Review: Artificial Intelligence Techniques for Identifying Anomalies in Network Traffic
摘要
This article examines how artificial intelligence techniques are now being used to spot anomalies in network traffic. We trace the evolution of the field from classical machine learning methods to modern solutions that leverage large language models (LLMs). Traditional intrusion detection systems have typically depended on fixed rules or signature patterns, which makes them vulnerable to unfamiliar attack types and zero-day exploits. Machine learning methods are more adaptable, but they often have trouble capturing the temporal dynamics you see in real-world network flows—unless you invest heavily in feature engineering or bring in specialized models. A variety of sequence-oriented architectures have emerged to tackle these limitations. Most recently, researchers have repurposed Transformer-based LLMs for intrusion detection, essentially treating network events like linguistic tokens. In this review, we compare traditional machine learning and deep learning methods with sequence-focused models and LLM-based approaches. We highlight what each does well, where each falls short, and what obstacles stand in the way of deploying them. Our goal is to clarify how LLM-based intrusion detection fits into the bigger picture of available technologies, and to lay out both the major benefits and the real limitations of these newer techniques.