
de ec ion esea ch. Models such as Con olu ional
Neu al Ne wo ks (CNNs) and Recu en Neu al
Ne wo ks (RNNs, LSTMs) can cap u e complex
empo al and spa ial dependencies in ne wo k a ic
196
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
da a. Mo eo e , au oencode s ha e demons a ed high
accu acy in isola ing hidden anomalies by
econs uc ing comp essed a ic ep esen a ions and
analyzing econs uc ion e o s [6].
The in eg a ion o s a is ical and machine
lea ning me hods o e s he mos e ec i e solu ion o
eal-wo ld scena ios. S a is ical models ensu e speed
and e iciency, while ML-based sys ems p o ide dep h,
adap abili y, and accu acy in de ec ing sophis ica ed
h ea s. As a esul , mode n amewo ks inc easingly
ely on hyb id a chi ec u es, whe e s a is ical il e ing
pe o ms p elimina y analysis, and machine lea ning
algo i hms conduc in-dep h examina ion o suspicious
a ic. Expe imen al s udies ha e shown ha such
hyb id sys ems achie e de ec ion accu acy up o
98.4%, while educing alse posi i es o as low as
3.6%, making hem p ac ical o la ge-scale, eal- ime
ne wo k en i onmen s [7][8].
Gi en he apid g ow h o IoT ecosys ems,
cloud in as uc u es, and 5G ne wo ks, he
implemen a ion o in elligen , da a-d i en anomaly
de ec ion sys ems has become essen ial. The main
objec i e o his s udy is o compa e s a is ical and
machine lea ning app oaches in e ms o key
pe o mance pa ame e s such as accu acy, alse
posi i e a e, de ec ion speed, and compu a ional
cos — o de e mine he op imal me hod o speci ic
ne wo k condi ions. Ano he impo an aspec o he
esea ch is conduc ing expe imen al alida ion using
eal ne wo k da ase s o e alua e how heo e ically
e icien models pe o m in p ac ice.
Ul ima ely, his esea ch aims o p opose
scien i ically g ounded ecommenda ions o
o ganiza ions and cybe secu i y p o essionals, o e ing
op imal hyb id me hods o anomaly de ec ion and
con ibu ing o he de elopmen o ad anced, adap i e,
and eal- ime secu i y moni o ing sys ems capable o
de ending agains nex -gene a ion cybe h ea s
[9][10].
Me hods
Va ious ypes o ne wo k a ic logs we e used
as he main da a sou ce o his s udy. Ne wo k lows
gene a ed in eal en i onmen s we e collec ed using
Ne Flow eco ds, while IDS/IPS logs p o ided
addi ional in o ma ion abou de ec ed anomalies and
a acks. These da a we e essen ial o aining and
es ing bo h s a is ical and machine lea ning models.
To ensu e objec i i y and compa abili y,
in e na ionally ecognized open da ase s such as
DARPA (MIT Lincoln Labo a o y) and CICIDS2017
we e employed. The DARPA da ase se es as a
classical benchma k o in usion de ec ion, while
CICIDS2017 ep esen s mode n a ic pa e ns,
including DoS/DDoS, bo ne , b u e- o ce, and
in il a ion a acks. Depending on he esea ch
equi emen s, o he open da ase s such as UNSW-
NB15 o NSL-KDD may also be used [12].
S a is ical me hods a e among he ea lies and
mos widely used ools o ne wo k anomaly de ec ion
due o hei simplici y and low compu a ional
equi emen s. The Z-sco e me hod de ec s anomalies
by no malizing obse ed alues; hose exceeding he
h eshold (|Z| > 3) a e lagged as abno mal.
Chebyshe ’s inequali y es ima es how da a alues
de ia e om he mean, allowing anomaly de ec ion
ega dless o dis ibu ion ype.
Va iance analysis helps iden i y sudden
changes in ne wo k ac i i y — o example, a spike in
packe coun may indica e a DDoS a ack. Time-se ies
me hods such as ARIMA and EWMA analyze ends
in ne wo k a ic; ARIMA p edic s no mal beha io
based on his o ical da a, while EWMA gi es highe
weigh o ecen alues o eal- ime anomaly
de ec ion.
Al hough compu a ionally ligh weigh , hese
s a is ical me hods a e limi ed in de ec ing complex o
e ol ing a ack pa e ns. The e o e, hey a e o en
combined wi h machine lea ning o enhance
adap abili y and p ecision.
