Rakhmatov Furkat1 and Karimov Norbek 2, 1 Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Uzbekistan, 2 Tashkent Region Pedagogical Skills Center, Uzbekistan
The rapid evolution of cyber threats, particularly Distributed Denial of Service (DDoS) and other advanced attack vectors, has significantly challenged the resilience of modern network infrastructures. In this research, we introduce an anomaly detection model that relies on a concise but highly representative set of features — request rate (Rt), traffic volume (Vt), source IP entropy (St), flow duration (Tt), and the number of distinct protocols (Qt). This feature selection enables the system to detect a wide range of network attacks, such as DDoS, low-rate or slow attacks, volumetric floods, service disruption attempts, application-layer intrusions, and stealthy behaviors. Using the CIC-IDS2017 dataset, we evaluated three machine learning models: Random Forest (RF), Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost). The experimental evaluation shows that the XGBoost classifier reached a detection accuracy of 99.1%, surpassing both RF and SVM, while also preserving a balanced relationship between precision and recall. The findings highlight that ensemble-based models, when combined with carefully selected statistical and entropy-based features, provide robust and efficient solutions for real-time intrusion detection in diverse attack scenarios. The key novelty of this study lies in demonstrating that near state-of-the-art detection accuracy can be achieved by relying on only five lightweight statistical and entropy-based features. This compact design not only reduces computational overhead but also highlights the possibility of building efficient intrusion detection systems without relying on complex or high-dimensional feature sets.
Network Anomaly Detection, Request Rate, Traffic Volume, Source IP Entropy, Flow Duration, Unique Protocols, Machine Learning, Intrusion Detection System