Document Type
Article
Source of Publication
Array
Publication Date
7-1-2025
Abstract
Network infrastructure evolution has significantly expanded the attack surface, leading to increasingly complex and sophisticated cybersecurity threats. Traditional rule-based intrusion detection systems (IDS) often fail to detect emerging attack vectors, prompting the need for intelligent, data-driven approaches. This study evaluates and compares the performance of machine learning (ML) and deep learning (DL) models for network intrusion detection. Two publicly available datasets were utilized: a binary-labeled software-defined networking (SDN) dataset and a multiclass industrial control system dataset based on the IEC 60870-5-104 protocol. Preprocessing steps included normalization, label encoding, and a 70:10:20 train-validation-test split. Seven models, Random Forest, Decision Tree, K-Nearest Neighbors, XGBoost, Convolutional Neural Network, Gated Recurrent Unit, and Long Short-Term Memory, were trained and evaluated using precision, recall, and F1-score. The Random Forest model achieved the highest F1-score of 93.57 % on the IEC 60870-5-104 dataset, while XGBoost attained a near-perfect F1-score of 99.97 % on the SDN dataset. These results outperform comparable models in the literature and offer practical insights for selecting effective IDS solutions based on classification type and dataset structure.
DOI Link
ISSN
Volume
26
Disciplines
Computer Sciences
Keywords
Deep learning, Defensive security, Intrusion detection systems, Machine learning
Scopus ID
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Recommended Citation
Alharthi, Ayesha; Alaryani, Meera; and Kaddoura, Sanaa, "A comparative study of machine learning and deep learning models in binary and multiclass classification for intrusion detection systems" (2025). All Works. 7314.
https://zuscholars.zu.ac.ae/works/7314
Indexed in Scopus
yes
Open Access
yes
Open Access Type
Gold: This publication is openly available in an open access journal/series