Random Forest-Based NIDS: Advancing Network Threat Detection | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Random Forest-Based NIDS: Advancing Network Threat Detection M. Saeed Darweesh, Mohammed Tarek Abdelaziz, Abdelrahman Radwan, and 6 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4737281/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 22 Oct, 2024 Read the published version in Journal of Network and Systems Management → Version 1 posted 11 You are reading this latest preprint version Abstract Network Intrusion Detection Systems (NIDS) are critical for protecting computer networks from unauthorized activities. Traditional NIDS rely on rule-based signatures, which can be limiting in detecting emerging threats. This study investigates the effectiveness of the random forest classifier in advancing NIDS capabilities through machine learning. Using the CICIDS-2017 dataset, the data is preprocessed to enhance its quality by removing redundancies. The methodology involves rigorous testing and analysis of the random forest classifier's performance, focusing on accuracy and detection rates compared to other machine learning models. Results demonstrate that by optimizing class weights and leveraging 15 key features, the random forest classifier achieves an outstanding 99.8% accuracy across various attack types. This research highlights the potential of machine learning to significantly enhance NIDS effectiveness, offering a robust defense mechanism against evolving cybersecurity threats in modern networks. NIDS CICIDS-2017 CyberSecurity Random Forest Rule-based Signatures Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 22 Oct, 2024 Read the published version in Journal of Network and Systems Management → Version 1 posted Editorial decision: Revision requested 21 Aug, 2024 Reviews received at journal 16 Aug, 2024 Reviews received at journal 15 Aug, 2024 Reviews received at journal 15 Aug, 2024 Reviewers agreed at journal 07 Aug, 2024 Reviewers agreed at journal 06 Aug, 2024 Reviewers agreed at journal 05 Aug, 2024 Reviewers invited by journal 05 Aug, 2024 Editor assigned by journal 23 Jul, 2024 Submission checks completed at journal 14 Jul, 2024 First submitted to journal 14 Jul, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4737281","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":336677562,"identity":"5969fadd-5809-489b-aac8-578d96dcd339","order_by":0,"name":"M. Saeed Darweesh","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA3ElEQVRIiWNgGAWjYFCCBAhlwN4AophJ0cJzgGQtEglEatFtT372mafCxt5c8u0xCYYK68QG9vYLeLWYnXlmPJvnTFriztl5aRIMZ9ITG3jOFODXciPBmDm37XCCwe0cMwnGtsOJDRI5CQS0pH9mzv33397g5hmgln9ALfJvCGnJAdrScIBxww0eoJYGkC3sBwj45U0x859jyYkbzuQYWyQcSzdu48nBq4PB7Hj6ZsYZNXb2BsfPGN74UGMt289+/AF+PSgA5Ak2Bh4DErRAADsptoyCUTAKRsEIAAC9vkiDx4AvAgAAAABJRU5ErkJggg==","orcid":"","institution":"Nile University","correspondingAuthor":true,"prefix":"","firstName":"M.","middleName":"Saeed","lastName":"Darweesh","suffix":""},{"id":336677563,"identity":"2d64fc83-c4a6-4c4b-bec8-56a465f84abd","order_by":1,"name":"Mohammed Tarek Abdelaziz","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Mohammed","middleName":"Tarek","lastName":"Abdelaziz","suffix":""},{"id":336677565,"identity":"e54bd413-5351-4c17-a3ea-273f903eef90","order_by":2,"name":"Abdelrahman Radwan","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Abdelrahman","middleName":"","lastName":"Radwan","suffix":""},{"id":336677568,"identity":"776d153e-25ba-46d6-b433-1e923554d2ea","order_by":3,"name":"Hesham Mamdouh","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Hesham","middleName":"","lastName":"Mamdouh","suffix":""},{"id":336677569,"identity":"e190a412-7204-44e4-8024-0e3040c3038a","order_by":4,"name":"Adel Saeed Saad","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Adel","middleName":"Saeed","lastName":"Saad","suffix":""},{"id":336677571,"identity":"933de331-c0d7-4dd7-9246-8dfacca790c4","order_by":5,"name":"Abdulrahman Salem Abuzaid","email":"","orcid":"","institution":"Helwan University","correspondingAuthor":false,"prefix":"","firstName":"Abdulrahman","middleName":"Salem","lastName":"Abuzaid","suffix":""},{"id":336677573,"identity":"41eceb8a-0b49-4396-9ae8-f06018500116","order_by":6,"name":"Ahmed Ayman AbdElhakeem","email":"","orcid":"","institution":"Benha University","correspondingAuthor":false,"prefix":"","firstName":"Ahmed","middleName":"Ayman","lastName":"AbdElhakeem","suffix":""},{"id":336677575,"identity":"4fcf65bb-6ca1-4e48-b90f-221c39df4fc7","order_by":7,"name":"Salma Zakzouk","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Salma","middleName":"","lastName":"Zakzouk","suffix":""},{"id":336677576,"identity":"87d44048-3d43-453c-ae00-10c0185977b8","order_by":8,"name":"Kareem Moussa","email":"","orcid":"","institution":"Nile University","correspondingAuthor":false,"prefix":"","firstName":"Kareem","middleName":"","lastName":"Moussa","suffix":""}],"badges":[],"createdAt":"2024-07-14 06:30:08","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4737281/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4737281/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s10922-024-09874-0","type":"published","date":"2024-10-22T15:57:41+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":67681901,"identity":"99378820-e628-4294-9b53-5b5119917566","added_by":"auto","created_at":"2024-10-28 16:11:05","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":6238474,"visible":true,"origin":"","legend":"","description":"","filename":"RandomForestBasedNIDSAdvancingNetworkThreatDetection.