GMM Selector-Based Anomaly Detection Model for Networks

Ensemble models for network anomaly detection are often challenged by class imbalance, a condition known to substantially degrade predictive accuracy. To address this limitation, a novel ensemble learning framework, termed the GMM Selector for Anomaly Detection (GMM-SAD), is proposed. The GMM-SAD framework utilizes Gaussian Mixture Models (GMM) to first estimate the prevalence of anomalies and then dynamically routes data to the most suitable specialized detection model within its architecture. To validate its effectiveness and generalization capabilities, extensive empirical evaluations were conducted on three widely-recognized benchmark datasets: CICIDS2017, UNSW-NB15, and NSL-KDD, under varying degrees of class imbalance. The proposed GMM-SAD model demonstrates robust and consistent performance, achieving an impressive average Area Under the Curve (AUC) of 98.40%, F1-score of 94.16%, and a high Recall of 95.32% across all datasets and imbalance scenarios. These findings confirm that the model significantly enhances network anomaly detection accuracy and robustness, particularly its ability to identify rare instances under challenging imbalanced conditions. This research introduces a highly adaptive technical approach for mitigating class imbalance, demonstrating strong potential for practical deployment in real-time network security monitoring.