Received 25 August 2024, accepted 17 September 2024, date of publication 20 September 2024, date of current version 9 October 2024.

Digital Object Identifier 10.1109/ACCESS.2024.3464866

Predictive Analysis of Network-Based Attacks by

Hybrid Machine Learning Algorithms Utilizing
Bayesian Optimization, Logistic Regression,
and Random Forest Algorithm
MANISANKAR SANNIGRAHI AND R. THANDEESWARAN
School of Computer Science Engineering and Information Systems, Vellore Institute of Technology, Vellore, Tamil Nadu 632014, India
Corresponding author: R. Thandeeswaran ([email protected])

ABSTRACT These days, intrusion detection systems are one of the newest trends in society. These
technologies serve as a defense against a variety of security breaches, the number of which has been
rising recently. The need for adaptive security solutions is pressing since the sorts of attacks that arise are
ever-changing. This study aims to enhance the performance of intrusion detection models on the KDD99
and NSL-KDD datasets through advanced optimization techniques. By addressing challenges related to
evolving attack strategies and intricate tasks, the research introduces innovative machine learning approaches
tailored for intrusion detection, focusing on both binary and multiclass classification scenarios. The study
employs a Bayesian Optimization-enhanced Random Forest (BO_RF) algorithm for binary classification
and a hybrid Logistic Regression and Random Forest (LR_RF) algorithm for multiclass classification. Our
models were implemented and evaluated in a Jupyter Notebook environment using key metrics: Accuracy,
Precision, Recall, and F1-Score. For binary classification, eight metrics were assessed, while twenty-six
were analyzed for multiclass classification across both datasets. The results demonstrate the effectiveness
of the proposed approaches in both classification types, highlighting their potential for robust and adaptable
intrusion detection. Theoretical contributions include advancing the understanding of intrusion detection
methodologies and the effectiveness of machine learning algorithms in cybersecurity. From a practical
perspective, the proposed model can offers a robust and adaptable solution for real-world intrusion detection
scenarios, potentially minimizing security breaches and enhancing overall cyber security posture.

INDEX TERMS Machine learning (ML), network attacks, classification, intrusion detection system (IDS).

I. INTRODUCTION the largest barrier to network communication these days

In recent years, a lot of important data has been transmitted is infiltration. An intrusion detection system scans network
via the Internet to computers or portable devices. It ulti- traffic for malicious activity and notifies the administrator
mately results in a rise in attacks against vital information when it finds it. Intrusion Detection System architectures
network systems. Thus, network security has emerged as the primarily fall into three categories: machine learning-based
key concern in thwarting attacks against confidential data techniques [2], statistical methods [3], and knowledge-based
on networks [1]. Various techniques and strategies related to systems [4]. Machine learning-based techniques are primarily
network security are examined. Gaining access control over employed to detect and prevent attacks by sensing irregu-
the network is the most popular method of security. However, larities in network traffic [5]. There are two methods for
detecting network attacks: anomaly detection and misuse
The associate editor coordinating the review of this manuscript and detection. The process of anomaly detection involves con-
approving it for publication was Hosam El-Ocla . trasting regular network traffic with system notifications.
2024 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License.
VOLUME 12, 2024 For more information, see https://creativecommons.org/licenses/by/4.0/ 142721