- Machine lea ning models p o ide a da a-
d i en solu ion o mo e accu a e and
adap i e de ec ion;
- Supe ised me hods such as Random Fo es ,
SVM, and A i icial Neu al Ne wo ks
classi y a ic in o no mal and a ack
ca ego ies wi h high accu acy [14][15];
- Unsupe ised me hods, including K-means,
DBSCAN, and Au oencode s, a e used when
197
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
labeled da a a e una ailable. They clus e o
econs uc a ic lows and ma k ou lie s as
anomalies.
While ML me hods e ec i ely de ec e en
unknown a acks, hey equi e la ge da ase s and
subs an ial compu a ional esou ces. Hence, a hyb id
app oach combining s a is ical p ep ocessing wi h ML-
based classi ica ion o e s he bes ade-o be ween
speed and accu acy.
The e ec i eness o de ec ion models was
assessed using s anda d me ics such as Accu acy,
P ecision, Recall, F1-sco e, and AUC.
The o mula o accu acy is shown below:
The accu acy me ic e lec s he o e all
co ec ness o he model’s p edic ions. The o mula o
calcula ing accu acy is gi en below:
Accu acy = 𝑇𝑃+𝑇𝑁
𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁
TP - T ue Posi i e, TN - T ue Nega i e, FP -
False Posi i e, FN - False Nega i e.
The F1-sco e measu es he balance be ween
p ecision and ecall, p o iding a single indica o o
model e ec i eness. The o mula o he F1-sco e is as
ollows:
𝐹1 = 2 × 𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 × 𝑅𝑒𝑐𝑎𝑙𝑙
𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 + 𝑅𝑒𝑐𝑎𝑙𝑙
P ecision – indica es how many o he de ec ed
cases we e co ec , Recall – indica es wha pe cen age
o ac ual a acks we e co ec ly de ec ed.
Toge he , hese me ics p o ide a ai basis o
compa ing di e en de ec ion me hods.
To enable eal- ime de ec ion, he esea ch
employs big da a echnologies. Apache Spa k suppo s
pa allel compu a ion and ML lib a ies, Hadoop ensu es
la ge-scale dis ibu ed da a s o age, and Apache Ka ka
S eaming p o ides as , eal- ime a ic analysis
in eg a ed wi h IDS/IPS sys ems.
This in as uc u e allows applying he
de eloped models o la ge-scale, eal-wo ld ne wo k
en i onmen s e icien ly.
In summa y, s a is ical me hods p o ide as
and esou ce-e icien anomaly de ec ion, while
machine lea ning echniques ensu e deepe and mo e
accu a e pa e n analysis. Thei hyb id in eg a ion,
suppo ed by big da a ools, o ms a scalable and
eliable amewo k o de ec ing anomalies in mode n
ne wo k a ic.
Resul s
The esul s o he conduc ed expe imen s
demons a e he compa a i e e ec i eness o s a is ical
and machine lea ning (ML) app oaches o anomaly
de ec ion in la ge-scale ne wo k a ic. A se o
expe imen s was pe o med using he CICIDS2017 and
UNSW-NB15 da ase s, which con ain bo h no mal and
a ack a ic. The aining and es ing da a we e spli in
an 80:20 a io, and he models we e e alua ed using
common pe o mance me ics such as Accu acy,
P ecision, Recall, F1-sco e, and AUC (A ea Unde he
ROC Cu e).
To e alua e he pe o mance o he p oposed
anomaly de ec ion model, se e al s anda d me ics a e
used. These include accu acy, F1-sco e, and he
econs uc ion e o . The co esponding o mulas a e
p esen ed below.
In he i s phase o he expe imen , he
s a is ical me hods (Z-sco e, Chebyshe ’s inequali y,
and ARIMA) we e e alua ed. The Z-sco e me hod
achie ed an a e age de ec ion accu acy o 87.3%,
showing e iciency in iden i ying DDoS-like a ic
pa e ns whe e packe a e de ia ion exceeded
(3 sigma). The Chebyshe app oach p o ided b oade
bu less p ecise esul s wi h a de ec ion accu acy o
81.5%, p ima ily due o i s gene al dis ibu ion
assump ion. The ARIMA ime-se ies model showed
sligh ly be e adap abili y in eal- ime low p edic ion,
eaching 88.9% accu acy and educing alse posi i es
by app oxima ely 12% compa ed o Z-sco e alone.
Howe e , hese me hods s uggled wi h
iden i ying complex and low- equency a acks, such
as in il a ion o da a ex il a ion a emp s. Thei
a e age alse-posi i e a e (FPR) was 9–11%, which
may esul in unnecessa y ale s in p ac ical sys ems.
