A Novel Byte-Level Flow-to-Image Encoding Method for Network Intrusion Detection Systems

Safak Dogan; Xiyu Shi; Zihui Yan; Ziyu Mu

arxiv: 2605.05275 · v1 · submitted 2026-05-06 · 💻 cs.CR

A Novel Byte-Level Flow-to-Image Encoding Method for Network Intrusion Detection Systems

Ziyu Mu , Zihui Yan , Xiyu Shi , Safak Dogan This is my paper

Pith reviewed 2026-05-08 17:08 UTC · model grok-4.3

classification 💻 cs.CR

keywords network intrusion detectionflow-to-image encodingconvolutional neural networksUNSW-NB15NSL-KDDbyte-level encodingRGB image representation

0 comments

The pith

Converting network flow records into fixed-size RGB images via byte-level encoding improves intrusion detection accuracy by up to 15.6 percent on benchmark datasets.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Network intrusion detection systems usually train on one-dimensional tabular flow records that prevent convolutional neural networks from exploiting spatial correlations among features. This paper introduces a deterministic byte-level method that serializes continuous features as IEEE-754 bytes along an inverted-L trajectory and places discrete features as byte values in the image center to produce fixed-size RGB images. When the same four IDS models are retrained on these images instead of the original tables, accuracy rises consistently across binary and multi-class tasks. A sympathetic reader would care because the change requires no new sensors or data collection yet unlocks image-based deep learning techniques for network security.

Core claim

The paper claims that its byte-level flow-to-image encoding, which packs continuous features sequentially into pixels along an inverted-L shaped trajectory and maps discrete features to the center, allows convolutional models to achieve higher detection accuracy on UNSW-NB15 and NSL-KDD datasets compared to using the raw flow records directly.

What carries the argument

The byte-level flow-to-image encoding that serializes continuous features with IEEE-754 single-precision format along an inverted-L trajectory and places discrete features as byte values in the center row to create fixed-size RGB images.

If this is right

Image-based inputs produce accuracy gains of up to 15.6 percent for binary classification and 12.8 percent for multi-class classification on UNSW-NB15.
Smaller but positive gains of up to 3.5 percent binary and 3.2 percent multi-class occur on NSL-KDD.
The encoding remains deterministic and reversible while preserving a fixed spatial layout for every sample.
Four different IDS models demonstrate the improvement, indicating the gain is not limited to one architecture.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same encoding could be applied to other tabular security datasets such as firewall logs or packet captures to test whether CNNs gain similar advantages.
Alternative trajectories or feature orderings might further strengthen the spatial correlations for particular attack categories.
Because the transformation is fixed and reversible, it could be inserted as a preprocessing step in existing IDS pipelines with low overhead.

Load-bearing premise

The chosen spatial layout creates exploitable correlations for convolutional layers that are absent or weaker in the original one-dimensional flow records.

What would settle it

Retraining the same four IDS models on the image-encoded versions of the NSL-KDD and UNSW-NB15 datasets and measuring no accuracy gain or a loss compared with the tabular baselines would falsify the central claim.

Figures

Figures reproduced from arXiv: 2605.05275 by Safak Dogan, Xiyu Shi, Zihui Yan, Ziyu Mu.

**Figure 1.** Figure 1: Illustration of the proposed flow-to-image encoding process in the UNSW-NB15 dataset. Continuous features are serialised and mapped along an view at source ↗

**Figure 2.** Figure 2: Representative 32×32 encoded images generated by the proposed byte-level flow-to-image encoding, showing one sample per category from UNSWNB15 (top row) and NSL-KDD (bottom row). Continuous features are encoded along the inverted-L path, discrete features occupy the centre row, and unused positions are zero-padded (black). IV. EXPERIMENTS A. Dataset Two widely used benchmark datasets are adopted for eval… view at source ↗

