© 2025 JETIR August 2025, Volume 12, Issue 8 [Link].
org (ISSN-2349-5162)
Machine Learning Approach for Network Intrusion
Detection Systems Using Image Data
1
Km. Esha Singh, 2Prof. (Dr.) Vishal Kohli
1
Research Scholar, Department of CSE, Neelkanth Institute of Technology, Meerut, India
2
Director, Department of CSE, Neelkanth Institute of Technology, Meerut, India
Abstract— This research presents an Artificial Neural Network (ANN) based machine learning approach for enhancing
Network Intrusion Detection Systems (NIDS) by leveraging image data representations of network traffic. By converting
network traffic features into image formats, the ANN model effectively captures complex patterns and anomalies
associated with malicious activities. Experimental results demonstrate that the proposed method achieves high accuracy
and reliable detection rates, outperforming traditional feature-based approaches. This approach offers a novel and
efficient solution to improve cybersecurity by enabling more precise and timely identification of network intrusions.
Keywords— ANN, ML, NIDS, CNN, Image, DL
I. INTRODUCTION
With the rapid growth of internet technologies and the increasing reliance on networked systems, cybersecurity has
become a critical concern for organizations and individuals alike. Network Intrusion Detection Systems (NIDS) play a
vital role in safeguarding networks by monitoring and analyzing network traffic to detect unauthorized access, attacks,
and malicious activities. Traditional intrusion detection methods primarily rely on analyzing raw network traffic data
or handcrafted features extracted from the traffic. However, these conventional techniques often struggle to effectively
detect sophisticated and evolving cyber threats due to the complexity and sheer volume of data.
In recent years, innovative approaches have emerged that leverage advanced machine learning and deep learning
techniques to improve the accuracy and efficiency of intrusion detection. Among these, the use of image data
representations of network traffic has gained significant attention. By converting network traffic features into visual
formats such as images or matrices, researchers can apply powerful image processing and pattern recognition
algorithms to uncover hidden patterns and anomalies that might be difficult to identify in raw numeric data.
The transformation of network traffic data into images enables the use of Artificial Neural Networks (ANN) and
Convolutional Neural Networks (CNN), which excel in image classification tasks. This novel approach leverages the
spatial and temporal correlations within network data, enhancing the detection of various types of intrusions,
including denial-of-service attacks, probing, and malware infiltration. Additionally, image-based methods can reduce
the dependency on manual feature engineering, allowing models to automatically learn the most relevant features for
detecting threats.
Several studies have demonstrated that image-based NIDS can achieve higher detection accuracy and lower false-
positive rates compared to traditional methods. These systems utilize techniques such as converting traffic flow
statistics, payload data, or protocol-specific information into grayscale or colored images. The images capture
distinctive visual signatures of normal and malicious traffic, which the neural networks then classify.
Despite promising results, challenges remain in this domain, including the optimal method for converting network
data into images, managing the large-scale datasets, and ensuring real-time detection capabilities. Furthermore,
integrating image-based NIDS with existing security infrastructure requires careful consideration of computational
costs and system scalability.
The adoption of image-based representations in Network Intrusion Detection Systems also opens new possibilities
for leveraging advances in computer vision and deep learning architectures. Techniques such as transfer learning, data
augmentation, and advanced convolutional layers can be adapted to enhance the learning process, enabling models to
generalize better across different network environments and attack types. Moreover, visualizing network traffic as
images facilitates intuitive exploration and understanding of complex traffic behaviors, which can aid cybersecurity
experts in threat analysis and forensic investigations. As the volume and variety of network traffic grow exponentially
with the proliferation of IoT devices and cloud services, image-based NIDS approaches provide a scalable framework
that can be continuously improved with evolving AI techniques. This intersection of network security and image
analysis thus represents a promising frontier for developing proactive and intelligent defense mechanisms against
increasingly sophisticated cyber-attacks.
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b707
�© 2025 JETIR August 2025, Volume 12, Issue 8 [Link] (ISSN-2349-5162)
II. METHODOLOGY
Figure 1: Flow chart
1. Input Data (KDD Image Dataset - Kaggle)
The process begins with acquiring the KDD image dataset from Kaggle, which serves as the primary source of
input. This dataset represents network traffic data transformed into image format, enabling the application of image-
based machine learning techniques. It contains labeled samples of both normal network behavior and various types of
intrusions, providing a comprehensive foundation for model training and evaluation.
