Intrusion Detection System for Network Attacks

Abstract

Network security has become a top priority for both businesses and individuals in recent years because of the rise in cyber threats. Finding unauthorized or harmful activities on a network is one of the biggest problems. Traditional Intrusion Detection Systems (IDS) often miss new or changing attack patterns because they use fixed rules or known attack signatures. Machine learning techniques are being used more and more to build intelligent and adaptive IDS models to get around this problem.Using the NSL-KDD dataset, we built an intrusion detection system based on machine learning for this Research. Because of its better structure and balanced records, the NSL-KDD dataset is a better version of the original KDD\'99 dataset and is often used to compare IDS research. The Research has several steps, such as preparing the data, encoding the features, doing exploratory data analysis, and putting classification algorithms into action.We trained and tested two models, Logistic Regression and XGBoost, using metrics like accuracy, precision, recall, F1-score, and ROC-AUC. XGBoost.The system does a good job of telling the difference between normal and harmful network connections, and it can be improved even more for use in real time.This study shows that machine learning can help make networks more secure and lays the groundwork for creating scalable, smart, and real-time intrusion detection systems.

Introduction

With the rapid growth of the internet, securing network communications has become crucial due to increasing cyber threats like data breaches and DoS attacks. Traditional Intrusion Detection Systems (IDS) rely on signature-based methods that detect known threats but struggle with new or unknown attacks. To address this, machine learning (ML) approaches are being explored for IDS, offering adaptability and improved detection.

This research developed an ML-based IDS using the NSL-KDD dataset—an improved version of the KDD Cup 1999 dataset that balances data and removes duplicates for more reliable training and testing. The dataset includes labeled network traffic categorized as normal or various attack types (DoS, Probe, R2L, U2R).

The study involved preprocessing data by encoding categorical features and normalizing numerical values, followed by feature selection using XGBoost to identify important attributes. Several supervised ML models were tested, including Logistic Regression, Decision Tree, and XGBoost. Among them, XGBoost outperformed others in accuracy, precision, recall, F1-score, and ROC-AUC, due to its robustness, speed, and ability to reduce overfitting.

The system architecture includes data acquisition, preprocessing, model training/evaluation, and intrusion detection. UML diagrams illustrate system design and workflow. Exploratory Data Analysis (EDA) helped understand data distribution, class imbalance, and feature relationships, guiding better preprocessing and model design.

Conclusion

In this research, I created a machine learning-based Intrusion Detection System (IDS) using the NSL-KDD dataset, which is a widely used benchmark for network intrusion detection research. The main goal was to classify network traffic as either normal or an attack, helping in early detection and prevention of cyber threats. After cleaning the data, encoding it, and visualizing it, I trained several models such as Logistic Regression and XGBoost. The dataset was divided into training and testing parts, and the models were evaluated using standard classification metrics like accuracy, precision, recall, F1-score, and ROC-AUC. Among the models tested, XGBoost performed the best with the following results: - Accuracy: 0.98% - Precision: 0.98% - Recall: 0.99% - F1-score: 0.87% These results show that XGBoost is very effective at detecting both normal and malicious traffic, and it outperforms traditional models like Logistic Regression. One of the main advantages of XGBoost is its ability to work with high-dimensional and imbalanced data, along with built-in regularization to prevent overfitting. Additionally, Kernel Density Estimation (KDE) was used during the exploratory data analysis to understand how the features were distributed and to spot differences between normal and attack traffic. This helped in choosing and creating meaningful features, which improved the model\'s ability to tell the two categories apart. The entire process, from data preparation, feature creation, model training, and evaluation, was done efficiently using Python and libraries like Pandas, Scikit-learn, Matplotlib, and XGBoost. In conclusion, this Research shows how powerful machine learning, especially techniques like XGBoost, can be in building accurate and scalable intrusion detection systems. These results suggest that such models can be integrated into real-world cybersecurity systems for real-time monitoring and threat prevention.

References

[1] Tavallaee, M., Bagheri, E., Lu, W., &Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (pp. 1-6). IEEE.[https://doi.org/10.1109/CISDA.2009.5356528](https://doi.org/10.1109/CISDA.2009.5356528) [2] Chen, T., &Guestrin, C. (2016). XGBoost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 785-794). ACM. [https://doi.org/10.1145/2939672.2939785](https://doi.org/10.1145/2939672.2939785) [3] Scikit-learn Developers. (2023). *Scikit-learn: Machine Learning in Python. [https://scikit-learn.org/stable/](https://scikit-learn.org/stable/) [4] Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., ...&Duchesnay, É. (2011). Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, 12, 2825-2830. [5] NSL-KDD Dataset. (2009). A Refined KDD99 Dataset for Intrusion Detection Research.Canadian Institute for Cybersecurity. [https://www.unb.ca/cic/datasets/nsl.html](https://www.unb.ca/cic/datasets/nsl.html) [6] Hastie, T., Tibshirani, R., & Friedman, J. (2009). The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer Science & Business Media. [7] Zhang, J., &Zulkernine, M. (2006). Anomaly based network intrusion detection with unsupervised outlier detection. In Proceedings of the IEEE International Conference on Communications (Vol. 5, pp. 2388-2393). IEEE. [8] Aljawarneh, S., Aldwairi, M., &Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152-160. [https://doi.org/10.1016/j.jocs.2017.03.006](https://doi.org/10.1016/j.jocs.2017.03.006) [9] XGBoost Documentation. (2024). XGBoost Python Package. [https://xgboost.readthedocs.io/](https://xgboost.readthedocs.io/) [10] Rao, GudikandhulaNarasimha, et al. \"Fire detection in kambalakonda reserved forest, visakhapatnam, Andhra pradesh, India: An internet of things approach.\" Materials Today: Proceedings 5.1 (2018): 1162-1168. [11] ovith, A. Arokiaraj, et al. \"DNA Computing with Water Strider Based Vector Quantization for Data Storage Systems.\" Computers, Materials & Continua 74.3 (2023). [12] Rao, GudikandhulaNarasimha, et al. \"Geospatial Study on Forest Fire Disasters–A GIS Approach.\" Ecological Engineering & Environmental Technology 24 (2023)

Copyright

Copyright © 2025 Rakesh Das, Gudikandhula Narasimha Rao. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.