Published September 30, 2025 | Version CC-BY-NC-ND 4.0
Journal article Open

A Robust Hybrid Model Based on ANN and KNN for Multi-Class Network Attack Detection and Classification

Creators

  • 1. Researcher, Department of Cybersecurity, Tashkent University of Information Technologies named after Muhammad alKhwarizmi State University, Tashkent, Uzbekistan.

Contributors

Contact person:

  • 1. Department of Information Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi State University, Tashkent, Uzbekistan.
  • 2. Researcher, Department of Cybersecurity, Tashkent University of Information Technologies named after Muhammad alKhwarizmi State University, Tashkent, Uzbekistan.

Description

Abstract: This paper investigates whether a lightweight hybrid approach, which combines learned representations with instancebased decisions, can improve multi-class intrusion detection under realistic class imbalance conditions. We propose A2K, which uses an Artificial Neural Network (ANN) to learn discriminative embeddings from preprocessed network-flow features and a KNearest Neighbours(KNN) classifier to make final decisions in the ANN’s latent space. The pipeline begins with min–max normalization and a feature selection routine combining mutual information, correlation analysis, and an ANN-wrapper evaluation to retain the most informative, non-redundant predictors. The ANN is a compact feed-forward model (41-d input, two hidden layers with 64 and 32 neurons, softmax output), trained to capture non-linear structures; its 32-d intermediate activations form the embedding for KNN, which exploits neighbourhood structures via Euclidean distances and majority voting. Using the NSL-KDD benchmark, we adopt a 70/30 train–test split and evaluate with Accuracy, Precision, Recall, and F1-score, alongside class-wise analyses and confusion matrices. We compare our results against strong baselines, including SVM, standalone ANN, standalone KNN, and Random Forest, all under the same preprocessing and protocol. Empirically, A2K attains 97.75% accuracy, 96.80% precision, 96.65% recall, and 96.56% F1-score, outperforming SVM (94.25% accuracy), KNN (91.25%), standalone ANN (95.80%), and Random Forest (96.20%). Classwise results demonstrate excellent performance on Normal and DoS traffic, as well as measurable gains on minority classes (U2R and R2L) compared to baselines. However, these categories remain the primary source of residual error, consistent with their rarity. Confusion-matrix patterns indicate that embedding-space distances help refine decision boundaries learned by the ANN, improving separability without heavy computation or extensive retraining. In sum, what we contribute is a modular hybrid for IDS; how we realize it is by late fusing ANN embeddings with KNN neighbourhood evidence after principled preprocessing and feature selection; and why it matters is that this design yields higher overall accuracy and more balanced class detection while preserving simplicity and near real-time feasibility—key properties for deployable network defence.

Files

H111512080825.pdf

Files (699.9 kB)

Name Size Download all
md5:fe7df8bbf74e6b89505a942cb5dab7cb
699.9 kB Preview Download

Additional details

Identifiers

DOI
10.35940/ijies.H1115.12090925
EISSN
2319-9598

Dates

Accepted
2025-09-15
Manuscript received on 30 July 2025 | First Revised Manuscript received on 20 August 2025 | Second Revised Manuscript received on 04 September 2025 | Manuscript Accepted on 15 September 2025 | Manuscript published on 30 September 2025.

References

  • Farnaaz, N. and M. A. Jabbar. Random forest modelling for a network intrusion detection system. Procedia Computer Science 89, 213–217 (2016). DOI: https://doi.org/10.1016/j.procs.2016.06.047
  • Al-Zewairi, M., S. Almajali and M. Ayyash. Unknown security attack detection using shallow and deep ANN classifiers. Electronics 9, 2006 (2020). DOI: https://doi.org/10.3390/electronics9122006
  • Thakkar, A. and R. Lohiya. Attack classification using feature selection techniques: a comparative study. Journal of Ambient Intelligence and Humanized Computing 12, 1249–1266 (2021). DOI: https://doi.org/10.1007/s12652- 020-02167-9.
  • Ioannou, C. and V. Vassiliou. Network attack classification in IoT using support vector machines. Journal of Sensor and Actuator Networks 10(3), 58 (2021). DOI: https://doi.org/10.3390/jsan10030058
  • Singh, K., A. Mahajan and V. Mansotra. 1D-CNN-based model for classification and analysis of network attacks. International Journal of Advanced Computer Science and Applications 12(11), 604–613 (2021). https://thesai.org/Publications/ViewPaper?Volume=12&Issue=11&Co de=IJACSA&SerialNo=69
  • Primartha, A. and I. L. Tama. An efficient intrusion detection system for IoT security using a CNN decision forest. Electronics 12(24), 4953 (2023). DOI: https://doi.org/10.3390/electronics12244953
  • Kalbhor, M., S. Shinde, D. E. Popescu and D. J. Hemanth. Hybridization of deep learning pre-trained models with machine learning classifiers and fuzzy min–max neural network for cervical cancer diagnosis. Diagnostics 13, 1363 (2023). DOI: https://doi.org/10.3390/diagnostics13071363
  • Shone, N., T. N. Ngoc, V. D. Phai and Q. Shi. A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence 2(1), 41–50 (2018). DOI: https://doi.org/10.1109/TETCI.2017.2772792
  • Vinayakumar, R., K. P. Soman and P. Poornachandran. Applying a convolutional neural network for network intrusion detection. In Proc. 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 1222–1228 (2017). DOI: https://doi.org/10.1109/ICACCI.2017.8126027
  • Zhang, J., P. Li, C. Wang and Z. Zhang. A hybrid intrusion detection system based on data preprocessing and a gated recurrent unit network. IEEE Access 7, 64366–64373 (2019). DOI: https://doi.org/10.1109/ACCESS.2019.2917213
  • Alsamhi, S. H., N. S. Rajput and M. S. Ansari. A hybrid deep learning model with KNN for an intrusion detection system. Computers, Materials & Continua 66(3), 2713–2727 (2020). DOI: https://doi.org/10.32604/cmc.2020.012076
  • Oliveira, Nuno, et al. "Intelligent cyber-attack detection and classification for network-based intrusion detection systems."Applied Sciences 11.4 (2021): 1674. https://www.mdpi.com/2076- 3417/11/4/1674
  • Xia, Z., Y. Wang, X. Zhang and Z. Wang. A novel hybrid model based on random forest and deep neural network for network intrusion detection. IEEE Access, vol. 8, pp. 68370–68381 (2020). DOI: https://doi.org/10.1109/ACCESS.2020.2986491
  • Waghmode, P., M. Kanumuri, H. El-Ocla and T. Boyle. An intrusion detection system based on machine learning using a least square support vector machine. Scientific Reports 15, 12066 (2025). DOI: https://doi.org/10.1038/s41598-025-95621-7
  • Bao, H. and J. Gao. Network intrusion detection based on an improved KNN algorithm. Scientific Reports 15, 29842 (2025). DOI: https://doi.org/10.1038/s41598-025-14199-2