Practical Implementation of Artificial Intelligence in Cybersecurity, One-Class SVM for Anomaly Detection in Network Traffic

Abstract

The presented material provides a detailed discussion on the implementation of One-Class SVM in Python, including code examples and a sample CSV file containing network flow parameters such as duration, number of packets, and packet sizes. This is a continuation of the article Theoretical Considerations on Artificial Intelligence and Cybersecurity: One-Class SVM for Anomaly Detection in Network Traffic. The authors emphasize the necessity of removing the label column during training, as One-Class SVM is designed to identify anomalous observations based solely on a dataset of normal behavior. The text outlines the key stages of working with the model, including data loading, splitting into training and test sets, scaling, model initialization, and evaluation of results using metrics such as Precision, Recall, and F1-score. It is noted that model evaluation in laboratory conditions may be misleading if only a small number of samples are available. The article also discusses hyperparameter tuning (nu, gamma) and explores potential extensions, including combining One-Class SVM with other algorithms, integration with SIEM systems, and the implementation of real-time streaming data processing.