Detecting Insider Threats Through Network Traffic Analysis Using Machine Learning for Cybersecurity

Network traffic management alongside security becomes increasingly difficult because of expanding network quantities and advancing network complexities. Current traffic analysis practices, together with congestion management methods, require smart, automated solutions because they work in a reactive manner and consume extensive resources. This research utilizes CIC-Darknet2020 dataset during a study of machine learning technology which analyzes network traffic to detect insider threats. The study makes use of comprehensive preprocessing strategies that handle missing values and remove unnecessary features while converting IP addresses into octet-based features to support better feature processing. SMOTE functions as a technique to fix class imbalance by over-sampling minority classes, thereby maintaining balance between all traffic categories. The research adopts XGBoost as its main classification method while comparing against Random Forest and Naïve Bayes models for performance evaluation. XGBoost exhibits top classification abilities according to performance assessment, which includes a 90.12% accuracy rate and precision, recall scores and F1-score. XGBoost proves its ability to differentiate between regular and suspicious traffic patterns, which positions it as an effective tool for intrusion detection enhancement. This research brings new cybersecurity advancements by using a scalable data method for analyzing network traffic and keeping track of internal threats.