Anomaly detection establishes a typical pattern of network
traffic to identify new assaults, while misuse detection relies
on already-registered indications in the system to identify
known attacks
An intrusion detection system built using machine learning
techniques makes use of logs of standard network activity
as well as data collected from network traffic. It assists in
locating known attacks as well as unidentified ones that have
not yet been located. Machine learning models can detect
attacks or respond to threats in real time. Machine learn-
ing is suited for both large-scale network system analysis
and monitoring, as well as the efficient handling of large
volumes of data [6]. It can be applied to analyze user and
system behavior to spot insider threats or unapproved access.
Machine learning techniques can be used to connect complex
attacks with numerous stages or to dynamically alter network
segments in response to a recognized danger. These models
have numerous drawbacks in addition to their advantages.
The report omits essential material. Certain models merely
forecast the existence of an assault, not its kind. The second
is the restriction of poor detection performance for low data
frequency. The primary cause of this is an unbalanced dataset,
wherein certain attacks have significantly more cases than
others. As such, it is exceedingly challenging for any model
to detect attacks with low frequency [7].
The research work makes several notable contributions to
the area of intrusion detection and cyber security.
• Given the increasing complexity and diversity of cyber
threats, there’s a crucial need for security solutions that
can adapt effectively. To address this demand, the pro-
posed methods utilize advanced optimization techniques
and hybrid algorithms capable of adjusting dynamically
to evolving attack scenarios.
• The study introduces innovative intrusion detection
approaches based on machine learning algorithms,
to improve detection accuracy and adaptability. Through
the utilization of a Random Forest with Bayesian opti-
mization (BO_RF) algorithm for binary classification
and a hybrid Logistic Regression and Random For-
est (LR_RF) algorithm for multiclass classification, the
research presents fresh strategies for addressing intru-
sion detection challenges.
• Extensive evaluation and comparison of the proposed
algorithms with existing methods, such as Random For-
est, Logistic Regression, Naïve Bayes, and SVM, are
conducted using the KDD99 and NSL-KDD datasets
over Jupyter Notebook. This thorough analysis provides
valuable insights into the effectiveness of the proposed
models over traditional models.
Overall, the research facilitates the development of more
efficient, adaptable, and effective intrusion detection systems,
thereby bolstering overall cybersecurity resilience.
The subsequent sections of the paper are structured as
follows. In Section II, outlines the prior research conducted
on this subject. In Section III, different machine learning
algorithms are discussed, along with their respective strengths
142722
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
and limitations. Section IV introduces the datasets utilized in
the research, including details about the KDD99 cup dataset
and the NSLKDD dataset. Data visualization and preprocess-
ing techniques are elaborated upon in Section V, aimed at
facilitating a better understanding of the datasets. Section VI,
presents the proposed framework designed to enhance the
interpretability of any Intrusion Detection System (IDS).
This section is further divided into two parts, addressing
binary classification and multiclass classification, respec-
tively. It encompasses the experiments conducted using the
NSL-KDD and KDD99 datasets, along with a detailed pre-
sentation of the results. Finally, Section VII offers concluding
remarks and outlines potential future research directions.
II. RELATED WORK
There are a variety of reasons behind the significance of
Machine learning in intrusion detection. It is useful for
securing the integrity of computer networks and systems.
Cavusoglu [8], proposed a hybrid IDS system by combining
different feature selection and machine learning algorithms
over the NSL-KDD dataset. The performance is demon-
strated by comparing the proposed system with other studies,
it is shown that the proposed system has a low false positive
rate and high accuracy. Li et al. [9], proposed a hybrid method
based on K-NN and binary classification which achieved
suitable results over the NSL-KDD dataset. The model is
evaluated by comparing five other learning techniques. The
result showed that the proposed method performs better than
all other baselines in different evaluation criteria.
Al-Khassawneh [10] in this study, the effectiveness of
different classification algorithms in detecting anomalies in
network traffic patterns is evaluated using the NSL-KDD
dataset. Additionally, the relationship between hacker attacks
and commonly used network protocols is investigated to
understand how attackers generate abnormal network traffic.
The proposed model enhances IDS precision and suggests
new research directions in the field. Fuhnwi et al. [11] in
this study, an approach for Network Intrusion Detection
Systems (NIDS) using XGBoost and Recursive Feature Elim-
ination (RFE) is proposed. Evaluation of the NSL-KDD
dataset demonstrates superior performance in detecting vari-
ous attack types, with XGBoost outperforming other machine
learning algorithms and achieving high classification accu-
racy. Vibhute et al. [12] the study focuses on developing a
network based IDS using NSL-KDD datasets. Utilizing an
ensemble learning-enabled random forest algorithm, features
were selected. Three machine learning models - KNN, logis-
tic regression, SVM and - achieved validation accuracies
of 98.24%, 88.86%, and 87.58%, respectively, indicating
applicability for real-time monitoring and detection of cyber-
attack. Shehadeh et al. [13] the study evaluate intrusion
detection using Random Forest, KNN, and Naïve Bayes
on three datasets (KDDCUP-99, UNSW-NB15, and NSL-
KDD). Random Forest proves the most reliable. Limitations
include dataset quantity and focusing solely on classification
algorithms. Future research could explore additional data
VOLUME 12, 2024
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
mining techniques like Neural Networks and analyze spe-
cific dataset intricacies for improved algorithm performance.
Unlike previous studies that primarily relied on traditional
algorithms, this paper introduces the application of hybrid
algorithms. Earlier research often focused exclusively on
binary classification and limited their evaluation to one or two
metrics. In contrast, this study incorporates both binary and
multiclass classification, and conducts a more comprehensive
analysis by considering all four evaluation metrics.
III. MACHINE LEARNING ALGORITHMS
Machine Learning is a branch of Artificial Intelligence that is
the best way to accomplish specific goals by simulation. It can
take the result of previous experiences as instructions for
future operations without being explicitly programmed [14].
Machine Learning can be classified into three major type’s
supervised, unsupervised, and semi-supervised learning [15].
If the target labels and classes are known before execution
then it is called Supervised Learning. If the target class is
unknown then this learning is called Unsupervised. The learn-
ing which is a combination of supervised and unsupervised
methods of learning is called Semi-supervised Learning.
In this study, supervised learning algorithms are employed
due to the availability of labeled datasets, facilitating the
classification task. The proposed techniques are hybrids,
combining the strengths of multiple algorithms to overcome
limitations observed in existing approaches. Each existing
algorithm brings its unique advantages and drawbacks to the
table, which are carefully considered and addressed [16].
Below is a concise analysis of the methods evaluated in this
study.
A. NAÏVE BAYES
This algorithm can be explained as a probabilistic classifier
which is obtained from the application of Bayes Theorem,
which is an equation of statistical quantities that explains
the relationship between conditional probabilities [17]. The
naïve Bayes classification is very useful because they are very
fast and simple classification algorithm in datasets of high
dimension.
The likelihood of an outcome based on the previous out-
come that has occurred in similar circumstances is known as
Bayes theorem [18]. In equation (1), a relationship between
y = Class variable, & x1 . . . . . . xn = Dependent Vector of
features stated by Bayes theorem.
P(y)P(x1 , . . . . . . ., xn )
P(y|x1 , . . . . . . ., xn ) =
P(x1 , . . . . . . ., xn )
In equation (2), the estimation of P(x, | y) and P(y) is done
by using maximum a priori (MAP)
Yn
ŷ = arg maxy P(y) P (xi | y) (2)
i=1
This algorithm can be explained as a probabilistic classifier
which is actually obtained from the application of Bayes
Theorem.
VOLUME 12, 2024
Naive Bayes operates under the assumption of feature
independence, which may not be valid for intricate relation-
ships within network data. Its performance diminishes when
dealing with highly correlated features, potentially result-
ing in inflated probability estimates. Moreover, Naive Bayes
encounters difficulties with continuous features, particularly
if the underlying distribution is not accurately represented by
the selected probability distribution [19].
B. SUPPORT VECTOR MACHINE (SVM)
SVM is an abstract algorithm of Machine Learning that learns
by training over a specific type of dataset for making accurate
predictions and conceptualizing the remaining data. SVMs
belong to the supervised class of Machine Learning that
are mainly utilized for analyzing data, pattern recognition,
regression, and classification analysis [20]. The main objec-
tive of a SVM is to find a hyperplane in an N-dimensional
space where data points can distinctly be divided into two
categories.
Linear kernel function of SVM—— x,x′


Polynomial function of SVM————, γ x,x′ +r where


d= specified parameter degree.
Radial basis function of SVM———–exp(−γ ||x − x ′ ),
where γ = specified parameter gamma that is always more
than zero.
Sigmoid function of SVM———tanh(γ x, x ′ + r), r =


Coefficient of θ
The general working structure of SVM is shown in
figure (1).
FIGURE 1. SVM classification.
Support Vector Machines (SVMs) might face scalabil-
ity issues, particularly with large datasets, due to quadratic
optimization requirements relative to the number of training
examples. Their effectiveness relies heavily on selecting the
(1)
appropriate kernel function, which can be difficult, partic-
ularly in high-dimensional spaces. Additionally, SVMs are
susceptible to noisy data and outliers, potentially impacting
their ability to generalize effectively [21].
C. LOGISTIC REGRESSION
Logistic regression accomplishes the tasks by predicting the
probability of events, outcomes, or observations. It’s a statis-
tical model which is used to build model-dependent variables
142723

by using a logistic function [22]. Given data (x, y) where x
is (m x n) matrix with m samples and n attributes and y is a
vector of m examples. The weight matrix to create random
initialization defined in equation (3).
a = w0 + w′1 x1 + w′1 x2 + . . . w′1 xn (3)
Then pass the output a to link function which is formulated
in equation (4).
ŷi = 1/(1 + e−a ) (4)
Then the cost function is calculated which derived in
equation (5).
 
