Improving Detection Accuracy of Network Intrusions Using a Hybrid Network Intrusion Detection System Based on Isolation Forest and Random Forest Algorithms

Authors

  • Ryan Christensen Wang Informatics, Pradita University, Indonesia
  • Refgiufi Patria Avrianto Informatics, Pradita University, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.6.4694

Keywords:

Hybrid Machine Learning, Isolation Forest, Network Intrusion Detection System (NIDS), Random Forest, Suricata

Abstract

The growing sophistication of cyberattacks has increased the urgency of securing organizational networks, especially those handling sensitive and large-scale data. Traditional intrusion detection systems (IDS) such as Suricata rely on signature-based methods and often fail to detect zero-day or evolving threats. To address this gap, this research proposes a hybrid intrusion detection model that integrates Suricata with machine learning algorithms—Isolation Forest and Random Forest. Suricata performs real-time packet inspection and anomaly filtering, while the machine learning component enhances detection of novel threats and reduces false positives. The methodology involves capturing real-time network traffic, pre-processing data, training models on both CICIDS2017 and simulated attack data, and evaluating performance using accuracy, precision, recall, and F1-score. Experimental results show that the hybrid model achieves high detection accuracy—99.86% on simulated data and 96.33% on the CICIDS2017 dataset. Compared to standalone Suricata, the hybrid model detects more unknown threats and reduces alert fatigue by minimizing false positives. This study contributes a scalable and adaptive IDS framework that combines anomaly- and signature-based detection techniques. The proposed system enhances threat detection capabilities in enterprise-level networks and offers practical implications for intelligent cybersecurity defences. The findings advance research in computer science, particularly in the domains of machine learning applications and network security systems.

Downloads

Download data is not yet available.

References

K. Wong, C. Dillabaugh, N. Seddigh, and B. Nandy, “Enhancing Suricata intrusion detection system for cyber security in SCADA networks,” in 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), IEEE, Apr. 2017, pp. 1–5. doi: 10.1109/CCECE.2017.7946818.

I. Friedberg, F. Skopik, G. Settanni, and R. Fiedler, “Combating advanced persistent threats: From network event correlation to incident detection,” Comput Secur, vol. 48, pp. 35–57, 2015, doi: 10.1016/j.cose.2014.09.006.

C. Fam, “AirAsia allegedly hit with ransomware attack, data of five million passengers and employees reportedly compromised ,” TheStar. Accessed: Dec. 17, 2024. [Online]. Available: https://www.thestar.com.my/tech/tech-news/2022/11/23/airasia-allegedly-hit-with-ransomware-attack-data-of-five-million-passengers-and-employees-reportedly-compromised

B. S. Bari, K. Yelamarthi, and S. Ghafoor, “Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study,” Sensors, vol. 23, no. 7, Apr. 2023, doi: 10.3390/s23073610.

H. Chen, G.-R. You, and Y.-R. Shiue, “Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning,” International Journal of Advanced Computer Science and Applications, vol. 15, no. 2, 2024, doi: 10.14569/IJACSA.2024.0150214.

N. Sahani, R. Zhu, J. H. Cho, and C. C. Liu, “Machine Learning-based Intrusion Detection for Smart Grid Computing: A Survey,” ACM Transactions on Cyber-Physical Systems, vol. 7, no. 2, Apr. 2023, doi: 10.1145/3578366.

S. Praptodiyono, T. Firmansyah, M. H. Anwar, C. A. Wicaksana, A. S. Pramudyo, and A. Al-Allawee, “Development of hybrid intrusion detection system based on Suricata with pfSense method for high reduction of DDoS attacks on IPv6 networks,” Eastern-European Journal of Enterprise Technologies, vol. 5, no. 9 (125), pp. 75–84, Oct. 2023, doi: 10.15587/1729-4061.2023.285275.

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, Dec. 2019, doi: 10.1186/s42400-019-0038-7.

M. A. Al Hilmi and E. Khujaemah, “NETWORK SECURITY MONITORING WITH INTRUSION DETECTION SYSTEM,” Jurnal Teknik Informatika (Jutif), vol. 3, no. 2, pp. 249–253, Apr. 2022, doi: https://doi.org/10.20884/1.jutif.2022.3.2.117.

D. H. K. Raharjo and Muhammad Salman, “ANALYZING SURICATA ALERT DETECTION PERFORMANCE ISSUES BASED ON ACTIVE INDICATOR OF COMPROMISE RULES,” Jurnal Teknik Informatika (Jutif), vol. 4, no. 3, pp. 601–610, Jun. 2023, doi: 10.52436/1.jutif.2023.4.3.1013.

M. Sajid et al., “Enhancing intrusion detection: a hybrid machine and deep learning approach,” Journal of Cloud Computing, vol. 13, no. 1, Dec. 2024, doi: 10.1186/s13677-024-00685-x.

R. Primartha and B. A. Tama, “Anomaly detection using random forest: A performance revisited,” in 2017 International Conference on Data and Software Engineering (ICoDSE), IEEE, Nov. 2017, pp. 1–6. doi: 10.1109/ICODSE.2017.8285847.

