Real-Time VPN Anomaly Detection System

This paper implements a network traffic analysis system with a focus on cybersecurity applications. The novelty lies in its combined approach of real-time traffic monitoring and machine learning-driven anomaly detection. Using the Scapy library, the core system extracts features such as packet rates, inter-arrival times, port usage, and TTL distributions from live network traffic. Four classifiers were evaluated for their effectiveness in detecting potential threats or unusual patterns, such as VPN usage. The Random Forest classifier achieved the highest accuracy at (0.976), followed by Gradient Boosting with an accuracy of (0.967). Logistic Regression demonstrated an accuracy of (0.902), while the Support Vector Machine (SVM) recorded a lower accuracy of (0.694). These results underscore the system’s potential to accurately identify network anomalies, making it a valuable tool for cybersecurity professionals.