read the original abstract

Network-based Intrusion Detection Systems (IDS) are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that converts each network-flow record into a fixed-size RGB image. Continuous features are serialised using IEEE-754 single-precision format and packed sequentially into pixels along an inverted-L shaped trajectory, while discrete features are mapped to byte values and placed contiguously in the middle image row's centre. The encoding is deterministic and reversible, preserving a fixed spatial layout across all samples. Four IDS models are evaluated on NSL-KDD and UNSW-NB15 datasets with both flow and image-based configurations. The image-based representation yields consistent accuracy gains of up to 15.6\% and 12.8\% for binary and multi-classification on UNSW-NB15, and up to 3.5\% and 3.2\% on NSL-KDD, highlighting the potential of byte-level visual encoding to strengthen AI-driven intrusion detection in local computer networks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper shows accuracy gains on two IDS benchmarks by converting flows to images via IEEE-754 byte serialization in an inverted-L layout, but the results do not isolate whether that specific geometry is required or if any 2D reshaping would suffice.

read the letter

The core contribution is a deterministic way to turn each network flow record into a fixed-size RGB image: continuous features get serialized as IEEE-754 single-precision bytes and laid out along an inverted-L trajectory, while discrete features sit as byte values in the center of the middle row. They test four models on NSL-KDD and UNSW-NB15 in both the original tabular form and this image form, and report consistent lifts—up to 15.6% binary and 12.8% multi-class on UNSW-NB15, smaller but still positive on NSL-KDD. The encoding is reversible and keeps a fixed spatial structure, which is a clean, practical step if the numbers hold up under scrutiny. That is the part worth noting: someone who already runs CNNs on security data now has a concrete recipe to try instead of feeding raw vectors. The evaluation uses public datasets and direct side-by-side comparison, so the basic claim is easy to reproduce in principle. The soft spot is the missing isolation. The abstract and reported results do not test against simpler fixed layouts such as row-major raster order or even random byte placement. Without that control, the gains are compatible with the weaker story that any deterministic 2D grid lets convolutional kernels pick up local byte patterns that 1D vectors hide. There are also no error bars, no significance tests, and no training or architecture details supplied, which makes it hard to judge how stable the improvements are. This is the kind of applied paper that matters to people who build or tune intrusion detection tools and want to experiment with image-based representations. A reader already working on tabular-to-image conversions in security or similar domains could pick up the encoding trick and test it quickly. It is not a broad theoretical advance, but the method is described clearly enough that a referee could evaluate it in one pass and ask for the necessary ablations. I would send it to peer review rather than desk-reject; the experiments are on standard benchmarks and the idea is narrow but executable, so referees can decide whether the layout actually adds value once the controls are in place.

Referee Report

2 major / 1 minor

Summary. The manuscript introduces a byte-level flow-to-image encoding that serializes continuous features via IEEE-754 single-precision floats along an inverted-L trajectory and places discrete features as byte values in the central row of a fixed-size RGB image. It evaluates four IDS models on NSL-KDD and UNSW-NB15 in both flow-based and image-based configurations, reporting accuracy gains of up to 15.6% (binary) and 12.8% (multi-class) on UNSW-NB15 and up to 3.5% and 3.2% on NSL-KDD.

Significance. If the gains prove attributable to the specific layout rather than generic 2D reshaping and survive rigorous statistical validation, the method could offer a lightweight, reversible way to enable convolutional architectures on tabular flow data without architectural changes, strengthening CNN-based IDS in network security.

major comments (2)

[Evaluation] Evaluation section: the paper compares only the proposed image encoding against direct flow-vector inputs for the same four models, but provides no ablation against alternative deterministic 2D layouts (row-major raster, column-major, or random fixed permutation of byte positions). This omission is load-bearing for the central claim that the inverted-L trajectory plus center placement induces exploitable spatial correlations; without it the results remain compatible with the weaker hypothesis that any fixed 2D reshaping suffices.
[Experimental results] Experimental results and abstract: accuracy improvements are stated without error bars, confidence intervals, statistical significance tests, model architecture details, hyperparameter settings, training protocol, or cross-validation procedure. These omissions prevent assessment of whether the reported gains (e.g., 15.6% binary on UNSW-NB15) are reproducible or statistically meaningful.

minor comments (1)

