SCALABLE AND EXPLAINABLE ANOMALY DETECTION IN DYNAMIC NETWORK ENVIRONMENTS

Abstract

Early detection of anomalous behavior within network ecosystems is essential for maintaining resilient cybersecurity infrastructures. This research presents an integrated anomaly detection framework that fuses intrusion detection system (IDS) logs with entropy-based feature analytics to enable interpretable and rapid threat scoring. The framework incorporates three distinct yet complementary mechanisms: (i) an Enhanced Entropy-Based Anomaly Detection (EEAD) model that leverages entropy variance across multidimensional network attributes to identify irregular patterns with computational parsimony; (ii) an Autoencoder-based Anomaly Detection (AE) network, which reconstructs normal traffic representations and flags deviations through reconstruction loss; and (iii) a Statistical Signature Matching (SSM) approach employing statistical metrics such as chi-square and z-score for swift segregation of known and unknown attack signatures. Experimental analysis demonstrates that EEAD attains a superior equilibrium between interpretability and precision (ΔH = 0.72, TCS = 84%, PVI = 0.45, SDR = 0.62, Effectiveness = 88%), while AE excels in novel anomaly detection and SSM ensures low-latency recognition of recurrent threat patterns. The findings substantiate the proposed system’s capability to deliver scalable, adaptive, and transparent anomaly detection suitable for real-time cybersecurity environments.