A COMPARATIVE MACHINE LEARNING APPROACH TO NETWORK FLOW CLASSIFICATION FOR TELECOMMUNICATION CYBERSECURITY
Keywords:
Telecommunication cybersecurity; network flow classification; intrusion detection; machine learning; UNSW-NB15; Random Forest; network traffic analysis; flow-based detectionAbstract
Telecommunication networks generate large volumes of heterogeneous traffic across mobile, broadband, enterprise, cloud, and service-provider environments. As these networks expand, detecting malicious network flows becomes essential for service continuity, infrastructure protection, and cybersecurity operations. This study presents a comparative machine learning approach to binary network flow classification for telecommunication cybersecurity using the UNSW-NB15 dataset. Unlike web request-based detection studies, the research focuses on flow-level characteristics such as duration, protocol, connection state, packet and byte counts, traffic rate, load, time-to-live values, and connection-related statistics. Five supervised models were evaluated: Logistic Regression, Decision Tree, Random Forest, Linear Support Vector Machine, and Gradient Boosting. The workflow included data loading, train-test partitioning, categorical feature encoding, numerical scaling, model training, evaluation, confusion matrix analysis, and feature importance interpretation. Random Forest achieved the best overall performance with accuracy of 0.8921, precision of 0.8510, recall of 0.9746, and F1-score of 0.9086. Gradient Boosting achieved the highest recall of 0.9853, but its lower precision indicates a stronger false alarm tendency. Feature importance analysis showed that connection state, time-to-live information, traffic load, flow rate, duration, byte count, and packet statistics were among the most influential predictors. The findings suggest that tree-based models can support intrusion detection in telecommunication cybersecurity when flow-level monitoring is required at scale.
