Back to projects

Research

Intrusion Detection

Class-imbalance baselines for network intrusion detection · paper under review

Pythonscikit-learnXGBoostSMOTEUNSW-NB15

Role

Researcher

Duration

6 Months

Date

2025 - 2026

Type

Independent Research

Overview

Accuracy is a misleading metric when the attack you care about is 0.07% of the traffic. This study runs an 18-experiment grid: two tasks (binary and multiclass), three models (LR, RF, XGBoost), and three imbalance strategies (none, class weighting, SMOTE). It includes explicit rare-class analysis on Worms and Shellcode, reports macro-F1, ROC-AUC, and G-Mean, and fits preprocessing only on training data to prevent leakage. The resulting paper is under peer review.

Tech Stack

Pythonscikit-learnXGBoostSMOTEUNSW-NB15

Case Study Highlights

The Question

Which class-imbalance strategy actually helps an IDS detect rare attacks, and does the answer change between binary and multiclass settings? Most published results hide this behind aggregate accuracy.

The Method

A fully reproducible experiment framework with fixed seeds, config snapshots, strict train/validation/test separation, and per-class metrics. The pipeline generates radar charts and faceted heatmaps directly from the results.

Key Contributions

  • 18-experiment controlled grid, fully reproducible
  • Rare-class focus: Worms (0.07%), Shellcode (0.65%)
  • Macro-F1, ROC-AUC, G-Mean over raw accuracy
  • Leakage-proof preprocessing pipeline

Outcomes

science

18

Controlled Experiments

article

1

Paper Under Review

replay

100%

Reproducible (Seeded)

Interested in this project?

Reach out for source code walkthroughs or collaboration.