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4737281/v1_covered_5d6a4ad7-356a-4a67-b86e-ff22e2716d92.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Random Forest-Based NIDS: Advancing Network Threat Detection","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"journal-of-network-and-systems-management","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jons","sideBox":"Learn more about [Journal of Network and Systems Management](http://link.springer.com/journal/10922)","snPcode":"10922","submissionUrl":"https://submission.nature.com/new-submission/10922/3","title":"Journal of Network and Systems Management","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"NIDS, CICIDS-2017, CyberSecurity, Random Forest, Rule-based, Signatures","lastPublishedDoi":"10.21203/rs.3.rs-4737281/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4737281/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Network Intrusion Detection Systems (NIDS) are critical for protecting computer networks from unauthorized activities. Traditional NIDS rely on rule-based signatures, which can be limiting in detecting emerging threats. This study investigates the effectiveness of the random forest classifier in advancing NIDS capabilities through machine learning. Using the CICIDS-2017 dataset, the data is preprocessed to enhance its quality by removing redundancies. The methodology involves rigorous testing and analysis of the random forest classifier's performance, focusing on accuracy and detection rates compared to other machine learning models. Results demonstrate that by optimizing class weights and leveraging 15 key features, the random forest classifier achieves an outstanding 99.8% accuracy across various attack types. This research highlights the potential of machine learning to significantly enhance NIDS effectiveness, offering a robust defense mechanism against evolving cybersecurity threats in modern networks.","manuscriptTitle":"Random Forest-Based NIDS: Advancing Network Threat Detection","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-08-07 06:24:42","doi":"10.21203/rs.3.rs-4737281/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-08-21T12:21:58+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-08-16T22:11:23+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-08-15T14:38:45+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-08-15T07:10:40+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"121177220187044890067418827661072393728","date":"2024-08-07T12:16:12+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"280518613210002773858806606287326088948","date":"2024-08-06T11:48:50+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"248228612381185758440867693671014611744","date":"2024-08-05T16:19:34+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-08-05T13:43:59+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-07-23T13:33:39+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-07-14T06:33:18+00:00","index":"","fulltext":""},{"type":"submitted","content":"Journal of Network and Systems Management","date":"2024-07-14T06:28:50+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"journal-of-network-and-systems-management","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jons","sideBox":"Learn more about [Journal of Network and Systems Management](http://link.springer.com/journal/10922)","snPcode":"10922","submissionUrl":"https://submission.nature.com/new-submission/10922/3","title":"Journal of Network and Systems Management","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"8aa6a5b4-3175-4e96-91ef-60077e704cb9","owner":[],"postedDate":"August 7th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2024-10-28T16:02:37+00:00","versionOfRecord":{"articleIdentity":"rs-4737281","link":"https://doi.org/10.1007/s10922-024-09874-0","journal":{"identity":"journal-of-network-and-systems-management","isVorOnly":false,"title":"Journal of Network and Systems Management"},"publishedOn":"2024-10-22 15:57:41","publishedOnDateReadable":"October 22nd, 2024"},"versionCreatedAt":"2024-08-07 06:24:42","video":"","vorDoi":"10.1007/s10922-024-09874-0","vorDoiUrl":"https://doi.org/10.1007/s10922-024-09874-0","workflowStages":[]},"version":"v1","identity":"rs-4737281","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4737281","identity":"rs-4737281","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.