Your new experience awaits. Try the new design now and help us make it even better

ORIGINAL RESEARCH article

Front. Artif. Intell.

Sec. Machine Learning and Artificial Intelligence

Volume 8 - 2025 | doi: 10.3389/frai.2025.1625891

A Deep Learning/Machine Learning Approach for Anomaly Based Network Intrusion Detection

Provisionally accepted
Samia DardouriSamia Dardouri*Reem AlmuhannaReem Almuhanna
  • Department of Computer Science, College of Computing and Information Technology, Shaqra University, Saudi Arabia, shaqra, Saudi Arabia

The final, formatted version of the article will be published soon.

Select one of your emails

You have multiple emails registered with Frontiers:

Notify me on publication

Please enter your email address:

If you already have an account, please login

You don't have a Frontiers account ? You can register here

The increasing complexity and frequency of cybersecurity threats demand advanced detection systems capable of identifying both known and novel attacks. This study presents a hybrid anomaly-based Network Intrusion Detection System (NIDS) that integrates multiple machine learning and deep learning techniques, including XGBoost, Random Forest, Graph Neural Networks (GNN), Long Short-Term Memory (LSTM), and Autoencoders. Trained on a largescale dataset of over 5.6 million network traffic records, the proposed system employs comprehensive preprocessing, feature engineering, and the Synthetic Minority Over-sampling Technique (SMOTE) to address class imbalance. Leveraging a weighted soft-voting ensemble strategy, the model combines individual predictions to improve robustness and generalization. Experimental results demonstrate near-perfect performance with accuracy, precision, recall, and F1-score approaching 100% on the primary dataset, supported by rigorous 5-fold crossvalidation. Furthermore, evaluation on an additional benchmark dataset confirms the model's strong generalizability and robustness across diverse intrusion scenarios. These findings highlight the effectiveness of the proposed hybrid ensemble framework in enhancing intrusion detection capabilities in complex network environments.

Keywords: cybersecurity, Network intrusion detection system, machine learning, deep learning, XGBoost, GNN, Autoencoder, ensemble learning

Received: 16 May 2025; Accepted: 11 Aug 2025.

Copyright: © 2025 Dardouri and Almuhanna. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

* Correspondence: Samia Dardouri, Department of Computer Science, College of Computing and Information Technology, Shaqra University, Saudi Arabia, shaqra, Saudi Arabia

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.

Supplementary Material