This article examines how artificial intelligence techniques are now being used to spot anomalies in network traffic. We trace the evolution of the field from classical machine learning methods to modern solutions that leverage large language models (LLMs). Traditional intrusion detection systems have typically depended on fixed rules or signature patterns, which makes them vulnerable to unfamiliar attack types and zero-day exploits. Machine learning methods are more adaptable, but they often have trouble capturing the temporal dynamics you see in real-world network flows—unless you invest heavily in feature engineering or bring in specialized models. A variety of sequence-oriented architectures have emerged to tackle these limitations. Most recently, researchers have repurposed Transformer-based LLMs for intrusion detection, essentially treating network events like linguistic tokens. In this review, we compare traditional machine learning and deep learning methods with sequence-focused models and LLM-based approaches. We highlight what each does well, where each falls short, and what obstacles stand in the way of deploying them. Our goal is to clarify how LLM-based intrusion detection fits into the bigger picture of available technologies, and to lay out both the major benefits and the real limitations of these newer techniques.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Review: Artificial Intelligence Techniques for Identifying Anomalies in Network Traffic

  • Aleksandr Krivchenkov,
  • Boriss Misnevs

摘要

This article examines how artificial intelligence techniques are now being used to spot anomalies in network traffic. We trace the evolution of the field from classical machine learning methods to modern solutions that leverage large language models (LLMs). Traditional intrusion detection systems have typically depended on fixed rules or signature patterns, which makes them vulnerable to unfamiliar attack types and zero-day exploits. Machine learning methods are more adaptable, but they often have trouble capturing the temporal dynamics you see in real-world network flows—unless you invest heavily in feature engineering or bring in specialized models. A variety of sequence-oriented architectures have emerged to tackle these limitations. Most recently, researchers have repurposed Transformer-based LLMs for intrusion detection, essentially treating network events like linguistic tokens. In this review, we compare traditional machine learning and deep learning methods with sequence-focused models and LLM-based approaches. We highlight what each does well, where each falls short, and what obstacles stand in the way of deploying them. Our goal is to clarify how LLM-based intrusion detection fits into the bigger picture of available technologies, and to lay out both the major benefits and the real limitations of these newer techniques.