TWO-PHASE NETWORK TRAFFIC INTRUSION DETECTION SYSTEM BASED ON THE RANDOM FOREST AND XGBOOST.

Authors

  • Shehla Shah Iqra National University, Pakistan Author
  • Muhammad Adil Iqra National University Peshawar Author
  • Tauseef Noor BSCS City University of Science and Information Technology Author
  • Waqar Nawaz ASSTT Director/Facility Management Officer Author
  • Sohail Farooq Facilitation Management Officer Agriculture University Peshawar Author
  • Muhammad Arif Afridi Project Manager at Renewable Power Pvt.Ltd Author
  • Yasir Adnan Assistant Chief Civil Secretariat Planning and Development Department. Author

DOI:

https://doi.org/10.71146/kjmr830

Keywords:

Network Intrusion Detection, Random Forest, XGBoost, Binary Classification, Multi-Class Classification, UNSW-NB15, Machine Learning, Cybersecurity, Traffic Monitoring, Feature Engineering

Abstract

The article reports a dual-stage network intrusion detection system (IDS) that implements the use of Random Forest and XGBoost in order to enhance the identification of malicious traffic in modern networks. This system then conducts binary classification in order to differentiate between normal and anomaly traffic and subsequently usage of multi-class classification is done to distinguish between particular types of attacks. Both models are evaluated comprehensively using the UNSW-NB15 dataset that has forty-five engineered features and ten traffic classes. The process of data preprocessing involves missing value imputation, feature scaling, and one-hot encoding to make sure that the input is not compromised. When using experiments, it is observed that XGBoost slightly outperforms Random Forest on the multi-class task, with an accuracy of 80.74 and both models have an accuracy of more than 93 on binary detection. The two-step process reduces the impact of the imbalance of classes and gives interpretable results through the visualization of the confusion matrix. The work provides a machine-learned pipeline that can be deployed in the real world to monitor network traffic by making use of this work to reproduce the pipeline

Downloads

Download data is not yet available.

Downloads

Published

2026-02-11

Issue

Vol. 3 No. 2 (2026): Feb 2026

Section

Engineering and Technology

License

Copyright (c) 2026 Shehla Shah, Muhammad Adil, Tauseef Noor, Waqar Nawaz, Sohail Farooq, Muhammad Arif Afridi, Yasir Adnan (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

KJMR publishes all articles as open access under CC BY 4.0, allowing anyone to share and adapt the work, even commercially, with proper credit, a license link, and clear notice of changes, without implying endorsement. Authors retain copyright while granting the journal non-exclusive publishing and archiving rights and may self-archive without embargo. Third-party material requires proper permission, and the journal ensures long-term free access through its website and archiving partners.

How to Cite

TWO-PHASE NETWORK TRAFFIC INTRUSION DETECTION SYSTEM BASED ON THE RANDOM FOREST AND XGBOOST. (2026). Kashf Journal of Multidisciplinary Research, 3(2), 80-87. https://doi.org/10.71146/kjmr830
Crossref
Scopus
Google Scholar
Europe PMC

Most read articles by the same author(s)

Similar Articles

1-10 of 336

You may also start an advanced similarity search for this article.