Multi-paradigm network anomaly identification: leveraging supervised, unsupervised and hybrid approaches to discover known and unknown threats for enhanced intrusion detection

Abstract

While network infrastructures grow increasingly complex and expand massively, anomaly detection has become central to ensuring cybersecurity and maintaining operational stability. Traditional and conventional systems struggle to identify new or unknown attack types, making adaptive and intelligent detection essential. This work presents a hybrid approach to network anomaly detection that leverages both supervised and unsupervised machine learning models to address these challenges. The proposed system utilizes a combination of deep learning models, supervised models and unsupervised clustering techniques with extensive preprocessing and class balancing using CTGAN for improved anomaly detection. Experiments were conducted using the UNSW-NB15 dataset, testing various scenarios with different combinations of known and unknown classes. The hybrid algorithm using the CURE-based unsupervised clustering approach achieved a high detection rate across multiple unknown class scenarios, with up to 91.9% detection rate and for known class scenarios up to 99.16% detection rate is obtained which significantly outperformed the conventional models used in real time Intrusion detection.