1 Xi=m
cost (w) = − yi log (yi )
m i=1
+ (1 − yi ) log 1 − ŷi


(5)
The updating of weights is done as per the derivative of the
cost, the formula is shown in equation (6) and (7)
Xi=n
dwj = (ŷ − ŷi )xji (6)
i=1
wi = wj − (adwj ) (7)
Logistic regression is used to calculate the probability of
a given data point set belonging to either class ‘0’ or ‘1’ a
given value of w and x. The exponent function in the sigmoid
function is justified because the probability must be more
than zero. But to make the value less than one the numerator
needs to be divided by a value bigger than it [23]. This
equation is divided by the numerator term then the sigmoid
function is obtained. The sigmoid function is expressed in
equation (8). Figure (2) shows the curve of logistic regression.
P = 1/1+e−(w1 x1 +w2 x2 +...+wn xn ) (8)
FIGURE 2. Curve of logistic regression.
Logistic Regression relies on the assumption of a
linear relationship between features and the log odds
of the target variable, potentially overlooking complex
non-linear relationships within the data. Challenges arise with
high-dimensional or feature-rich datasets, as Logistic Regres-
sion may struggle to achieve optimal performance [24].
Moreover, Logistic Regression may exhibit poor results when
dealing with imbalanced datasets.
142724
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
D. RANDOM FOREST
This algorithm creates and makes a forest random; this for-
est is a group of decision trees which are trained with a
bugging method. The bagging method is the amalgamation
of the learning models to increase overall results [25]. This
algorithm is useful for both regression and classification
problems which are used to form most of the current systems
of machine Learning. The greater number of trees leads to
high accuracy and also prevents the overfitting problem.
There are formulas for the evaluation of random forest is
shown in equation (9) and (10)
Xn
Gini Index = 1 − p2 (9)
i=1 i
Xn
Entropy = − pi log(pi ) (10)
i=1
Information Gain = E (Parent) – E (Parent | Child) or Gini
(Parent) – Gini (Parent | Child), Where Gini= Gini Index,
E= Entropy, p= probability.
For the final evaluation majority/hard voting method is
used, the formula of this method is given in equation (11).
ŷ = mode{C1 (x) , C2 (x) , . . . . . . .., Cm (x)} (11)
where ŷ = class label, Cm = set of classifier, the class label
of each classifier is predicted by majority voting.
Random Forest models, despite their effectiveness, can
pose challenges in interpretation due to their complexity,
particularly with numerous trees and features. Although they
offer reduced overfitting risks compared to single decision
trees, they still need careful tuning to avoid overfitting noisy
data [26]. Additionally, training a Random Forest model
can be computationally demanding, especially with sizable
datasets or when employing a high number of trees.
E. BAYESIAN OPTIMIZATION
Optimization is considered the heart of a machine learn-
ing model. Bayesian Optimization constructs a model of an
objective function based on probability for selecting hyper-
parameters for the evaluation of the objective function [27].
Bayesian Optimization varies from Grid and Random search
because it enhances the search speed by using past perfor-
mances where other methods are independent of previous
evaluations. It has two components one is the probabilistic
model another is the acquisition function. The probabilis-
tic model starts with the prior probability distribution for
optimization of the function. The acquisition function com-
putes the posterior distribution of the function [28]. The next
sampling point is determined by maximizing the acquisition
function. The objective function is defined in equation (12).
Xt = argmaxx u(X|D1:t−1 ) (12)
where, u= acquisition function, D1:t−1 = the total t samples
There are mainly three main types of acquisition functions,
first upper confidence bound is defined in equation (13).
UCB[x∗ ] = µ x∗ + β 1/2 σ [x ∗ ]
 
(13)
VOLUME 12, 2024
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks

Second, probability of improvement which is defined in TABLE 1. Classification of the KDD99 dataset.
equation (14).
Z ∞
PI x∗ = Normf[x ∗ ] µ x ∗ σ x ∗ df [x ∗ ]
      
(14)
f [ẋ]
Third, expected optimization is defined in equation (15)
Z ∞
(f x∗ − f [ẋ])Normf[x∗ ] [µ x∗ σ x∗ df[x∗ ]
 ∗      
EI x =
f[ẋ]
(15)

  (14), and (15), µ x = mean value of

 ∗
In equation (13),
data point x, σ x ∗ = variance value of data point x, β =
controlling parameter of the degree of exploration, f x ∗ =
normal distribution, f [ẋ] = current maxima.
Bayesian optimization offers strengths such as efficient
optimization of black-box functions and the ability to han-
dle noisy or expensive objective functions. However, it may
face limitations in high-dimensional search spaces and when
dealing with discontinuous or non-smooth functions [29].
Additionally, Bayesian optimization’s performance heavily
relies on the choice of surrogate model and acquisition
function, which may impact its effectiveness in different
scenarios.
TABLE 2. Classification of the NSLKDD dataset.
IV. DATA DESCRIPTION
There are many datasets available that are considered as a
benchmark and are used for analysis of different Machine
Learning models and security solutions [30]. In this paper,
we have used KDD99 and NSLKDD datasets.

A. KDD99 DATASET
In 1999, the International Knowledge Discovery and Data
Mining Tools Competition was organized to collect traffic
records, an environment had been set up by Lincoln Labs
for acquiring raw TCP dump of 9 weeks from a LAN of
the US Air Force [31]. The size of the training data is 4 GB
collected from 7 weeks, which then processed into 5 million
connections and the test data is around 2 million connections
collected from 2 weeks. The attack types explored here are
R2L. U2R, DoS, Probing. The description of the dataset is
given in table 1.

B. NSLKDD DATASET
In 2009, the NSL-KDD dataset was brought as a cleaned and
revised version of the KDD99 dataset by the University of
New Brunswick. The dataset contains 43 features for each
record, where 41 are traffic input data, the other two are labels
i.e. traffic is normal or malicious, and Scores i.e. severity
of traffic input [32]. There are 4 different attack classes in
the dataset: DoS, R2L, U2R, and Probing. There are four of the data provides information about the data. Two cru-
types of features in the dataset: 4 Categorical, 6 Binary, 10 cial elements of data processing are normalization and
Continuous, and 23 Discrete. The features of the dataset is standardization [33]. To get more significant results, the
explained in table 2. size of a dataset grows exponentially as the number of
characteristics increases. This causes an overfitting issue,
V. DATA EXPLORATION which lengthens computation times and lowers model accu-
Visualization is the most effective method for comprehend- racy. The following describes the methods applied in this
ing data and how it functions. Knowing the distribution paper.