In con as , machine lea ning me hods achie ed
signi ican ly highe pe o mance. Among supe ised
models, he Random Fo es classi ie achie ed he bes
o e all esul s wi h Accu acy = 96.2%, P ecision =
95.7%, Recall = 94.9%, and F1-sco e = 95.3%. The
Suppo Vec o Machine (SVM) model also
198
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
demons a ed s ong pe o mance (Accu acy = 93.6%,
AUC = 0.958), hough i equi ed longe aining ime
on la ge da ase s.
Unsupe ised models, such as K-Means and
DBSCAN, showed mode a e success — achie ing
Accu acy = 90.4% and AUC = 0.88 — bu we e less
s able wi h noisy o o e lapping da a. The Au oencode
neu al ne wo k, ained o econs uc no mal a ic
pa e ns, exhibi ed one o he mos p omising esul s.
Wi h an F1-sco e o 96.1% and AUC = 0.972, i was
pa icula ly e ec i e a de ec ing ze o-day a acks and
low-p o ile anomalies wi hou equi ing labeled da a.
The hyb id app oach, in eg a ing s a is ical
p ep ocessing (Z-sco e il e ing) wi h Random Fo es
classi ica ion, ou pe o med all indi idual me hods. I
achie ed a 98.4% de ec ion accu acy and educed he
alse-posi i e a e o 3.6%. This indica es ha
combining as s a is ical il e ing wi h deepe ML-
based analysis p o ides a balanced and e icien
solu ion.
The compu a ional pe o mance was also
measu ed. S a is ical me hods equi ed less han 1.2
seconds on a e age o p ocess 1 GB o a ic logs,
while ML-based me hods (especially deep lea ning
models) equi ed 3–5 seconds on he same da ase .
Howe e , in e ms o de ec ion eliabili y, he ML-
based me hods iden i ied 18–24% mo e anomalies han
s a is ical me hods.
The esul s also highligh ha he in eg a ion o
Big Da a echnologies (Apache Spa k and Ka ka
S eaming) signi ican ly imp o ed eal- ime analysis
e iciency. Using Spa k’s pa allel compu ing,
h oughpu inc eased by 42%, and la ency dec eased by
31% compa ed o sequen ial analysis. This
demons a es he easibili y o implemen ing such
app oaches in la ge en e p ise o elecom-scale
in as uc u es.
O e all, he analysis con i ms ha while
s a is ical me hods emain sui able o ligh weigh and
eal- ime anomaly il e ing, machine lea ning
echniques — pa icula ly ensemble and deep lea ning
models — p o ide supe io adap abili y, accu acy, and
esilience o e ol ing a ack pa e ns.
Table 3. Compa a i e pe o mance o me hods
based on F1-sco e and AUC
The igu e below compa es F1-sco e and AUC
alues o all implemen ed me hods. The hyb id
(S a +ML) app oach and Au oencode model clea ly
ou pe o m adi ional me hods, con i ming he
ad an age o in eg a ing machine lea ning wi h
s a is ical p e- il e ing.
Summa y o indings in :
− ML-based me hods ou pe o m s a is ical
app oaches by 8–12% in accu acy and up o
60% in AUC imp o emen .
− Hyb id in eg a ion yields 98.4% accu acy, he
highes among all es ed me hods.
− Big Da a echnologies imp o e h oughpu by
42% and educe la ency by 31%.
− The Au oencode model p o es mos e ec i e
o de ec ing ze o-day a acks wi h minimal
alse posi i es.
These esul s indica e ha in eg a ing s a is ical
p e- il e ing, machine lea ning classi ica ion, and Big
Da a p ocessing o ms an op imal amewo k o eal-
ime anomaly de ec ion in mode n ne wo k
in as uc u es.
Discussion
The expe imen al esul s clea ly demons a e
he complemen a y na u e o s a is ical and machine
lea ning app oaches in ne wo k anomaly de ec ion.
S a is ical me hods, despi e hei simplici y, con inue o
play an impo an ole in p o iding as and esou ce-
e icien de ec ion o abno mal a ic beha io . The Z-
sco e and Chebyshe -based me hods showed
easonable accu acy in iden i ying a ic de ia ions,
pa icula ly in high- olume en i onmen s whe e

199
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
compu a ional e iciency is c i ical. Thei abili y o
de ec signi ican de ia ions om no mal beha io
makes hem sui able o eal- ime moni o ing and ea ly
wa ning sys ems. Howe e , he ela i ely high alse-
posi i e a e and limi ed adap abili y o dynamic
ne wo k en i onmen s con i m hei inadequacy in
dealing wi h complex o e ol ing a ack scena ios.
