Strengthening Cyber Resilience: Early Detection in Network Intrusion Prevention

Abstract 
Traditional Network Intrusion Detection Systems (NIDSs) based on pattern matching are inherently limited because they can only identify attacks that correspond to predefined signatures. To overcome this shortcoming, Machine Learning–based NIDS (ML-NIDS) have been introduced, with the goal of detecting anomalies by learning and analyzing protocol behavior. Nevertheless, ML-NIDS remain susceptible to previously unseen attacks, much like signature-based systems. This study examines how ML-NIDS learn and demonstrates that attacks operating outside the feature space represented in the training data can bypass detection. As a mitigation strategy, the study proposes early classification of active sessions before they deviate beyond the model’s learned detection boundaries as an effective means of prevention.

Keywords: DecisionTreeclassifier, RandomForestclassifier, XGBoost classifier, AdaBoost classifier, ANN, CNN.