Unnava, Sai Priya (2025) NT-MAMBA- Network Traffic Anomaly Detection. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (1MB) | Preview |
Preview |
PDF (Configuration Manual)
Download (720kB) | Preview |
Abstract
Network traffic anomaly detection has severe issues with trade-offs between detection accuracy and computational efficiency as sophisticated cyber-attacks increase in variety and network speeds grow exponentially. Contemporary networks have millions of flows per second, and attacks vary from microsecond-level port scans to daylong infiltration attacks. Heterogeneous-natured network attacks, from volumetric DDoS to stealthy lateral movement, require detection mechanisms that can discover patterns over more than one temporal and structural dimension.
Classic approaches possess inherent trade-offs: machine learning models provide computational efficiency but sacrifice sophisticated attack behaviors, and deep learning models benefit from higher accuracy at computationally costly prices. State-of-the-art RNN and transformer-based approaches possess O(n²) complexity related to sequence length and therefore become bottlenecks to real-time deployment on high-throughput scenarios.
This research introduces NT-MAMBA, a new architecture combining multi-scale state space models (Mamba) and graph neural networks (GNN) towards efficient network anomaly detection. Three parallel Mamba scales, used in the architecture, process temporal patterns at varying resolutions, while dual GNN pathways (GraphSAGE and GAT) extract structural relationships between network entities. Temporal and spatial representations are fused through an attention-based fusion mechanism for identifying attacks occurring at varying time scales and communication patterns. Selective state space models are utilized for efficient sequence processing with preserved representational capability through graph-based structural analysis.
Analysis on CSE-CIC-IDS2018 dataset (437,498 samples, 10 attack types) discovers 88.77% overall accuracy with notable performance differences: seven attack types reach >97% detection rates while DoS-SlowHTTPTest and Infiltration exhibit severe failure at 22.20% and 1.20% recall respectively. Architecture exhibits 3.8× quicker inference than LSTM methods and 6.7× advancement over transformers, confirming that while state space models enhance computational efficiency for network security, advanced mimicry-based assaults necessitate inherently different detection models beyond statistical anomaly analysis.
| Item Type: | Thesis (Masters) |
|---|---|
| Supervisors: | Name Email Kelly, John UNSPECIFIED |
| Subjects: | Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning |
| Divisions: | School of Computing > Master of Science in Data Analytics |
| Depositing User: | Ciara O'Brien |
| Date Deposited: | 03 Jul 2026 11:22 |
| Last Modified: | 03 Jul 2026 11:22 |
| URI: | https://norma.ncirl.ie/id/eprint/9465 |
Actions (login required)
![]() |
View Item |
Tools
Tools