Abstract
The rapid evolution of cyber threats in online networks have rendered traditional Intrusion detection Systems (IDS) ineffective in dealing with radidly evolving threat vectors. The proposed research introduces a flow based behavioural analysis framework that augments the traditional machine learning models with network communication patterns to improve their detection capabilities. Experimented on CIC-IDS2017 dataset, the proposed approach firstly introduces Structured Query Language (SQL) based operations to extract network communication behavioral features. These metrics are further combined with traditional flow based features and tested using a Random Forest classifier that was optimized through methodical hyperparameter tuning. The obtained results show an improved accuracy of 99.67%, demonstrating the importance of behavioral indicators, such as flow volume dynamics and activity centrality, in enhancing the detection of coordinated and dynamic attacks.The findings show that integrating flow-based behavioral analysis with traditional traffic features creates a more context-aware and accurate IDS suitable for modern cybersecurity applications. The study also explores the relevance of these features through feature importance analysis and ablation experiments.
| Original language | English |
|---|---|
| Pages (from-to) | 1076-1105 |
| Number of pages | 30 |
| Journal | International Journal of Computers and Applications |
| Volume | 47 |
| Issue number | 12 |
| DOIs | |
| Publication status | Accepted/In press - 2025 |
All Science Journal Classification (ASJC) codes
- Software
- Hardware and Architecture
- Computer Science Applications
- Computer Graphics and Computer-Aided Design