VOLUME 12, 2024 142725


A. NORMALIZATION AND STANDARDIZATION
Normalization is a method of arranging data to reduce
duplication where data points are scaled between zero and
one [34]. It is utilized to remove undesired characteris-
tics from a dataset. Mathematically it is represented in
equation (16).
 The process of classification where the data is divided
Xnew = X−Xmin Xmax − Xmin (16)
The method of restructuring data in uniform format is
called data standardization. It compares the data points by
putting them on the same scale. This process is also called
Z-score. Mathematically it is represented in equation (17).
Z =X−µ σ

(17)
where, µ = Mean of the data points, σ = Standard Deviation
B. PRINCIPAL COMPONENT ANALYSIS (PCA)
It is a method to examine interrelations between variables of a
dataset [35]. The algorithm uses an orthogonal transformation
to convert correlated variables into uncorrelated variables.
Principal component analysis is used to avoid overfitting
problems by reducing the dimensionality of the original
dataset and transforming it to lower lower-dimensional
dataset preserving most of the actual sample information [36].
The variance of the low-dimensional dataset is greater than
the higher-dimensional dataset. Figure (3) gives a general
overview of how PCA works.
FIGURE 3. Principal component analysis.
VI. PROPOSED FRAMEWORK
A computer system will always have vulnerabilities, which
opens the door to different network attacks attempting to
compromise system integrity. For network security purposes,
it is more crucial to identify the sort of attack than whether
an assault has taken place. Any network administrator must
constantly have accurate information to take the neces-
sary precautions to safeguard computer infrastructure [37].
We presented a hybrid approach in this paper that outperforms
existing approaches in identifying network threats. The pro-
posed algorithm experiments over the KDD99 and NSLKDD
datasets to evaluate detection performance. The ratio of train-
ing and testing dataset is 70:30, the implementation is done in
142726
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
the Jupyter Notebook environment [38]. There are mainly two
types of classification techniques used in machine learning
one binary and the other multiclass classification.
A. BINARY CLASSIFICATION
into two classes or groups is called as binary classifica-
tion [39]. The two classes are labelled as either 0 or 1.
There are many machine learning algorithms used to do
binary classification like SVM, logistic regression, random
forest, etc. PCA is utilized to reduce the dimensional-
ity of the dataset, the Bayesian optimization technique is
employed to identify the optimal parameter configuration
for improved results. Bayesian techniques employ histor-
ical evaluation data to construct a probabilistic model,
termed a ‘‘surrogate,’’ mapping hyperparameters to the
likelihood of achieving a score on the objective function.
This surrogate function simplifies optimization compared
to the actual objective function. By iteratively updat-
ing the surrogate probability model with each evaluation,
Bayesian reasoning aims to refine predictions and improve
accuracy.
The random forest technique has eighteen hyperparam-
eters, three of which—max_smaples, max_features, and
n_estimators—are selected for optimization. In the end, the
attack kinds are classified using an optimized Random Forest
approach. The Random Forest method heavily relies on key
hyperparameters such as max_samples, max_features, and
n_estimators to govern the model’s performance, complexity,
and generalization capability. These hyperparameters control
the bootstrap sample size, feature selection randomness, and
forest count, respectively. Fine-tuning these hyperparame-
ters is crucial for achieving optimal performance, balancing
model complexity, and ensuring generalization ability in
Random Forest models [40].
The framework for binary classification is illustrated
in figure (4). Initially, the datasets undergo standardiza-
tion and normalization, following the processes outlined in
equations (16) and (17). Then, PCA is employed for dimen-
sionality reduction. Following these preparatory steps, the
proposed algorithm, along with other traditional algorithms,
is applied for final analysis.
Traditional algorithms like SVM and Logistic Regression
may struggle with imbalanced datasets, where one class dom-
inates the other. In contrast, the Random Forest method,
optimized with Bayesian optimization, can address this issue
by dynamically balancing class distribution during training,
ensuring adequate representation of rare attack types. While
Random Forest models are robust to noise, they may overfit
without proper tuning [41]. Bayesian optimization helps opti-
mize Random Forest hyperparameters, such as tree count and
depth, mitigating overfitting and enhancing generalization,
particularly in noisy environments. Moreover, Random Forest
with Bayesian optimization, offers adaptability by updating
model parameters over time, enabling continuous learning
VOLUME 12, 2024
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks

FIGURE 4. Framework of the Proposed algorithm for binary classification.

Algorithm 1 The Proposed Bayesian-Based Random Forest TABLE 3. Classification of KDD99 dataset.
(BO_RF) Algorithm
Input: The dataset be X = [X1 , X2 . . . . . . .Xn ]
The Target variables Y = [Y1 , Y2 . . . Ym ]
Output: Classification report for each target variable.

1: Initialize the dataset X = [X1 , X2 . . . . . . .Xn ],

Target variables Y = [Y1 , Y2 . . . Ym ],
iteration i
2: Compute objective function by using Bayesian
optimization
Xt = argmaxx u(X|D1:t−1 )
3: Compute acquisition function to select best
parameters
  R ∞  ∗
EI x∗ = f[ẋ] (f x − f [ẋ])Normf[x∗ ] [µ x∗ , σ x∗ df[x∗ ]
   

4: Set i = 0 proposed algorithm as shown in algorithm (1). Traditional

5: while i < n do methods use a series of equations to carry out their analy-
6. Compute entropy and information gain
Pn ses which are mentioned in Section III, thereby establishing
Entropy = − pi log (pi ) a foundational benchmark for comparison. In contrast, the
i=1
Information Gain = E (Parent) – proposed algorithm introduced an advanced optimization
E (Parent | Child) process, utilizing equations (12) and (15) to refine classifica-
7: Set i = i + 1 tion accuracy and efficiency. The final classification process,
8: Select the most voted prediction by using the which involved equations (9)-(11), presents a comprehen-
majority/hard voting technique
ŷ = mode C1 (x) , C2 (x) , . . . . . . .., Cm (x) sive analysis that integrates standard methodologies with
9: end while innovative optimization techniques, ultimately achieving
10: Return the classification report for each target superior performance in detecting and categorizing network
variable intrusions.
The classification report obtained by the proposed
algorithm over the KDD99 dataset is given in table 3.
and adaptation to evolving data distributions and new attack The comparison of different machine learning algorithms
patterns [42]. to the proposed algorithm based on different evaluation crite-
The classification of the KDD99 and NSL-KDD datasets ria is tabulated in table 3 and shown in figure (5). From these,
was conducted using both traditional algorithms and the we can easily conclude the superiority of BO_RF algorithm

VOLUME 12, 2024 142727

 M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks

over traditional methods in all the aspects of evaluation crite- work together effectively, leveraging optimization efficiency
ria. and model robustness to develop efficient machine learning
models for real-time scenarios [44].

