AI-Powered Network Intrusion Detection System (NIDS): An Intelligent Machine Learning Framework for Real-Time Network Threat Detection
Ayushi Srivastava
Scholar, Department of Computer Science & Engineering, Shri Ramswaroop Memorial University, Deva Road, Lucknow
Avais Khan
Scholar, Department of Computer Science & Engineering, Shri Ramswaroop Memorial University, Deva Road, Lucknow
Harshit Chaurasia
Scholar, Department of Computer Science & Engineering, Shri Ramswaroop Memorial University, Deva Road, Lucknow
Homa Rizvi
Assistant Professor, Department of Computer Science & Engineering, Shri Ramswaroop Memorial University, Deva Road, Lucknow
📌 DOI: https://doi.org/10.63920/tjths.52020
🔑 Keywords: Honeypot, intent analysis, machine learning, remote shell access, threat detection.
📅 Publication Date: 17 April 2026
📜 License:
This work is licensed under a Creative Commons Attribution 4.0 International License
- Share — Copy and Redistribute the material
- Adapt — Remix, Transform, and build upon the material
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Abstract:
With the rapid growth of internet services, cloud computing, and interconnected devices, cybersecurity threats have increased dramatically. Organizations today face numerous network attacks such as Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), malware injection, phishing, and brute-force attacks. The proposed framework demonstrates how artificial intelligence can significantly enhance modern cybersecurity systems by enabling intelligent and adaptive threat detection. The work develops a network threat detection system, AI@NTDS, that uses the behavioral features of attackers and intelligent techniques. The proposed AI@NTDS system combines data analysis, feature extraction, and feature evaluation to construct a detection model, which supports a more straightforward strategy by which the operating system or its operators can defend against network attacks. The Linux system interaction information of SSH (Secure Shell) and Telnet are obtained from the Cowrie Honeypot and labeled according to Enterprise Tactics of MITRE ATT&CK to ensure dataset credibility. The proposed AI@NTDS system has three levels, depending on the attacker’s attacks and the user’s risk of damage. Fiftytwo features are used to detect the network threat level. AI-based algorithms LightGBM, Random Forest and the K-NN algorithm are used to verify the identification of the custom features. Finally, the detection model that is trained using the best combination of features is used to predict the test dataset. The accuracy of the proposed AI@NTDS system reaches 99%, 95.66%, and 94.08% with the LightGBM, Random Forest, and K-NN algorithms, respectively. The mutual dependencies of features and network threats are evaluated. Results of a performance analysis reveal that the proposed AI@NTDS system has an accuracy of 99.20% and an F1-score of 99.80%. It is superior to existing detection mechanisms, which it outperforms by 4% and 1% in accuracy and F1-score, respectively
Download Full PDF Paper
📖 How to Cite
Ayushi S., Avais K., Harshit C. and Homa R. (2026). AI-Powered Network Intrusion Detection System (NIDS): An Intelligent Machine Learning Framework for Real-Time Network Threat Detection. TEJAS J. Technol. Humanit. Sci.,, Vol. 05, Issue 02. https://doi.org/10.63920/tjths.52020
📊 Article Metrics
References
[1] Profit From Tech, “The ultimate list of Internet of Things statistics for 2021,” Accessed: Mar. 7, 2021. [Online]. Available: Website
[2] Venafi, “Secure shell (SSH) security, vulnerabilities and exploitation,” Accessed: Apr. 19, 2022. [Online]. Available: Website
[3] Fraunhofer, “Kaiji (malware family),” Accessed: Apr. 19, 2022. [Online]. Available: Malpedia Link
[4] D. Fraunholz, M. Zimmermann, A. Hafner, and H. D. Schotten, “Data mining in long-term honeypot data,” in Proc. IEEE Int. Conf. Data Mining Workshops (ICDMW), Nov. 2017, pp. 649–656.
[5] A. Kyriakou and N. Sklavos, “Container-based honeypot deployment for the analysis of malicious activity,” in Proc. Global Information Infrastructure and Networking Symposium (GIIS), Oct. 2018, pp. 1–4.
[6] S. Kumar, B. Janet, and R. Eswari, “Multi-platform honeypot for generation of cyber threat intelligence,” in Proc. 9th IEEE Int. Conf. Advanced Computing, Dec. 2019, pp. 25–29.
[7] J. M. Pittman, K. Hoffpauir, and N. Markle, “Primer—A tool for testing honeypot measures of effectiveness,” arXiv:2011.00582, 2020.
[8] E. Kheirkhah, S. M. P. Amin, H. A. J. Sistani, and H. Acharya, “An experimental study of SSH attacks using honeypot decoys,” Indian Journal of Science and Technology, vol. 6, no. 12, pp. 1–12, Dec. 2013.