2. Data Preprocessing
Before feeding the data into the model, preprocessing is essential to ensure quality and consistency. This step
involves handling missing or corrupted data entries, cleaning anomalies, and normalizing or scaling features. Proper
preprocessing helps prevent training errors, reduces noise, and improves the model’s ability to learn meaningful
patterns from the data.
3. Gradient Boosting Feature Selection
To enhance model efficiency and accuracy, gradient boosting is applied for feature selection. This technique
identifies and selects the most significant features from the dataset that contribute to distinguishing between normal
and malicious traffic. By reducing irrelevant or redundant features, the model becomes faster, less complex, and less
prone to overfitting.
4. Data Splitting (Training & Testing)
The cleaned and feature-selected data is then split into training and testing sets. The training set is used to teach the
Artificial Neural Network (ANN) model to recognize patterns and classify traffic correctly. The testing set evaluates
the model’s performance on new, unseen data to ensure that it generalizes well and is robust in practical scenarios.
5. Classification Using Artificial Neural Network (ANN)
The core classification is performed using an ANN, which is well-suited for capturing complex nonlinear
relationships in data. The ANN processes the image data to classify network traffic into benign or malicious
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b708
�© 2025 JETIR August 2025, Volume 12, Issue 8 [Link] (ISSN-2349-5162)
categories. Its layered structure allows it to learn intricate patterns associated with various types of intrusions,
enabling accurate detection.
6. Performance Analysis
Finally, the model’s effectiveness is measured using several important metrics:
Accuracy: Percentage of total correct predictions made by the model.
Precision: Ratio of true positive detections to all predicted positives, indicating the reliability of positive
alerts.
Recall: Ratio of true positive detections to all actual positives, reflecting the model’s ability to find all
intrusions.
F1 Measure: Harmonic mean of precision and recall, providing a balanced view of performance considering
both false positives and false negatives.
III. SIMULATION RESULTS
The simulation work is performed using python software-
Figure 2: Dataset
Figure 2 presetns .csv dataset after converting image into text.
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b709
�© 2025 JETIR August 2025, Volume 12, Issue 8 [Link] (ISSN-2349-5162)
Figure 3: Y prediction
Figure 3 displays the resulting y_pred, it contain the predicted values for the test instances.
Figure 4: Confusion matrix
A confusion matrix is a useful tool for evaluating the performance of a classification model, including a neural
network, by comparing predicted labels with the true labels.
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b710
�© 2025 JETIR August 2025, Volume 12, Issue 8 [Link] (ISSN-2349-5162)
Table 1: Result Comparison
Sr No Parameter Previous Work [2] Proposed Work
1 Precision 96.1% 98%
2 Recall 97.5% 98.9%
3 F_Measure 97% 99%
4 Accuracy 98.5% 99.5%
5 Error Rate 1.5% 0.5%
6 Sensitivity 97.5% 98.9%
7 Specificity 97% 99%
This table provides a summary of the work that has been completed in the past as well as the work that is now being
recommended for the parameters of accuracy, classification error, precision, and recall, as well as f measure. In this
section, we are going to compare the previous work with the work that was advised.
IV. CONCLUSION
The integration of Gradient Boosting Feature Selection with an Artificial Neural Network (ANN) provides a robust
approach for intrusion image prediction. Gradient Boosting identifies the most important features, reducing data
dimensionality and improving model efficiency. This helps the ANN focus on relevant data aspects, enhancing
accuracy and reliability. ANNs are effective in learning complex patterns, making them ideal for intrusion detection
tasks. Using selected features, the ANN better distinguishes between normal and malicious images. The method
allows fine-tuning of the network for optimal performance in cybersecurity applications. Compared to previous work,
the proposed approach achieves higher precision (98% vs. 96.1%) and recall (98.9% vs. 97.5%). F-Measure and
accuracy also improve significantly to 99% and 99.5%, respectively. The classification error reduces from 1.5% to
0.5%, while sensitivity and specificity increase notably. These results demonstrate the superior performance and
effectiveness of the hybrid method in detecting network intrusions.