Algorithm 2 The Proposed Grid Search-Based Hybrid Logis-

tic Regression and Random Forest (LR_RF) Algorithm
Input: The dataset be X = [X1 , X2 . . . . . . .Xn ]
The Target variables Y = [Y1 , Y2 . . . Ym ]

Output: Classification report for each target variable.

1: Initialize the dataset X = [X1 , X2 . . . . . . .Xn ],

Target variables Y = [Y1 , Y2 . . . Ym ],
FIGURE 5. Comparison over the KDD99 dataset. iteration i, j
2: Utilize GridSearchCV to find optimal parameters
The experimental results over the NSLKDD dataset are
3: Set i = 0
compared between existing techniques and the proposed tech-
4: while i < n do
nique is shown in table 4.
5: Compute weight matrix and link function
TABLE 4. Classification of NSLKDD dataset.
a =w0+ w‘1 x1 + w2‘ x2 + . . .w‘n xn
ŷi = 1 (1+e−a )
6. Compute cost function by utilizing link function
and weight matrixP
i=m
cost (w) = − m1 i=1 yi log (yi ) +
(1−yi ) log(1 − ŷi )
7: Calculate the sigmoid function
P =1 1 + e−(w1 x1 +w2 x2 +...+wn xn )
8: Set j = 0
9: while j < m do
10: Compute entropy
P and information gain
Entropy = − ni=1 pi log (pi )
The comparison of different machine learning algorithm Information Gain = E (Parent) –
to the proposed algorithm over NSLDD dataset is given in E(Parent | Child)
figure (6). Similar improvement over traditional methods is 11: Set j = j + 1
also observed here with BO_RF algorithm. 12: Select the most voted prediction by using hard or
majority voting technique
ŷ = mode{C1 (x) , C2 (x) , . . . . . . .., Cm (x)}
13: end while
14: Set i = i + 1
15: end while
16: Return the classification report for each target variable.

FIGURE 6. Comparison over the NSLKDD dataset.
Bayesian optimization enhances Random Forest models
by efficiently tuning hyperparameters like the number of
trees and maximum depth. This optimization reduces com-
putational costs and improves predictive performance by
adapting to changes in the performance landscape during
training [43]. This adaptability is particularly beneficial in
real-time applications where model performance may fluctu-
ate. In summary, Bayesian optimization and Random Forest
B. MULTICLASS CLASSIFICATION
The process of classification where data is divided into three
or more classes or categories is called multiclass classifica-
tion [45]. The classes are labelled from 0 to n-1 where n is
the total no of classes. A hybrid algorithm using Logistic
regression and Random forest is proposed. The proposed
algorithm is implemented using Grid search which can search
for optimal parameters from a great number of parameters.
The optimal parameters are used to improve the performance
of the algorithm. The combination of Logistic Regression
and Random Forest in a hybrid approach offers comple-
mentary benefits. While Logistic Regression may overlook
complex data patterns, Random Forest can capture them
effectively by aggregating predictions from multiple decision

142728 VOLUME 12, 2024

M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
FIGURE 7. Framework of the proposed algorithm for multiclass classification.
trees. Moreover, Random Forest’s robustness to noise and
outliers enhances model performance, mitigating the impact
of outliers. On the other hand, Logistic Regression pro-
vides interpretable coefficients that elucidate the relationship
between features and the target variable, aiding in understand-
ing model predictions. By leveraging the strengths of both
methods, hybrid algorithms achieve improved performance
and prediction accuracy.
Figure 5 depicts the multiclass classification framework.
The datasets are initially subjected to standardization, nor-
malization, and dimensionality reduction. Once these steps
are completed, the proposed algorithm, along with other tra-
ditional algorithms, is implemented for the final analysis.
Traditional algorithms such as Logistic Regression and
Naive Bayes may struggle to capture intricate data rela-
tionships. However, by integrating Logistic Regression
with Random Forest in a hybrid model and optimizing
hyperparameters through grid search, the model can effec-
tively address non-linear relationships and high-dimensional
feature spaces, ultimately enhancing classification accu-
racy [46]. Although Random Forest models are potent,
they are often perceived as ‘‘black box’’ models, hindering
interpretability. Yet, by combining Logistic Regression in a
hybrid approach, interpretability can be enhanced, as Logistic
Regression offers coefficients that signify the significance of
each feature in the classification process.
The classification of the KDD99 and NSL-KDD datasets
was carried out using both traditional algorithms and the
proposed algorithm. Traditional methods leveraged a com-
prehensive set of equations to conduct their analyses, estab-
lishing a foundational benchmark for comparison which are
VOLUME 12, 2024
described previously in Section III. The proposed algorithm,
however, introduced more advanced and nuanced approach.
In the initial phase, it applied equations (3) - (8) (which
are rooted in logistic regression) to optimize the model’s
parameters and enhance its predictive capabilities. This phase
laid the groundwork for a more precise classification. The
second phase of the proposed algorithm employed equa-
tions (9) - (11) (which utilize the random forest technique)
to further refine the classification process. This dual-phase
methodology which combines logistic regression with ran-
dom forest, represents a significant improvement over tradi-
tional approaches. It not only ensures greater accuracy and
efficiency in the detection of network intrusions but also
underscores the innovative and robust nature of the proposed
algorithm in addressing complex cybersecurity challenges.
The multiclass classification of KDD99 dataset by using
proposed LR_RF algorithm is described in table 5.
The comparison of experimental results over KDD99
dataset is shown below in figure (8) and (9).
The result of multiclass classification over four different
attack classes of the NSLKDD dataset is explored below in
table 6.
The comparison between different machine learning algo-
rithms and proposed algorithm over four attack classes of
NSLKDD dataset is shown in the figures (10) & (11).
In deploying hybrid models combining Logistic Regres-
sion and Random Forest for Intrusion Detection Systems
(IDS), practical considerations such as computational costs
and real-time applicability need to be addressed. Random
Forest typically demands more computational resources and
training time, especially with large datasets or numerous
142729