[Abstract] The abstract refers to 'four IDS models' without naming them; the methods section should explicitly list the architectures and any preprocessing steps applied to the flow records.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments on our manuscript. We address each major comment point by point below and commit to revisions that will strengthen the evaluation and experimental reporting.

read point-by-point responses

Referee: [Evaluation] Evaluation section: the paper compares only the proposed image encoding against direct flow-vector inputs for the same four models, but provides no ablation against alternative deterministic 2D layouts (row-major raster, column-major, or random fixed permutation of byte positions). This omission is load-bearing for the central claim that the inverted-L trajectory plus center placement induces exploitable spatial correlations; without it the results remain compatible with the weaker hypothesis that any fixed 2D reshaping suffices.

Authors: We agree that the absence of ablations on alternative deterministic 2D layouts limits the strength of our claim regarding the specific benefits of the inverted-L trajectory and central placement. The current experiments focus on image-based versus native flow-vector inputs but do not isolate the contribution of our layout choice. In the revised manuscript we will add a dedicated ablation study comparing the proposed encoding against row-major rasterization, column-major ordering, and random fixed byte permutations while keeping all other factors identical. This will allow us to demonstrate whether the chosen spatial arrangement provides measurable gains beyond generic 2D reshaping. revision: yes
Referee: [Experimental results] Experimental results and abstract: accuracy improvements are stated without error bars, confidence intervals, statistical significance tests, model architecture details, hyperparameter settings, training protocol, or cross-validation procedure. These omissions prevent assessment of whether the reported gains (e.g., 15.6% binary on UNSW-NB15) are reproducible or statistically meaningful.

Authors: We acknowledge that the original manuscript omitted these critical details, primarily due to space limitations. We will substantially expand the experimental section to report: error bars and 95% confidence intervals computed over at least five independent runs with different random seeds; results of statistical significance tests (e.g., paired t-tests or McNemar’s test) on the accuracy differences; complete descriptions of the four model architectures including layer counts and activation functions; all hyperparameter values and the grid-search or tuning procedure used; the full training protocol (optimizer, learning-rate schedule, batch size, number of epochs, early-stopping criteria); and the cross-validation scheme (e.g., stratified k-fold or hold-out splits). These additions will enable readers to evaluate reproducibility and statistical validity of the reported gains. revision: yes

Circularity Check

0 steps flagged

No circularity; empirical evaluation on public benchmarks

full rationale

The paper proposes a deterministic byte-level encoding of flow records into fixed-size RGB images (inverted-L trajectory for continuous IEEE-754 bytes, center placement for discrete features) and reports accuracy improvements via direct side-by-side comparison of the same four models on flow versus image inputs using the public NSL-KDD and UNSW-NB15 datasets. No equations, predictions, or first-principles derivations are present that reduce to inputs by construction. No self-citations, fitted parameters renamed as predictions, or ansatzes are load-bearing for the central claim. The evaluation is self-contained against external benchmarks with no reduction of reported gains to the encoding definition itself.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The claim rests on the domain assumption that CNNs benefit from the imposed spatial structure; no free parameters or new entities are introduced in the abstract description.

axioms (1)

domain assumption Convolutional neural networks can exploit inter-feature spatial correlations created by the fixed image layout more effectively than they can process the original one-dimensional flow records.
This premise is stated directly in the abstract as the motivation for the encoding.

pith-pipeline@v0.9.0 · 5494 in / 1270 out tokens · 48622 ms · 2026-05-08T17:08:00.399127+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

29 extracted references

[1]

Evaluating large language models effectiveness for flow-based intrusion detection: a comparative study with ml and dl baselines,

L. Mehavilla, M. Rodr ´ıguez, J. Garc´ıa, and ´A. Alesanco, “Evaluating large language models effectiveness for flow-based intrusion detection: a comparative study with ml and dl baselines,”Artificial Intelligence Review, vol. 59, no. 2, p. 50, 2026

2026
[2]

A self-adaptive intrusion detection system for zero-day attacks using deep q-networks,