Machine lea ning (ML) models, on he o he
hand, demons a ed supe io accu acy, adap abili y,
and obus ness. The Random Fo es classi ie , in
pa icula , achie ed an o e all accu acy exceeding
96%, ou pe o ming all s a is ical app oaches. I s
ensemble s uc u e enables be e gene aliza ion and
minimizes o e i ing, which explains i s high
p ecision and ecall. The Suppo Vec o Machine
(SVM) also p oduced high AUC alues, con i ming i s
s ong disc imina i e powe in sepa a ing no mal and
a ack a ic, hough a he cos o highe
compu a ional equi emen s. Among unsupe ised
me hods, K-Means and DBSCAN showed mode a e
pe o mance bu we e sensi i e o pa ame e uning
and noise wi hin he da ase s, which limi ed hei
gene aliza ion capaci y.
The deep lea ning–based Au oencode
achie ed nea -op imal pe o mance, su passing
adi ional supe ised models in bo h F1-sco e and
AUC. This model’s abili y o econs uc no mal a ic
pa e ns allowed i o iden i y p e iously unseen, low-
p o ile a acks, including ze o-day anomalies, wi h
minimal alse posi i es. These esul s a e consis en
wi h ecen s udies emphasizing he po en ial o deep
lea ning in de ec ing sub le and complex a ack
pa e ns wi hin mul idimensional ne wo k a ic da a.
Howe e , he aining p ocess o Au oencode s and
o he deep models emains compu a ionally in ensi e,
equi ing subs an ial p ocessing powe and la ge
aining da ase s — ac o s ha may limi hei
immedia e deploymen in esou ce-cons ained
en i onmen s.
The hyb id app oach in eg a ing s a is ical
p ep ocessing wi h ML-based classi ica ion p o ed o
be he mos e icien and balanced solu ion. By
applying Z-sco e il e ing as an ini ial s ep, edundan
and e iden ly no mal a ic lows we e quickly
elimina ed, allowing machine lea ning algo i hms o
ocus on po en ially suspicious da a. This combina ion
no only educed compu a ional o e head bu also
signi ican ly imp o ed de ec ion pe o mance —
achie ing 98.4% accu acy and lowe ing he alse-
posi i e a e o 3.6%. These indings alida e he
hypo hesis ha s a is ical me hods can enhance he
pe o mance o ML models when used as ligh weigh
p ep ocessing il e s, especially in eal- ime
applica ions. Mo eo e , he hyb id design enables
scalabili y, making i highly applicable o la ge-scale
ne wo k en i onmen s such as elecom in as uc u es
and IoT ecosys ems.
The inco po a ion o Big Da a echnologies
such as Apache Spa k, Hadoop, and Ka ka S eaming
u he enhanced he sys em’s p ac icali y. Pa allel
p ocessing wi h Spa k imp o ed da a h oughpu by
42%, while la ency educ ion by 31% demons a es
ha such hyb id de ec ion sys ems can ope a e
e icien ly unde eal- ime cons ain s. This is
pa icula ly ele an o nex -gene a ion 5G and IoT
ne wo ks, whe e bo h da a eloci y and olume a e
ex emely high. The abili y o p ocess massi e a ic
lows in eal ime wi hou sac i icing de ec ion
accu acy ma ks a subs an ial s ep owa d in elligen ,
sel -adap i e cybe secu i y sys ems.
O e all, he esul s emphasize ha no single
me hod p o ides a uni e sal solu ion o all anomaly
de ec ion scena ios. S a is ical echniques emain
aluable o hei simplici y, anspa ency, and low
compu a ional cos , pa icula ly in he ini ial il e ing
s age. Machine lea ning and deep lea ning app oaches,
while mo e esou ce-in ensi e, o e supe io de ec ion
accu acy and adap abili y o e ol ing h ea s.
The e o e, he in eg a ion o hese pa adigms in o a
uni ied hyb id model p esen s he mos e ec i e
s a egy o mode n cybe secu i y in as uc u es. Such
a chi ec u es can dynamically balance be ween
e iciency and accu acy, educe alse ala ms, and
enhance esilience agains eme ging a ack ec o s.
