Anomaly Based Network Intrusion Detection Using Autoencoders

Authors

  • Ali Hussein Alsaroah Department Of Cybersecurity Technical Engineering ALSHARQ College of Specialized Technical Science, Bsarah, Iraq.

DOI:

https://doi.org/10.29304/jqcsm.2026.18.12540

Keywords:

Anomaly-based Intrusion Detection, Autoencoder, Isolation Forest, Ensemble Learning, Reconstruction Error, Network Security, Deep Learning.

Abstract

Network intrusion detection helps to prevent cyber-attacks on the current networks. Classical signature-based approaches cannot identify new attacks, which drives application of the anomaly-based ones. This paper suggests a composite framework of anomaly detection, which combines autoencoder, latent-space Isolation Forest, and weighted ensemble, which is specifically implemented to the NSL-KDD dataset. The autoencoder is only trained on mainstream traffic to be able to grasp the distribution of benign traffic, and anomaly scoring is used by calculating reconstruction errors. Latent-space representations are additionally analyzed using an Isolation Forest to increase the distinction between aberrant designs. The best weighting program is adjusted according to a validation set and the ultimate threshold is selected based on Youdens J statistic to adjust the false positive and true positive. As the experimental findings demonstrate, the proposed ensemble method provides the accuracy of 95.53 percent, the macro F1-score (0.9551), and the ROC-AUC (0.9867), which is remarkably better in detecting the objects than the solo-model autoencoder methodologies. The paper verifies that deep representation learning coupled with ensemble-based scoring is effective in terms of network intrusion detection.

Downloads

Download data is not yet available.

References

Abdulganiyu, Oluwadamilare Harazeem, Taha Ait Tchakoucht, and Yakub Kayode Saheed. "A systematic literature review for network intrusion detection system (IDS)." International journal of information security 22.5 (2023): 1125-1162.‏

Chou, Dylan, and Meng Jiang. "A survey on data-driven network intrusion detection." ACM Computing Surveys (CSUR) 54.9 (2021): 1-36.‏

Farrukh, Yasir Ali, et al. "Ais-nids: An intelligent and self-sustaining network intrusion detection system." Computers & Security 144 (2024): 103982..‏

Yang, Zhen, et al. "A systematic literature review of methods and datasets for anomaly-based network intrusion detection." Computers & Security 116 (2022): 102675.‏

Shi, Shuxin, Dezhi Han, and Mingming Cui. "A multimodal hybrid parallel network intrusion detection model." Connection Science 35.1 (2023): 2227780.‏

Ortega-Fernandez, Ines, et al. "Network intrusion detection system for DDoS attacks in ICS using deep autoencoders." Wireless Networks 30.6 (2024): 5059-5075.‏

Song Y, Hyun S, Cheong Y-G. Analysis of Autoencoders for Network Intrusion Detection. Sensors. 2021; 21(13):4294. https://doi.org/10.3390/s21134294

Manjunatha, B.A., Shastry, K.A., Naresh, E. et al. A network intrusion detection framework on sparse deep denoising auto-encoder for dimensionality reduction. Soft Comput 28, 4503–4517 (2024). https://doi.org/10.1007/s00500-023-09408-x

F. S. Alrayes, M. Zakariah, S. U. Amin, Z. Iqbal Khan and M. Helal, "Intrusion Detection in IoT Systems Using Denoising Autoencoder," in IEEE Access, vol. 12, pp. 122401-122425, 2024, doi: 10.1109/ACCESS.2024.3451726.

Abeer Alalmaie, Priyadarsi Nanda, and Xiangjian He. 2023. Zero Trust Network Intrusion Detection System (NIDS) using Auto Encoder for Attention-based CNN-BiLSTM. In Proceedings of the 2023 Australasian Computer Science Week (ACSW '23). Association for Computing Machinery, New York, NY, USA, 1–9.

W. Xu, J. Jang-Jaccard, A. Singh, Y. Wei and F. Sabrina, "Improving Performance of Autoencoder-Based Network Anomaly Detection on NSL-KDD Dataset," in IEEE Access, vol. 9, pp. 140136-140146, 2021

https://www.unb.ca/cic/datasets/nsl.html

Obi, Jude Chukwura. "A comparative study of several classification metrics and their performances on data." World Journal of Advanced Engineering Technology and Sciences 8.1 (2023): 308-314.‏

St-Aubin, Philippe, and Bruno Agard. "Precision and reliability of forecasts performance metrics." Forecasting 4.4 (2022): 882-903.‏

Sathyanarayanan, S., and B. Roopashri Tantri. "Confusion matrix-based performance evaluation metrics." African Journal of Biomedical Research 27.4S (2024): 4023-4031.‏

Richardson, Eve, et al. "The ROC-AUC accurately assesses imbalanced datasets." Available at SSRN 4655233 (2023).‏

Givnan, Sean, et al. "Anomaly detection using autoencoder reconstruction upon industrial motors." Sensors 22.9 (2022): 3166.‏

Downloads

Published

2026-03-30

How to Cite

Alsaroah, A. H. (2026). Anomaly Based Network Intrusion Detection Using Autoencoders. Journal of Al-Qadisiyah for Computer Science and Mathematics, 18(1), Comp 24–36. https://doi.org/10.29304/jqcsm.2026.18.12540

Issue

Vol. 18 No. 1 (2026): JQCM

Section

Computer Articles

License

Copyright (c) 2026 Ali Hussein Alsaroah

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.