AI-Driven Machine Learning Model for Real-Time Cyber Threat Detection in Network Environments

Abstract

Network security threats continue to escalate with increasingly sophisticated intrusion attempts targeting both enterprises and critical infrastructure. Traditional signature-based intrusion detection systems (IDS) struggle with high false positive rates and inability to detect zero-day and mutation-based attacks. This paper presents NIDS Sentinel, an AI-driven Network Intrusion Detection System leveraging ensemble machine learning models for real-time cyber threat detection. The system integrates three supervised learning algorithms—Random Forest (RF), Extreme Gradient Boosting (XGBoost), and Multi-Layer Perceptron (MLP) Neural Networks—trained on NSL-KDD-style network traffic datasets. Our comprehensive approach includes data preprocessing with feature normalization, multi-model evaluation, and a production-grade three-tier architecture combining Python ML backend, Node.js/Express API middleware, and React.js web dashboard. Experimental evaluation demonstrates 96.9% overall detection accuracy across all models, with XGBoost achieving 97.1% individual accuracy while maintaining low false positive rates. The system successfully identifies diverse attack types including Denial of Service (DoS), Remote-to-Local (R2L), User-to-Root (U2R), and Probe attacks with real-time processing capability. A live monitoring dashboard enables security analysts to upload datasets, visualize predictions, and track threat patterns without requiring deep machine learning expertise. This work validates the effectiveness of ensemble ML approaches combined with modern web technologies for practical, deployable intrusion detection systems.

Introduction

The text describes NIDS Sentinel, an AI-powered Network Intrusion Detection System designed to improve cybersecurity by detecting both known and unknown network attacks more effectively than traditional rule-based systems.

Traditional firewalls and signature-based systems struggle with zero-day attacks and generate many false positives, making them inefficient for modern cybersecurity needs. To overcome this, the proposed system uses machine learning and ensemble methods to learn attack patterns from data and detect intrusions more accurately.

NIDS Sentinel integrates three ML models—Random Forest, XGBoost, and MLP neural networks—each contributing different strengths such as interpretability, high accuracy, and ability to capture complex patterns. The system achieves a reported accuracy of 96.9% using the NSL-KDD dataset, which includes five classes of network traffic: Normal, DoS, Probe, R2L, and U2R.

The system follows a three-tier architecture:

• Python backend for ML processing and prediction
• Node.js API layer for communication and real-time handling
• React-based dashboard for visualization and monitoring

A full preprocessing pipeline is used, including data cleaning, feature selection, normalization, encoding, and stratified splitting to improve model performance.

The literature review highlights that while previous ML-based intrusion detection systems achieved high accuracy, most lacked real-world deployment, used outdated datasets, or failed to address false positives and scalability. NIDS Sentinel addresses these gaps by providing a complete end-to-end system with real-time monitoring and practical deployment.

Conclusion

NIDS Sentinel successfully demonstrates AI-driven network intrusion detection through ensemble machine learning. Key achievements: • 96.9% detection accuracy across ensemble averaging RF, XGBoost, MLP • 97.14% peak accuracy (XGBoost) with 97.3% precision, minimizing false alarms • Successful classification of all four attack types (DoS, Probe, R2L, U2R) • Production-grade three-tier architecture enabling real-time enterprise deployment • Interactive dashboard reducing ML expertise barrier for security analysts • Balanced precision-recall trade-off improving threat response efficiency This work bridges the gap between academic ML research and practical cybersecurity deployment, validating ensemble approaches for NIDS and demonstrating modern software architecture for AI systems.

References

[1] Jadhav S., Yadav V., et al., \"Network Intrusion Detection System Using Machine Learning,\" International Journal of Scientific Research in Computer Science, Engineering and Information Technology, vol. 8, issue 3, pp. 208-216, 2022. [2] Thaseen I. S. and Kumar C. A., \"Intrusion Detection Model Using Fusion of Chi Square Feature Selection and Multi-class SVM,\" J. King Saud University - Computer and Information Science, 2021. [3] Al-Yaseen W. L., Othman Z. A., \"Multi-level Hybrid Support Vector Machine and Extreme Learning Machine for Intrusion Detection,\" Expert Systems with Applications, vol. 67, pp. 296-303, 2017. [4] Hamamoto A. H., Carvalho L. F., et al., \"Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic,\" Expert Systems with Applications, vol. 92, pp. 390-402, 2018. [5] Hamed T., Dara R., Kremer S. C., \"Network Intrusion Detection System Based on Recursive Feature Addition,\" Computer Security, vol. 73, pp. 137-155, 2018. [6] Viegas E. K., Oliveira L. S., \"Towards Reliable Anomaly-based Intrusion Detection in Real-World Environments,\" Computer Networks, vol. 127, pp. 200-216, 2017. [7] Elrawy M. F., Awad A. I., Hamed H. F., \"Intrusion Detection Systems for IoT-Based Smart Environments: A Survey,\" Journal of Cloud Computing, vol. 7, no. 1, p. 21, 2018. [8] Elsaeidy A., Munasinghe K. S., et al., \"Intrusion Detection in Smart Cities using Restricted Boltzmann Machines,\" Journal of Network and Computer Applications, vol. 135, pp. 76-83, 2019. [9] T. Cover and P. Hart, \"Nearest Neighbor Pattern Classification,\" IEEE Transactions on Information Theory, vol. 13, no. 1, pp. 21-27, 1967. [10] L. Breiman, J. Friedman, et al., Classification and Regression Trees, Wadsworth & Brooks, 1984. [11] Chen T., Guestrin C., \"XGBoost: A Scalable Tree Boosting System,\" in Proceedings of KDD Conference, pp. 785-794, 2016. [12] LeCun Y., Bengio Y., Hinton G. E., \"Deep Learning,\" Nature, vol. 521, no. 7553, pp. 436-444, 2015. [13] Tavallaee M., Bagheri E., et al., \"A Detailed Analysis of the KDD CUP 99 Data Set,\" in IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1-6, 2009. [14] UCI Machine Learning Repository, KDD Cup 1999 Data, Available: http://kdd.ics.uci.edu/databases/kddcup99/ [15] Scikit-learn Documentation, Random Forest Classifier, Available: https://scikit-learn.org/

Copyright

Copyright © 2026 S. Sathya, Gowtham A, Dhanush A, Gopinath K, Kishore S R. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.