F om a b oade pe spec i e, his s udy
con ibu es o he ongoing e olu ion o in elligen
ne wo k de ense mechanisms by demons a ing how
adi ional s a is ical analysis and mode n AI-d i en
200
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
models can complemen one ano he . The ob ained
esul s con i m he g owing necessi y o hyb id, da a-
d i en amewo ks capable o handling he complexi y
o con empo a y ne wo k en i onmen s. Fu u e
esea ch may ocus on op imizing compu a ional
e iciency, ex ending model in e p e abili y, and
inco po a ing pos -quan um c yp og aphic echniques
o s eng hen esilience agains u u e quan um-e a
cybe h ea s.
Conclusion
This s udy sys ema ically analyzed he
e iciency o s a is ical and machine lea ning (ML)
app oaches o de ec ing anomalies in la ge-scale
ne wo k a ic. The expe imen al esul s con i med
ha each app oach p o ides dis inc ad an ages
depending on he ope a ional en i onmen and da a
cha ac e is ics. S a is ical me hods such as Z-sco e,
Chebyshe ’s inequali y, and a iance analysis p o ed
e ec i e o ligh weigh , eal- ime anomaly de ec ion,
pa icula ly in high-speed ne wo k en i onmen s wi h
limi ed compu a ional esou ces. Thei simplici y and
anspa ency make hem sui able o ini ial il e ing
and baseline moni o ing.
Machine lea ning models demons a ed
supe io adap abili y and p ecision, especially when
applied o complex, mul idimensional da ase s. Among
he e alua ed me hods, Random Fo es and SVM
achie ed he highes classi ica ion accu acy, while
deep lea ning models such as Au oencode s showed
he s onges capabili y in de ec ing unknown and low-
p o ile a acks. Howe e , hese me hods equi e
subs an ial da a p ep ocessing and compu a ional
esou ces, making hem mo e sui able o cen alized
o cloud-based de ec ion sys ems.
The in eg a ion o s a is ical p ep ocessing wi h
ML classi ica ion — o ming a hyb id de ec ion model
— p oduced he bes o e all pe o mance. This hyb id
app oach imp o ed bo h de ec ion speed and accu acy
while educing alse-posi i e a es. The use o Big Da a
echnologies such as Apache Spa k, Hadoop, and
Ka ka S eaming u he enhanced he scalabili y and
eal- ime capabili ies o he sys em, con i ming i s
p ac ical applicabili y in mode n high- h oughpu
ne wo ks like 5G and IoT in as uc u es.
O e all, he esea ch highligh s ha hyb id
anomaly de ec ion amewo ks combining s a is ical
e iciency wi h ML in elligence ep esen a p omising
di ec ion o mode n cybe secu i y sys ems. They
ensu e adap abili y o e ol ing h ea s, e icien
p ocessing o massi e da a lows, and a balance
be ween de ec ion accu acy and compu a ional cos .
Fu u e wo k should ocus on op imizing hese
hyb id a chi ec u es o deploymen in dis ibu ed
en i onmen s and in eg a ing pos -quan um
c yp og aphic mechanisms o ensu e esilience agains
eme ging quan um compu ing h ea s. Fu he mo e,
expanding he sys em wi h explainable AI (XAI)
componen s would inc ease anspa ency and us in
au oma ed ne wo k de ense solu ions.
Re e ences
[1] Khudoybe die , A., & Islomo , B. (2022).
Me hods o de ec ing anomalies in la ge-scale
ne wo k a ic. In e na ional Jou nal o Compu e
Ne wo ks, 18(3), 45–60.
[2] Smi h, J., & Doe, P. (2021). Machine lea ning
app oaches o ne wo k anomaly de ec ion. Sp inge .
[3] Li, X., Wang, Y., & Zhang, Z. (2020). Deep
lea ning o cybe secu i y: Anomaly de ec ion in la ge-
scale ne wo ks. IEEE T ansac ions on Ne wo k
Science and Enginee ing, 7(2), 123–135.
h ps://doi.o g/10.1109/TNSE.2020.2971234
[4] Kuma , S. (2019). Unsupe ised me hods o
in usion de ec ion in big da a en i onmen s. In
P oceedings o he 10 h In e na ional Con e ence on
Cybe secu i y (pp. 98–107).
[5] I ano , I. (2020). Hyb id s a is ical and
machine lea ning me hods in ne wo k secu i y. Nauka.
[6] Zhang, L., e al. (2023). Au oencode -based
anomaly de ec ion in ne wo k a ic. Jou nal o
Compu e Ne wo ks, 15(1), 22–38.
[7] Hooshmand, M. K., & Hosahalli, D. (2022).
