Anomaly Detection Method for a Local Area Network

Abstract

This paper shows the development of an anomaly detection method for a local area network. This research work aims to use an unsupervised machine learning algorithm that integrates different network management tools for anomaly detection. The experiment includes the description of three essential modules: variable definition and protocol configuration, network monitoring and data collection, and fault prediction. SNMP, ICMP, and WMI communication protocols were selected to collect information about the current state of the network, and variables such as latency, packet loss, availability, traffic volume, and speed were defined. The network was polled by temperature sensors, CPU consumption, memory consumption. Network probing was done through the PRTG network monitor and access to the collected data was done through APIs, which were formatted to a template with the structure corresponding to the defined variables. In addition, a method was developed using an unsupervised machine learning algorithm in Python. The tools used for the development of this research were PRTG, Python, Pycaret Library, Collaboratory, Power BI for monitoring, development, and simulation respectively. For the analysis of the model efficiency, the parameters of accuracy (Accuracy), area under the curve (AUC), completeness (Recall), precision (Prec), F-value (F1-score), Matthews correlation coefficient (MMC) were used. The model was implemented through the Power BI tool. It was obtained as a result of measurements and simulation in different scenarios that the implementation of an anomaly detection method reduces degradation, improving the quality and availability of services offered in a local area network.