TABLE 5. Classification of KDD99 dataset.
FIGURE 8. Comparison over the KDD99 dataset.
FIGURE 9. Comparison of accuracy of the models.
decision trees. Grid search, commonly used for hyperpa-
rameter tuning, further escalates computational expenses.
Hybrid Logistic Regression and Random Forest models aim
to strike a balance between model complexity, computational
142730
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
TABLE 6. Classification of NSLKDD dataset.
FIGURE 10. Comparison over the NDSLKDD dataset.
FIGURE 11. Comparison of accuracy of the models.
costs, and performance. By amalgamating the strengths of
both approaches and mitigating their weaknesses, these mod-
els strive for an optimal compromise. Such hybrid models
can leverage Random Forest’s higher predictive accuracy
while harnessing Logistic Regression’s real-time capabilities
VOLUME 12, 2024
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
for swift decision-making, particularly in scenarios where
computational resources are limited [47].
VII. CONCLUSION
In summary, the experiments conducted with the KDD99 and
NSLKDD datasets, combined with PCA for dimensionality
reduction, confirm the efficacy of ML techniques in intru-
sion detection. Through the use of hybrid machine learning
methods, the study effectively tackles challenges posed by
attack types with high prediction rates across diverse eval-
uation criteria. These findings underscore the importance
of flexible and resilient intrusion detection approaches in
the face of constantly evolving cyber threats. The suggested
method, which integrates PCA for dimensionality reduction
and hybrid machine learning techniques, surpasses alternative
algorithms in both binary and multi-class classification sce-
narios. Looking ahead, future research efforts will focus on
advancing intrusion detection capabilities by leveraging deep
learning methods. These methods have the potential to further
enhance the accuracy and efficiency of IDS by automatically
learning intricate patterns and representations from the data.
By exploring deep learning approaches, our aim is to develop
even more effective and reliable security solutions capable of
addressing the evolving landscape of cyber threats.
REFERENCES
[1] R. D. Ravipati and M. Abualkibash, ‘‘Intrusion detection system clas-
sification using different machine learning algorithms on KDD-99 and
NSL-KDD datasets—A review paper,’’ Int. J. Comput. Sci. Inf. Technol.,
vol. 11, pp. 1–16, Jun. 2019, doi: 10.2139/ssrn.3428211.
[2] S. Ganesan, G. Shanmugaraj, and A. Indumathi, ‘‘A survey of data mining
and machine learning-based intrusion detection system for cyber security,’’
in Risk Detection and Cyber Security for the Success of Contemporary
Computing, 2023, pp. 52–74, doi: 10.4018/978-1-6684-9317-5.ch004.
[3] K. Ashok and S. Gopikrishnan, ‘‘Statistical analysis of remote health
monitoring based IoT security models & deployments from a prag-
matic perspective,’’ IEEE Access, vol. 11, pp. 2621–2651, 2023, doi:
10.1109/ACCESS.2023.3234632.
[4] M. Rampavan and E. P. Ijjina, ‘‘Genetic brake-net: Deep learn-
ing based brake light detection for collision avoidance using genetic
algorithm,’’ Knowl.-Based Syst., vol. 264, Mar. 2023, Art. no. 110338, doi:
10.1016/j.knosys.2023.110338.
[5] Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad,
‘‘Network intrusion detection system: A systematic study of machine
learning and deep learning approaches,’’ Trans. Emerg. Telecommun. Tech-
nol., vol. 32, no. 1, p. e4150, Jan. 2021, doi: 10.1002/ett.4150.
[6] L. Cui, Y. Qu, L. Gao, G. Xie, and S. Yu, ‘‘Detecting false data
attacks using machine learning techniques in smart grid: A survey,’’
J. Netw. Comput. Appl., vol. 170, Nov. 2020, Art. no. 102808, doi:
10.1016/j.jnca.2020.102808.
[7] T. Meng, X. Jing, Z. Yan, and W. Pedrycz, ‘‘A survey on machine learn-
ing for data fusion,’’ Inf. Fusion, vol. 57, pp. 115–129, May 2020, doi:
10.1016/j.inffus.2019.12.001.
[8] Ü. Çavuşoğlu, ‘‘A new hybrid approach for intrusion detection using
machine learning methods,’’ Appl. Intell., vol. 49, pp. 2735–2761,
Feb. 2019. [Online]. Available: https://link.springer.com/article/
10.1007/s10489-018-01408-x
[9] L. Li, Y. Yu, S. Bai, Y. Hou, and X. Chen, ‘‘An effective two-
step intrusion detection approach based on binary classification
and k-NN,’’ IEEE Access, vol. 6, pp. 12060–12073, 2018, doi:
10.1109/ACCESS.2017.2787719.
[10] Y. A. Al-Khassawneh, ‘‘An investigation of the Intrusion detection system
for the NSL-KDD dataset using machine-learning algorithms,’’ in Proc.
IEEE Int. Conf. Electro Inf. Technol. (eIT), May 2023, pp. 518–523, doi:
10.1109/eIT57321.2023.10187360.
VOLUME 12, 2024