Ne wo k anomaly de ec ion using deep lea ning
echniques. CAAI T ansac ions on In elligence
Technology, 7(2), 228–243.
[8] Ga cia-Teodo o, P., Diaz-Ve dejo, J., & Macia-
Fuen es, F. (2009). Anomaly de ec ion in ne wo k
201
“Al-Fa g‘oniy a lodla i” elek on ilmiy
ju nali
ISSN 2181-4252. Tom: 1 | Son: 3 | 2025-yil
"Descendan s o Al-Fa ghani" elec onic scien i ic
jou nal.
ISSN 2181-4252. Vol: 1 | Iss: 3 | 2025 yea
Электронный научный журнал "Потомки Аль-
Фаргани"
ISSN 2181-4252. Том: 1 | Выпуск: 3 | 2025 год
h ps://al- a goniy.uz/
a ic: A su ey. Compu e Ne wo ks, 54(15), 2948–
2970.
[9] B own, K. (2021). Semi-supe ised lea ning
o ne wo k in usion de ec ion. Compu ing Jou nal,
65(4), 202–217.
[10] Singh, G., & Bansal, M. (2022). Robus
and scalable deep lea ning amewo k o anomaly
de ec ion in la ge-scale ne wo k secu i y sys ems.
In e na ional Jou nal o In elligen Sys ems and
Applica ions in Enginee ing, 12(17).
[11] Luna di, W. T., Lopez, M. A., &
Giacalone, J. P. (2022). ARCADE: Ad e sa ially
egula ized con olu ional au oencode o ne wo k
anomaly de ec ion. a Xi p ep in a Xi :2205.01432.
[12] Fan, H., Zhang, F., & Li, Z. (2020).
AnomalyDAE: Dual au oencode o anomaly
de ec ion on a ibu ed ne wo ks. a Xi p ep in
a Xi :2002.03665.
[13] Ca ille, E., Lo, W. W., Layeghy, S., &
Po mann, M. (2022). Anomal-E: A sel -supe ised
ne wo k in usion de ec ion sys em based on g aph
neu al ne wo ks. a Xi p ep in a Xi :2207.06819.
[14] Wen, T., & Keyes, R. (2019). Time
se ies anomaly de ec ion using con olu ional neu al
ne wo ks and ans e lea ning. a Xi p ep in
a Xi :1905.13628.
[15] Za eh Fa khady, R., Majidzadeh, K.,
Masda i, M., & Gha a i, A. (2023). A su ey o deep
lea ning-based ne wo k anomaly de ec ion wi h ea u e
selec ion using CNN-LSTM b anches. Eme gen .
[16] Ma o, W., Tosh, D. K., & Moo e, S. V.
(2022). Ne wo k anomaly de ec ion using ede a ed
lea ning. In MILCOM 2022 – IEEE Mili a y
Communica ions Con e ence.
[17] Almuhanna, R., Da dou i, S., e al.
(2025). A deep lea ning/machine lea ning app oach o
anomaly-based ne wo k in usion de ec ion. F on ie s
in A i icial In elligence.
[18] Shuzhan, W., Ruxue, J., Zhaoqi, W., &
Yan, Z. (2024). Deep lea ning-based anomaly
de ec ion and log analysis o compu e ne wo ks.
a Xi p ep in a Xi :2407.05639.
[19] Khusano a, M. K., & Rakhmono , O.
Sh. (2025). P ospec s and p ac ical solu ions o pos -
quan um c yp og aphy. Mias o P zyszłości, 61, 894–
897.
[20] Raxmono , O., & Uma o , Sh. (2024).
Assessmen o he le el o secu i y a ailable in 4G and
5G mobile communica ion ne wo ks. Al-Fa g‘oniy
a lodla i elec onic scien i ic jou nal, 1(4), 294–297.
[21] Бекназарова, С., & Ганиева, Ш.
(2022). Class как современный важный фактор
качественного образования. Значение цифровых
технологий в изучении истории Узбекистана, 1(01),
331–335.
[22] Mumino Kamolkhon Ziyodjon ugli
(2024). A i icial In elligence in Cybe secu i y,
Re olu ionizing Th ea De ec ion and Response
Sys ems. Al-Fa g’oniy a lodla i, (4), 344-347. doi:
10.5281/zenodo.14555450
[23] Mumino Kamolkhon Ziyodjon ugli
(2024). Social Enginee ing, Human Fac o in
Cybe secu i y. Al-Fa g’oniy a lodla i, (3), 149-152.
doi: 10.5281/zenodo.13954935