Z. Chiba, N. Abghour, K. Moussaid, A. El Omri, and M. Rida, “Newest collaborative and hybrid network intrusion detection framework based on suricata and isolation forest algorithm,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Oct. 2019. doi: 10.1145/3368756.3369061.

P. Veerasingam, S. Abd Razak, A. F. A. Abidin, M. A. Mohamed, and S. D. Mohd Satar, “INTRUSION DETECTION AND PREVENTION SYSTEM IN SME’S LOCAL NETWORK BY USING SURICATA,” Malaysian Journal of Computing and Applied Mathematics, vol. 6, no. 1, pp. 21–30, Mar. 2023, doi: 10.37231/myjcam.2023.6.1.88.

V. I. Sangadji, A. H. Muhammad, and E. Gunawan, “Penerapan Metode Signature Base Berbasis IDS Snort dan IDS Suricata Pada Keamaan Jaringan Laboratorium Komputer.,” Jurnal Teknik Informatika (J-Tifa), vol. 6, no. 1, pp. 18–22, Mar. 2023, doi: 10.52046/j-tifa.v6i2.1678.

D. A. Bhosale and V. M. Mane, “Comparative study and analysis of network intrusion detection tools,” in 2015 International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), IEEE, Oct. 2015, pp. 312–315. doi: 10.1109/ICATCCT.2015.7456901.

A. Gupta and L. Sen Sharma, “Performance Evaluation of Snort and Suricata Intrusion Detection Systems on Ubuntu Server,” 2020, pp. 811–821. doi: 10.1007/978-3-030-29407-6_58.

A. Momand, S. U. Jan, and N. Ramzan, “A Systematic and Comprehensive Survey of Recent Advances in Intrusion Detection Systems Using Machine Learning: Deep Learning, Datasets, and Attack Taxonomy,” 2023, Hindawi Limited. doi: 10.1155/2023/6048087.

S. V. N. Santhosh Kumar, M. Selvi, and A. Kannan, “A Comprehensive Survey on Machine Learning‐Based Intrusion Detection Systems for Secure Communication in Internet of Things,” Comput Intell Neurosci, vol. 2023, no. 1, Jan. 2023, doi: 10.1155/2023/8981988.

M. Tahir, U. Wahyuningsih, M. I. Putra Pratama, and M. A. Effindi, “Development of Network Security Using A Suricata-Based Intrusion Prevention System Againts Distributed Denial of Service,” Innovation in Research of Informatics (Innovatics), vol. 6, no. 2, pp. 41–48, Sep. 2024, doi: 10.37058/innovatics.v6i2.11187.

A. Hussain, F. Aguilo-Gost, E. Simo-Mezquita, E. Marin-Tordera, and X. Massip, “An NIDS for Known and Zero-Day Anomalies,” in 2023 19th International Conference on the Design of Reliable Communication Networks, DRCN 2023, Institute of Electrical and Electronics Engineers Inc., 2023. doi: 10.1109/DRCN57075.2023.10108319.

P. Dini, A. Elhanashi, A. Begni, S. Saponara, Q. Zheng, and K. Gasmi, “Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity,” Jul. 01, 2023, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/app13137507.

A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys and Tutorials, vol. 18, no. 2, pp. 1153–1176, Apr. 2016, doi: 10.1109/COMST.2015.2494502.

R. R. Asaad, “Penetration Testing: Wireless Network Attacks Method on Kali Linux OS,” Academic Journal of Nawroz University, vol. 10, no. 1, pp. 7–12, Feb. 2021, doi: 10.25007/ajnu.v10n1a998.

R. Gelar Guntara, “Pemanfaatan Google Colab Untuk Aplikasi Pendeteksian Masker Wajah Menggunakan Algoritma Deep Learning YOLOv7,” Jurnal Teknologi Dan Sistem Informasi Bisnis, vol. 5, no. 1, pp. 55–60, Feb. 2023, doi: 10.47233/jteksis.v5i1.750.

D. Bekerman, B. Shapira, L. Rokach, and A. Bar, “Unknown malware detection using network traffic classification,” in 2015 IEEE Conference on Communications and Network Security (CNS), IEEE, Sep. 2015, pp. 134–142. doi: 10.1109/CNS.2015.7346821.

F. Zhang, H. A. D. E. Kodituwakku, J. W. Hines, and J. Coble, “Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data,” IEEE Trans Industr Inform, vol. 15, no. 7, pp. 4362–4369, Jul. 2019, doi: 10.1109/TII.2019.2891261.

Additional Files

Published

2025-12-22

How to Cite

[1]
R. C. Wang and R. P. . Avrianto, “Improving Detection Accuracy of Network Intrusions Using a Hybrid Network Intrusion Detection System Based on Isolation Forest and Random Forest Algorithms”, J. Tek. Inform. (JUTIF), vol. 6, no. 6, pp. 5371–5385, Dec. 2025.

Issue

Vol. 6 No. 6 (2025): JUTIF Volume 6, Number 6, Desember 2025

Section

Articles

License

Copyright (c) 2025 Ryan Christensen Wang, Refgiufi Patria Avrianto

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.