REFERENCES
1. L. Tao and M. Xueqiang, "Hybrid Strategy Improved Sparrow Search Algorithm in the Field of Intrusion
Detection," in IEEE Access, vol. 11, pp. 32134-32151, 2023, doi: 10.1109/ACCESS.2023.3259548.
2. A. Dunmore, J. Jang-Jaccard, F. Sabrina and J. Kwak, "A Comprehensive Survey of Generative Adversarial
Networks (GANs) in Cybersecurity Intrusion Detection," in IEEE Access, vol. 11, pp. 76071-76094, 2023, doi:
10.1109/ACCESS.2023.3296707.
3. C. M. K. Ho, K. -C. Yow, Z. Zhu and S. Aravamuthan, "Network Intrusion Detection via Flow-to-Image
Conversion and Vision Transformer Classification," in IEEE Access, vol. 10, pp. 97780-97793, 2022, doi:
10.1109/ACCESS.2022.3200034.
4. M. A. Siddiqi and W. Pak, "Tier-Based Optimization for Synthesized Network Intrusion Detection System,"
in IEEE Access, vol. 10, pp. 108530-108544, 2022, doi: 10.1109/ACCESS.2022.3213937
5. C. Yue, L. Wang, D. Wang, R. Duo and X. Nie, "An Ensemble Intrusion Detection Method for Train Ethernet
Consist Network Based on CNN and RNN," in IEEE Access, vol. 9, pp. 59527-59539, 2021, doi:
10.1109/ACCESS.2021.3073413.
6. D. Park, S. Kim, H. Kwon, D. Shin and D. Shin, "Host-Based Intrusion Detection Model Using Siamese
Network," in IEEE Access, vol. 9, pp. 76614-76623, 2021, doi: 10.1109/ACCESS.2021.3082160.
7. L. Yang, J. Li, L. Yin, Z. Sun, Y. Zhao and Z. Li, "Real-Time Intrusion Detection in Wireless Network: A Deep
Learning-Based Intelligent Mechanism," in IEEE Access, vol. 8, pp. 170128-170139, 2020,
8. Z. Chen, N. Lv, P. Liu, Y. Fang, K. Chen and W. Pan, "Intrusion Detection for Wireless Edge Networks Based on
Federated Learning," in IEEE Access, vol. 8, pp. 217463-217472, 2020, doi: 10.1109/ACCESS.2020.3041793.
9. W. Alhakami, A. ALharbi, S. Bourouis, R. Alroobaea and N. Bouguila, "Network Anomaly Intrusion Detection
Using a Nonparametric Bayesian Approach and Feature Selection," in IEEE Access, vol. 7, pp. 52181-52190,
2019, doi: 10.1109/ACCESS.2019.2912115.
10. Y. Xiao, C. Xing, T. Zhang and Z. Zhao, "An Intrusion Detection Model Based on Feature Reduction and
Convolutional Neural Networks," in IEEE Access, vol. 7, pp. 42210-42219, 2019, doi:
10.1109/ACCESS.2019.2904620.
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b711
�© 2025 JETIR August 2025, Volume 12, Issue 8 [Link] (ISSN-2349-5162)
11. O. Alkadi, N. Moustafa, B. Turnbull and K. -K. R. Choo, "A Deep Blockchain Framework-Enabled Collaborative
Intrusion Detection for Protecting IoT and Cloud Networks," in IEEE Internet of Things Journal, vol. 8, no. 12,
pp. 9463-9472, 15 June15, 2021, doi: 10.1109/JIOT.2020.2996590.
12. T. Yu, Z. Liu, Y. Liu, H. Wang and N. Adilov, "A New Feature Selection Method for Intrusion Detection System
Dataset – TSDR method," 2020 16th International Conference on Computational Intelligence and Security (CIS),
2020, pp. 362-365, doi: 10.1109/CIS52066.2020.00083.
JETIR2508190 Journal of Emerging Technologies and Innovative Research (JETIR) [Link] b712