DESIGN AND IMPLEMENTATION OF A MACHINE LEARNING–DRIVEN FRAMEWORK FOR REAL-TIME NETWORK TRAFFIC ANOMALY DETECTION AND INTELLIGENT CYBER THREAT IDENTIFICATION

Abstract

The increasing sophistication of cyberattacks and the growing volume of network traffic have created significant challenges for conventional intrusion detection systems, particularly in identifying previously unseen threats in real time. This study presents the design and implementation of a machine learning–driven framework for real-time network traffic anomaly detection and intelligent cyber threat identification. The proposed framework integrates automated traffic monitoring, feature engineering, anomaly detection, threat classification, and real-time response generation within a unified cybersecurity architecture. A hybrid machine learning approach combines unsupervised anomaly detection, supervised ensemble learning, deep neural networks, and LSTM-based temporal analysis to continuously monitor network flow characteristics and detect both known and emerging attack patterns. The framework was evaluated using multiple benchmark cybersecurity datasets and validated under simulated enterprise network conditions. Experimental results demonstrated a detection accuracy of 97.8%, precision of 96.9%, recall of 97.2%, and an F1-score of 97.0%. The proposed system reduced false-positive alerts to 2.4% and achieved an area under the ROC curve (AUC) of 0.992, outperforming conventional machine learning models and signature-based intrusion detection approaches. Furthermore, the framework improved threat detection response time by 29.6% while maintaining stable performance under high-volume network traffic conditions. The results confirm the effectiveness of integrating anomaly detection, ensemble classification, and temporal learning within a unified intelligent cybersecurity framework for enhancing real-time threat intelligence, network resilience, and proactive cyber defense in enterprise and cloud computing environments.