Your new experience awaits. Try the new design now and help us make it even better

ORIGINAL RESEARCH article

Front. Comput. Sci.

Sec. Networks and Communications

Volume 7 - 2025 | doi: 10.3389/fcomp.2025.1676362

This article is part of the Research TopicFrontiers in Information Technology, Electronics, and Management InnovationView all 3 articles

Anomaly Detection in Netflow Traffic: Workflow for Dataset Preparation and Analysis

Provisionally accepted
Evita RoponenaEvita Roponena*Inese PoļakaInese PoļakaJānis GrabisJānis Grabis
  • Riga Technical University, Riga, Latvia

The final, formatted version of the article will be published soon.

Select one of your emails

You have multiple emails registered with Frontiers:

Notify me on publication

Please enter your email address:

If you already have an account, please login

You don't have a Frontiers account ? You can register here

Information and communication technology (ICT) is crucial to maintain efficient communications, to enhance processes and to enable digital transformation. As ICT becomes increasingly significant in our every day life, its security is important for sustaining digital trust and resilience against evolving cyber threats. These technologies create a large amount of data that should be analysed simultaneously to detect threats to an ICT system and to protect sensitive information it may contain. NetFlow is a network protocol that can be used to monitor network traffic, collect IP addresses, and detect anomalies in NetFlow. This study provides a method for preparing a dataset of real-life NetFlow for anomaly detection using machine learning. The dataset was validated by implementing anomaly detection with the K-means clustering algorithm and time-series forecasting using the long short-term memory method. The study provides a dataset of features for both machine learning methods and an overview of the anomaly detection methods used in this research. Furthermore, this study introduces a method that integrates the outputs of both algorithms and evaluates the reliability of the final decision.

Keywords: anomaly detection, Bayes Theorem, clustering, Feature engineering, machine learning, Netflow, time-series

Received: 30 Jul 2025; Accepted: 14 Oct 2025.

Copyright: © 2025 Roponena, Poļaka and Grabis. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

* Correspondence: Evita Roponena, evita.roponena@rtu.lv

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.

Supplementary Material