[11] G. S. Fuhnwi, M. Revelle, and C. Izurieta, ‘‘Improving network intrusion
detection performance: An empirical evaluation using extreme gradi-
ent boosting (XGBoost) with recursive feature elimination,’’ in Proc.
IEEE 3rd Int. Conf. AI Cybersecur. (ICAIC), Feb. 2024, pp. 1–8, doi:
10.1109/ICAIC60265.2024.10433805.
[12] A. D. Vibhute, C. H. Patil, A. V. Mane, and K. V. Kale, ‘‘Towards detection
of network anomalies using machine learning algorithms on the NSL-
KDD benchmark datasets,’’ Proc. Comput. Sci., vol. 233, pp. 960–969,
Jan. 2024, doi: 10.1016/j.procs.2024.03.285.
[13] A. Shehadeh, H. ALTaweel, and A. Qusef, ‘‘Analysis of data mining
techniques on KDD-cup’99, NSL-KDD and UNSW-NB15 datasets for
intrusion detection,’’ in Proc. 24th Int. Arab Conf. Inf. Technol. (ACIT),
Dec. 2023, pp. 1–6, doi: 10.1109/ACIT58888.2023.10453884.
[14] T. Mehmood and H. B. Md Rais, ‘‘Machine learning algorithms
in context of intrusion detection,’’ in Proc. 3rd Int. Conf.
Comput. Inf. Sci. (ICCOINS), Aug. 2016, pp. 369–373, doi:
10.1109/ICCOINS.2016.7783243.
[15] N. A. Solekha, ‘‘Analysis of NSL-KDD dataset for classification of attacks
based on intrusion detection system using binary logistics and multinomial
logistics,’’ Seminar Nasional Off. Statist., vol. 2022, no. 1, pp. 507–520,
Nov. 2022, doi: 10.34123/semnasoffstat.v2022i1.1138.
[16] S. K. Mehak, Z. Rasheed, N. A. Ibupoto, and S. Ashraf, ‘‘Machine
learning algorithms for prediction of thyroid syndrome at initial stages
in females,’’ Kurdish Stud., vol. 12, no. 5, pp. 466–470, Jul. 2024, doi:
10.53555/ks.v12i5.3247.
[17] N. Wattanapongsakorn, S. Srakaew, E. Wonghirunsombat,
C. Sribavonmongkol, T. Junhom, P. Jongsubsook, and C. Charnsripinyo,
‘‘A practical network-based intrusion detection and prevention system,’’
in Proc. IEEE 11th Int. Conf. Trust, Secur. Privacy Comput. Commun.,
Jun. 2012, pp. 209–214, doi: 10.1109/TRUSTCOM.2012.46.
[18] T. Alves, R. Das, and T. Morris, ‘‘Embedding encryption and machine
learning intrusion prevention systems on programmable logic controllers,’’
IEEE Embedded Syst. Lett., vol. 10, no. 3, pp. 99–102, Sep. 2018, doi:
10.1109/LES.2018.2823906.
[19] S. A. Repalle and V. R. Kolluru, ‘‘Intrusion detection system
using AI and machine learning algorithm,’’ Int. Res. J. Eng.
Technol., vol. 4, no. 12, pp. 1709–1715, 2017. [Online]. Available:
https://d1wqtxts1xzle7.cloudfront.net/55496979/IRJET-V4I12314
[20] N. K. Trivedi, R. G. Tiwari, A. K. Agarwal, and V. Gautam, ‘‘A detailed
investigation and analysis of using machine learning techniques for thyroid
diagnosis,’’ in Proc. Int. Conf. Emerg. Smart Comput. Informat. (ESCI),
Mar. 2023, pp. 1–5, doi: 10.1109/ESCI56872.2023.10099542.
[21] K. A. Taher, B. Mohammed Yasin Jisan, and Md. M. Rahman, ‘‘Network
intrusion detection using supervised machine learning technique with fea-
ture selection,’’ in Proc. Int. Conf. Robot., Elect. Signal Process. Techn.
(ICREST), Jan. 2019, pp. 643–646, doi: 10.1109/ICREST.2019.8644161.
[22] K. Shaukat, S. Luo, V. Varadharajan, I. Hameed, S. Chen, D. Liu, and
J. Li, ‘‘Performance comparison and current challenges of using machine
learning techniques in cybersecurity,’’ Energies, vol. 13, no. 10, p. 2509,
May 2020, doi: 10.3390/en13102509.
[23] S. A. R. Shah and B. Issac, ‘‘Performance comparison of intrusion
detection systems and application of machine learning to snort system,’’
Future Gener. Comput. Syst., vol. 80, pp. 157–170, Mar. 2018, doi:
10.1016/j.future.2017.10.016.
[24] W. Seo and W. Pak, ‘‘Real-time network intrusion prevention system based
on hybrid machine learning,’’ IEEE Access, vol. 9, pp. 46386–46397, 2021,
doi: 10.1109/ACCESS.2021.3066620.
[25] J. Ribeiro, F. B. Saghezchi, G. Mantas, J. Rodriguez, and
R. A. Abd-Alhameed, ‘‘HIDROID: Prototyping a behavioral host-based
intrusion detection and prevention system for Android,’’ IEEE Access,
vol. 8, pp. 23154–23168, 2020, doi: 10.1109/ACCESS.2020.2969626.
[26] M. A. Al-Naeem, ‘‘Prediction of re-occurrences of spoofed ACK
packets sent to deflate a target wireless sensor network node
by DDOS,’’ IEEE Access, vol. 9, pp. 87070–87078, 2021, doi:
10.1109/ACCESS.2021.3089683.
[27] A. H. Azizan, S. A. Mostafa, A. Mustapha, C. F. M. Foozy,
M. H. A. Wahab, M. A. Mohammed, and B. A. Khalaf, ‘‘A machine learn-
ing approach for improving the performance of network intrusion detection
systems,’’ Ann. Emerg. Technol. Comput., vol. 5, no. 5, pp. 201–208,
Mar. 2021, doi: 10.33166/aetic.2021.05.025.
[28] S. Asiri, Y. Xiao, S. Alzahrani, S. Li, and T. Li, ‘‘A survey of intelligent
detection designs of HTML URL phishing attacks,’’ IEEE Access, vol. 11,
pp. 6421–6443, 2023, doi: 10.1109/ACCESS.2023.3237798.
142731

