Detection of Malicious Network Traffic Using Machine Learning

Prepared By Editor-in-Chief

International Journal of Innovative Solutions in Engineering is published semi-annually.

ISSN: 3029-3200

Preliminary Communication

DOI: https://doi.org/10.47960/3029-3200.2026.2.2.49
Citations (Crossref, OpenAlex):
Ivana Stojić* , Josip Previšić and Josip Šimić
*CAivana.stojic@fsre.sum.ba
josip.previsic@fsre.sum.ba
josip.simic@fsre.sum.ba

Full text:

In Press

This article belongs to Vol. 2 No. 2, 2026

I. Stojić, J. Previšić, and J. Šimić, “Detection of Malicious Network Traffic Using Machine Learning,” International Journal of Innovative Solutions in Engineering, vol. 2, no. 2, pp. 49–59, doi: 10.47960/3029-3200.2026.2.2.49.

pages 49-59

Download a citation file:

Vol. 2 No. 2 Article 22Download

Preview and download a citation file in BibTex format that can be imported by citation management software, including Mendeley, EndNote, ProCite, RefWorks, and Reference Manager.

This article is archived in Zenodo

Zenodo Archive DOI: 10.5281/zenodo.20204661

Abstract

Network intrusion detection systems increasingly rely on machine learning to identify malicious activity within large volumes of network traffic. In this project, a flow-based intrusion detection approach is implemented using the UNSW-NB15 dataset. The system operates exclusively on network flow features (e.g., packet counts, byte volumes, flow duration, and behavioral repetition counts) without inspecting packet payloads. A supervised machine learning model was developed in ML.NET (within Visual Studio) using the FastTree gradient-boosted decision tree algorithm. The model was trained on the UNSW-NB15 training set and evaluated on the designated test set. Results: The trained classifier achieved high attack detection rates (recall=98.5%) and an overall accuracy of 87% on unseen data. It detected the majority of attack flows, resulting in only a small false-negative rate (1.5% of attacks missed). However, the precision was lower (82%), indicating some false alarms due to benign traffic being misclassified. These results highlight the strengths of flow-based detection against obvious attacks and its limitations against stealthy or low-volume attacks. The study underscores how flow-level feature characteristics influence detection outcomes and discusses the practical implications of the observed false-positive and false-negative rates. Possible future enhancements include deeper packet inspection and sequential analysis to improve the detection of evasive threats.

Keywords

Intrusion Detection System (IDS), Flow-Based Intrusion Detection, Machine Learning, UNSW-NB15 Dataset, ML.NET, FastTree

