مشخصات پژوهش

The escalating complexity and sophistication of cyber threats necessitate robust and automated anomaly detection systems for enterprise network security. Modern enterprises face multifaceted threats including ransomware attacks causing severe financial and operational damage, advanced persistent threats (APT) that maintain covert control for extended periods to exfiltrate data or sabotage systems, distributed denial-of-service (DDoS) attacks disrupting network availability, and zero-day vulnerabilities exploited before patches can be deployed. Traditional security measures and rule-based intrusion detection systems prove inadequate against these evolving threats, particularly sophisticated APT campaigns from state-sponsored actors capable of adapting their techniques and tactics to evade detection. The increasing scale and complexity of enterprise networks with heterogeneous devices, multiple communication protocols, and massive volumes of network traffic amplify the challenge of manual threat identification . Furthermore, existing approaches struggle with high-dimensional data, complex network topologies, temporal dependencies in network logs, noise interference, data imbalance, and concept drift, resulting in unstable performance and unacceptably high false-positive rates that overwhelm security operations centers. These limitations underscore the critical necessity for advanced machine learning approaches that can autonomously identify anomalous behaviors in real-time, detect potential security incidents before they cause significant damage, and adapt to emerging threat patterns while protecting critical infrastructure, sensitive organizational data, and operational continuity . The significance of anomaly detection research extends across multiple critical dimensions of enterprise operations and security governance. From a security perspective, effective anomaly detection enables early identification of malicious intrusions, data exfiltration attempts, and unaut