[29] E. N. Crothers, N. Japkowicz, and H. L. Viktor, ‘‘Machine-generated
text: A comprehensive survey of threat models and detection
methods,’’ IEEE Access, vol. 11, pp. 70977–71002, 2023, doi:
10.1109/ACCESS.2023.3294090.
[30] Q. Xiong, C. Yuan, B. He, H. Xiong, and Q. Kong, ‘‘GTRF: A general
deep learning framework for tuples recognition towards supervised, semi-
supervised and unsupervised paradigms,’’ Eng. Appl. Artif. Intell., vol. 124,
Sep. 2023, Art. no. 106500, doi: 10.1016/j.engappai.2023.106500.
[31] S. Mohanty and M. Agarwal, ‘‘Recursive feature selection and intrusion
classification in NSL-KDD dataset using multiple machine learning meth-
ods,’’ in Proc. Int. Conf. Comput., Commun. Learn. Cham, Switzerland:
Springer, 2023, pp. 3–14, doi: 10.1007/978-3-031-56998-2_1.
[32] M. Zakariah, S. A. AlQahtani, A. M. Alawwad, and A. A. Alotaibi,
‘‘Intrusion detection system with customized machine learning tech-
niques for NSL-KDD dataset,’’ Comput., Mater. Continua, vol. 77, no. 3,
pp. 4025–4054, 2023, doi: 10.32604/cmc.2023.043752.
[33] M. Wang, K. Zheng, Y. Yang, and X. Wang, ‘‘An explainable machine
learning framework for intrusion detection systems,’’ IEEE Access, vol. 8,
pp. 73127–73141, 2020, doi: 10.1109/ACCESS.2020.2988359.
[34] S. Neupane, J. Ables, W. Anderson, S. Mittal, S. Rahimi, I. Banicescu,
and M. Seale, ‘‘Explainable intrusion detection systems (X-IDS): A survey
of current methods, challenges, and opportunities,’’ IEEE Access, vol. 10,
pp. 112392–112415, 2022, doi: 10.1109/ACCESS.2022.3216617.
[35] E. K. Boahen, W. Changda, and B.-M. Brunel Elvire, ‘‘Detection of
compromised online social network account with an enhanced Knn,’’
Appl. Artif. Intell., vol. 34, no. 11, pp. 777–791, Sep. 2020, doi:
10.1080/08839514.2020.1782002.
[36] E. K. Boahen, B. E. Bouya-Moko, F. Qamar, and C. Wang, ‘‘A deep learn-
ing approach to online social network account compromisation,’’ IEEE
Trans. Computat. Social Syst., vol. 10, no. 6, pp. 3204–3216, Dec. 2023,
doi: 10.1109/tcss.2022.3199080.
[37] B. Sharma, L. Sharma, C. Lal, and S. Roy, ‘‘Explainable artificial intel-
ligence for intrusion detection in IoT networks: A deep learning based
approach,’’ Expert Syst. Appl., vol. 238, Mar. 2024, Art. no. 121751, doi:
10.1016/j.eswa.2023.121751.
[38] E. K. Boahen, S. A. Frimpong, M. M. Ujakpa, R. N. A. Sosu,
O. Larbi-Siaw, E. Owusu, J. K. Appati, and E. Acheampong, ‘‘A deep
multi-architectural approach for online social network intrusion detection
system,’’ in Proc. IEEE World Conf. Appl. Intell. Comput. (AIC), Jun. 2022,
pp. 919–924, doi: 10.1109/AIC55036.2022.9848865.
[39] H. Attou, A. Guezzaz, S. Benkirane, M. Azrour, and Y. Farhaoui, ‘‘Cloud-
based intrusion detection approach using machine learning techniques,’’
Big Data Mining Anal., vol. 6, no. 3, pp. 311–320, Sep. 2023, doi:
10.26599/BDMA.2022.9020038.
[40] J. P. Bharadiya, ‘‘A tutorial on principal component analysis for dimen-
sionality reduction in machine learning,’’ Int. J. Innov. Sci. Res. Technol.,
vol. 8, no. 5, pp. 2028–2032, 2023. [Online]. Available: https://www.
researchgate.net/profile/Jasmin-Bharadiya-4/publication/371306692
[41] A. Verma and V. Ranga, ‘‘On evaluation of network intrusion
detection systems: Statistical analysis of CIDDS-001 dataset using
machine learning techniques,’’ Authorea Preprints, 2023, doi:
10.36227/techrxiv.11454276.v1.
[42] P. Dini, A. Elhanashi, A. Begni, S. Saponara, Q. Zheng, and K. Gasmi,
‘‘Overview on intrusion detection systems design exploiting machine
learning for networking cybersecurity,’’ Appl. Sci., vol. 13, no. 13, p. 7507,
Jun. 2023, doi: 10.3390/app13137507.
142732
M. Sannigrahi, R. Thandeeswaran: Predictive Analysis of Network-Based Attacks
[43] A. Shokeen, N. Yadav, and V. Sisaudia, ‘‘Performance analysis of different
machine learning algorithms for intrusion detection on KDD-CUP-99
dataset,’’ in Proc. AIP Conf., 2024, vol. 3072, no. 1, Art. no. 020010,
doi: 10.1063/5.0203394
[44] S. M. Kasongo, ‘‘A deep learning technique for intrusion detection system
using a recurrent neural networks based framework,’’ Comput. Commun.,
vol. 199, pp. 113–125, Feb. 2023, doi: 10.1016/j.comcom.2022.12.010.
[45] A. O. Alzahrani and M. J. F. Alenazi, ‘‘ML-IDSDN: Machine learning
based intrusion detection system for software-defined network,’’ Concur-
rency Comput., Pract. Exper., vol. 35, no. 1, p. e7438, Jan. 2023, doi:
10.1002/cpe.7438.
[46] K. Johnson Singh, D. Maisnam, and U. S. Chanu, ‘‘Intrusion detection sys-
tem with SVM and ensemble learning algorithms,’’ Social Netw. Comput.
Sci., vol. 4, no. 5, p. 517, Jul. 2023, doi: 10.1007/s42979-023-01954-3.
[47] S. Ahmadi, ‘‘Network intrusion detection in cloud environments: A com-
parative analysis of approaches,’’ Int. J. Adv. Comput. Sci. Appl., vol. 15,
no. 3, pp. 1–9, 2024, doi: 10.14569/IJACSA.2024.0150301.
MANISANKAR SANNIGRAHI received the
M.Tech. degree in computer science and infor-
mation security from the Kalinga Institute of
Industrial Technology, Bhubaneswar, Odisha,
India, in 2020. He is currently pursuing the Ph.D.
degree with the School of Computer Engineer-
ing and Information Systems, Vellore Institute of
Technology, Vellore, India. His research interests
include machine learning, network security, and
cryptography.
R. THANDEESWARAN received the B.E.,
M.Tech., and Ph.D. degrees from Vellore Institute
of Technology, Vellore. He is currently a Professor
with the School of Computer Engineering and
Information Systems, Vellore Institute of Tech-
nology. He has 25 years of teaching experience
and expertise in computer and communication
networks, data and information security, network
protocols, traffic analysis, and the IoT security
domains. He has published 27 research articles in
SCI, Scopus, and highly reputed journals, and also published several books
and completed a funded project by the Government of India. He is a member
of CSI and the Soft Computing Research Society.
VOLUME 12, 2024