A Comparative Machine Learning Framework for Network Intrusion Detection Using the NSL-KDD Dataset
Main Article Content
Abstract
Cyber threats are getting more complex and the number of networked systems has grown exponentially, making for greater need of Intelligent and Adaptive Intrusion Detection Systems (IDSs). These conventional signature-based security solutions are not effective against new attacks that have never been seen before, so a machine learning intrusion detection system that can be used to detect unusual network traffic has to be developed. In this study, five supervised machine learning algorithms, linear support vector machine (LSVM), quadratic support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant analysis (LDA), and quadratic discriminant analysis (QDA) were compared in the detection of network intrusions in the NSL-KDD benchmark dataset. To enhance the classification effectiveness, a systematic preprocessing pipeline was used that involves data cleaning, feature normalization, one-hot encoding, binary label transformation and correlation-based feature analysis. The training and testing sets were split in a 75:25 ratio, and the accuracy, precision, recall, F1-score, mean absolute error (MAE), mean squared error (MSE), and root mean squared error (RMSE) were used to assess the performance of the classifiers.
The results of the experiments showed that the KNN classifier outperformed Fuzzy logic, NN and NN-Fuzzy logic in terms of detection accuracy (98.55%), precision (0.99), recall (0.99) and F1 score (0.99). The performance of LSVM and LDA were competitive with accuracy more than 96.7%, and QSVM was able to achieve 95.71% accuracy. The performance of QDA, on the other hand, was significantly lower because of problems of feature collinearity and covariance estimation. The results show that the neighborhood-based learning techniques are still very effective in the binary intrusion detection problem and can be used as a powerful foundation, baseline models in the cyber security field. The presented framework offers a scalable and efficient intrusion detection solution for today's network environments
Downloads
Article Details
Section

This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in International Journal of IoT, Embedded Systems and Industrial Automation (IJIESIA) are licensed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license allows others to share, copy, distribute, and adapt the work, provided that proper credit is given to the original author(s) and the source.
Authors retain copyright and grant International Journal of IoT, Embedded Systems and Industrial Automation (IJIESIA) the right of first publication.
How to Cite
References
[1] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proc. IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), Ottawa, ON, Canada, 2009, pp. 1–6.
[2] S. Mukkamala, G. Janoski, and A. H. Sung, “Intrusion Detection Using Neural Networks and Support Vector Machines,” in Proc. IEEE International Joint Conference on Neural Networks (IJCNN), Honolulu, HI, USA, 2002, pp. 1702–1707.
[3] A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016.
[4] S. Revathi and A. Malathi, “A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection,” International Journal of Engineering Research & Technology, vol. 2, no. 12, pp. 1848–1853, 2013.
[5] R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA Off-Line Intrusion Detection Evaluation,” Computer Networks, vol. 34, nos. 4–5, pp. 579–595, 2000.
[6] P. Waghmode, M. Kanumuri, H. El-Ocla, and T. Boyle, “Intrusion Detection System Based on Machine Learning Using Least Square Support Vector Machine,” Scientific Reports, vol. 15, Art. no. 12066, 2025.
[7] H. M. R. U. Rehman, S. Liaquat, M. J. Gul, M. Z. Jhandir, and D. Gavilanes, “A Systematic Literature Study of Machine Learning Techniques Based Intrusion Detection: Datasets, Models, Challenges, and Future Directions,” Journal of Big Data, vol. 12, Art. no. 264, 2025.
[8] J. C. Mondragon, P. Branco, G. V. Jourdan, and A. E. Gutierrez-Rodriguez, “Advanced IDS: A Comparative Study of Datasets and Machine Learning Algorithms for Network Flow-Based Intrusion Detection Systems,” Applied Intelligence, vol. 55, no. 1, pp. 608–628, 2025.
[9] M. Farhan, H. W. Din, S. Ullah, M. S. Hussain, and M. A. Khan, “Network-Based Intrusion Detection Using Deep Learning Technique,” Scientific Reports, vol. 15, Art. no. 25550, 2025.
[10] N. Dash, S. Chakravarty, A. K. Rath, and N. C. Giri, “An Optimized LSTM-Based Deep Learning Model for Anomaly Network Intrusion Detection,” Scientific Reports, vol. 15, Art. no. 1554, 2025.
[11] R. Kanimozhi and P. S. Ramesh, “Deep Reinforcement Learning-Based Intrusion Detection Scheme for Software-Defined Networking,” Scientific Reports, vol. 15, Art. no. 38827, 2025.
[12] E. C. Pinto Neto, S. Iqbal, S. Buffett, M. Sultana, and A. Taylor, “Deep Learning for Intrusion Detection in Emerging Technologies: A Comprehensive Survey and New Perspectives,” Artificial Intelligence Review, vol. 58, Art. no. 340, 2025.
[13] M. S. Islam, S. Saha, and M. A. U. Alam, “Intrusion Detection System: An Optimization Based Deep Learning Approach Using NSL-KDD Dataset,” in Proc. IEEE International Conference on Computing, Applications and Systems (COMPAS), 2025, pp. 1–6.
[14] A. A. Abu-Shareha, M. M. Abualhaj, A. Hussein, O. Almomani, and A. Amer, “Supervised Machine Learning Intrusion Detection Review and Multi-Criteria Evaluation,” Scientific Reports, vol. 16, Art. no. 14525, 2026.
[15] N. P. Priya and G. Mohanbabu, “Intrusion Detection With HACDT-Net and TRBM-Net Using a Hybrid Deep Learning Framework With Enhanced Sampling Techniques,” Scientific Reports, vol. 16, Art. no. 11799, 2026.
[16] J. Zhu, Z. Chen, R. Cong, H. Sun, and Y. Dong, “STS-AT: A Structured Tensor Flow Adversarial Training Framework for Robust Intrusion Detection,” Sensors, vol. 26, no. 2, Art. no. 536, 2026.
[17] L. Parthasarathi and N. Kamalraj, “Assessing the Effectiveness of Machine-Learning Approaches for Detecting Network Attacks: An Empirical Evaluation on NSL-KDD,” International Journal of Scientific Research in Computer Science, Engineering and Information Technology, vol. 11, no. 6, pp. 261–266, Dec. 2025, doi: 10.32628/CSEIT2511644.
[18] A. Putra and R. Amarudin, “A Comparative Study of Machine Learning Algorithms for Intrusion Detection Systems Using the NSL-KDD Dataset,” International Journal of Advanced Computer Science and Applications, vol. 16, no. 2, pp. 145–154, 2025.
[19] A. Farabi, M. R. Shad, and I. Khandaker, “IntrusionX: A Hybrid Convolutional-LSTM Deep Learning Framework With Squirrel Search Optimization for Network Intrusion Detection,” arXiv preprint arXiv:2510.00572, 2025.
[20] T. Govindarajan and M. Muzamal, “Cloud Intrusion Detection Using Graph Neural Networks, Transformer Learning, and Contrastive Feature Optimization,” Scientific Reports, vol. 15, 2025.