Computer networks target several kinds of attacks every hour and day; they evolved to make significant risks. They pass new attacks and trends; these attacks target every open port available on the network. Several tools are designed for this purpose, such as mapping networks and vulnerabilities scanning. Recently, machine learning (ML) is a widespread technique offered to feed the Intrusion Detection System (IDS) to detect malicious network traffic. The core of ML models’ detection efficiency relies on the dataset’s quality to train the model. This research proposes a detection framework with an ML model for feeding IDS to detect network traffic anomalies. This detection model uses a dataset constructed from malicious and normal traffic. This research’s significant challenges are the extracted features used to train the ML model about various attacks to distinguish whether it is an anomaly or regular traffic. The dataset ISOT-CID network traffic part uses for the training ML model. We added some significant column features, and we approved that feature supports the ML model in the training phase. The ISOT-CID dataset traffic part contains two types of features, the first extracted from network traffic flow, and the others computed in specific interval time. We also presented a novel column feature added to the dataset and approved that it increases the detection quality. This feature is depending on the rambling packet payload length in the traffic flow. Our presented results and experiment produced by this research are significant and encourage other researchers and us to expand the work as future work.

计算机网络每小时和每天都会针对几种攻击；它们进化为带来重大风险。他们传递新的攻击和趋势；这些攻击针对网络上可用的每个开放端口。为此目的设计了多种工具，例如映射网络和漏洞扫描。最近，机器学习 (ML) 是一种广泛提供的技术，用于为入侵检测系统 (IDS) 提供数据以检测恶意网络流量。ML 模型检测效率的核心取决于数据集的质量来训练模型。本研究提出了一个带有 ML 模型的检测框架，用于馈送 IDS 以检测网络流量异常。该检测模型使用由恶意流量和正常流量构建的数据集。这项研究的重大挑战是提取特征，用于训练有关各种攻击的 ML 模型，以区分它是异常流量还是常规流量。数据集 ISOT-CID 网络流量部分用于训练 ML 模型。我们添加了一些重要的列功能，并且我们批准该功能在训练阶段支持 ML 模型。ISOT-CID 数据集流量部分包含两种类型的特征，一种是从网络流量中提取的，另一种是在特定时间间隔内计算的。我们还提出了添加到数据集中的新列特征，并批准它提高了检测质量。此功能取决于流量中的随机数据包有效负载长度。