ijise ID

22

URI

https://ijise.ba/article/22/

Publication Date

In Press

References

  1. S. Axelsson, “Intrusion Detection Systems: A Survey and Taxonomy,” Dept. of Computer Engineering, Chalmers University of Technology, Göteborg, Sweden, Tech. Rep., 2000. [Online]. Available: https://www.researchgate.net/publication/2597023_Intrusion_Detection_Systems_A_Survey_and_Taxonomy.
  2. A. Aldweesh, A. Derhab, and A. Z. Emam, “Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues,” Knowledge-Based Systems, vol. 189, p. 105124, Feb. 2020, doi: 10.1016/j.knosys.2019.105124.
  3. A. Verma and V. Ranga, “Machine Learning Based Intrusion Detection Systems for IoT Applications,” Wireless Pers Commun, vol. 111, no. 4, pp. 2287–2310, Apr. 2020, doi: 10.1007/s11277-019-06986-8.
  4. J. Zhang, M. Zulkernine, and A. Haque, “Random-Forests-Based Network Intrusion Detection Systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 38, no. 5, pp. 649–659, Sep. 2008, doi: 10.1109/TSMCC.2008.923876.
  5. S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J Big Data, vol. 7, no. 1, p. 105, Nov. 2020, doi: 10.1186/s40537-020-00379-6.
  6. S. More, M. Idrissi, H. Mahmoud, and A. T. Asyhari, “Enhanced Intrusion Detection Systems Performance with UNSW-NB15 Data Analysis,” Algorithms, vol. 17, no. 2, p. 64, Feb. 2024, doi: 10.3390/a17020064.
  7. S. Moualla, K. Khorzom, and A. Jafar, “Improving the Performance of Machine Learning‐Based Network Intrusion Detection Systems on the UNSW‐NB15 Dataset,” Computational Intelligence and Neuroscience, vol. 2021, no. 1, p. 5557577, Jan. 2021, doi: 10.1155/2021/5557577.
  8. L. Dhanabal and S. P. Shantharajah, “A study on NSL-KDD dataset for intrusion detection system based on classification algorithms,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-452, Jun. 2015.
  9. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Jul. 2009, pp. 1–6. doi: 10.1109/CISDA.2009.5356528.
  10. G. Creech and J. Hu, “Generation of a new IDS test dataset: Time to retire the KDD collection,” in 2013 IEEE Wireless Communications and Networking Conference (WCNC), Apr. 2013, pp. 4487–4492. doi: 10.1109/WCNC.2013.6555301.
  11. N. Moustafa, G. Creech, and J. Slay, “Anomaly Detection System Using Beta Mixture Models and Outlier Detection,” in Progress in Computing, Analytics and Networking, P. K. Pattnaik, S. S. Rautaray, H. Das, and J. Nayak, Eds., Singapore: Springer, 2018, pp. 125–135. doi: 10.1007/978-981-10-7871-2_13.
  12. UNSW Canberra Cyber, “The UNSW-NB15 Dataset,” UNSW Research. [Online]. Available: https://research.unsw.edu.au/projects/unsw-nb15-dataset.
  13. N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia: IEEE, Nov. 2015, pp. 1–6. doi: 10.1109/MilCIS.2015.7348942.
  14. Microsoft, “Prepare data for machine learning in ML.NET,” Microsoft Learn. [Online]. Available: https://learn.microsoft.com/en-us/dotnet/machine-learning/how-to-guides/prepare-data-ml-net.
  15. Microsoft, “FastTreeBinaryTrainer Class (Microsoft.ML.Trainers.FastTree),” Microsoft Learn. [Online]. Available: https://learn.microsoft.com/en-us/dotnet/api/microsoft.ml.trainers.fasttree.fasttreebinarytrainer?view=ml-dotnet-preview.
  16. J. H. Friedman, “Greedy function approximation: A gradient boosting machine.,” Ann. Statist., vol. 29, no. 5, Oct. 2001, doi: 10.1214/aos/1013203451.
  17. [17] T. Chen and C. Guestrin, “XGBoost: A Scalable Tree Boosting System,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco California USA: ACM, Aug. 2016, pp. 785–794. doi: 10.1145/2939672.2939785.
  18. [18] P. Waghmode, M. Kanumuri, H. El-Ocla, and T. Boyle, “Intrusion detection system based on machine learning using least square support vector machine,” Sci Rep, vol. 15, no. 1, p. 12066, Apr. 2025, doi: 10.1038/s41598-025-95621-7.
  19. [19] M. Jouhari, H. Benaddi, and K. Ibrahimi, “Efficient Intrusion Detection: Combining χ² Feature Selection with CNN-BiLSTM on the UNSW-NB15 Dataset,” in 2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM), Jul. 2024, pp. 1–6. doi: 10.1109/WINCOM62286.2024.10658099.
Post Views: 154

Adversarial Vulnerability and Defense in Human Detection: An Experimental Study Using FGSM, PGD, and Adversarial Training on the HERIDAL Dataset

ISSN: 3029-3200

Reach out to us for more opportunities

If you have any inquiries, please use the information below to contact us.

Contact Us

All articles published in the International Journal of Innovative Solutions in Engineering (IJISE) are preserved in Zenodo for long-term archiving and global accessibility.

© 2026 by The Author(s). Licensee IJISE by Faculty of Mechanical Engineering, Computing and Electrical Engineering, University of Mostar. All articles are an open-access and distributed under the terms and conditions of the CC BY 4.0Creative Commons LicenseAttribution 4.0 International (CC BY 4.0)