M. Alkasassbeh, E. H. Omoush, M. Almseidin, and A. Aldweesh, “A self-adaptive intrusion detection system for zero-day attacks using deep q-networks,”IEEE Access, vol. 13, pp. 174 280–174 296, 2025

2025
[3]

Lstm- 1dresnet: An intrusion detection model for connected and autonomous vehicles based on deep learning,

Q. He, Y . Zhang, A. Xu, Z. Ye, W. Zhou, Q. Lin, and T. Zhang, “Lstm- 1dresnet: An intrusion detection model for connected and autonomous vehicles based on deep learning,”IEEE Transactions on Vehicular Technology, pp. 1–13, 2026

2026
[4]

Dati- ids: Domain adaptation and time-series imaging-based intrusion detec- tion system for connected autonomous vehicles,

J. Tan, L. Huang, Z. Xia, K. Gu, W. Hao, K. Long, and L. Zeng, “Dati- ids: Domain adaptation and time-series imaging-based intrusion detec- tion system for connected autonomous vehicles,”IEEE Transactions on Intelligent Transportation Systems, vol. 26, no. 11, pp. 20 705–20 722, 2025

2025
[5]

Fsl-ids: Feder- ated semi-supervised learning intrusion detection system for in-vehicle networks,

K. Huang, H. Wang, L. Ni, Y . Wang, and M. Xian, “Fsl-ids: Feder- ated semi-supervised learning intrusion detection system for in-vehicle networks,”IEEE Internet of Things Journal, vol. 12, no. 17, pp. 35 619– 35 633, 2025

2025
[6]

Ieee standard for floating-point arithmetic,

IEEE, “Ieee standard for floating-point arithmetic,”IEEE Std 754-2019 (Revision of IEEE 754-2008), pp. 1–84, 2019

2019
[7]

A detailed analysis of the kdd cup 99 data set,

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the kdd cup 99 data set,” in2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, pp. 1–6

2009
[8]

Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),

N. Moustafa and J. Slay, “Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6

2015
[9]

Hae-hrl: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced lstm-cnn- based residual network,

Y . Xue, C. Kang, and H. Yu, “Hae-hrl: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced lstm-cnn- based residual network,”Computers & Security, vol. 151, p. 104328, 2025

2025
[10]

Optimized detection of cyber-attacks on iot networks via hybrid deep learning models,

A. Bensaoud and J. Kalita, “Optimized detection of cyber-attacks on iot networks via hybrid deep learning models,”Ad Hoc Networks, vol. 170, p. 103770, 2025

2025
[11]

Ais-nids: An intelli- gent and self-sustaining network intrusion detection system,

Y . A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Ais-nids: An intelli- gent and self-sustaining network intrusion detection system,”Computers & Security, vol. 144, p. 103982, 2024

2024
[12]

An enhanced ai-based network intrusion detection system using generative adversarial networks,

C. Park, J. Lee, Y . Kim, J.-G. Park, H. Kim, and D. Hong, “An enhanced ai-based network intrusion detection system using generative adversarial networks,”IEEE Internet of Things Journal, vol. 10, no. 3, pp. 2330– 2345, 2022

2022
[13]

Information system security rein- forcement with wgan-gp for detection of zero-day attacks,

Z. Mu, X. Shi, and S. Dogan, “Information system security rein- forcement with wgan-gp for detection of zero-day attacks,” in2024 7th International Conference on Artificial Intelligence and Big Data (ICAIBD). IEEE, 2024, pp. 105–110

2024
[14]

Senet-i: An approach for detecting network intrusions through serialized network traffic images,

Y . A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Senet-i: An approach for detecting network intrusions through serialized network traffic images,”Engineering Applications of Artificial Intelligence, vol. 126, p. 107169, 2023

2023
[15]

An optimized cnn- based intrusion detection system for reducing risks in smart farming,

A. El-Ghamry, A. Darwish, and A. E. Hassanien, “An optimized cnn- based intrusion detection system for reducing risks in smart farming,” Internet of Things, vol. 22, p. 100709, 2023

2023
[16]

A cognitive security framework for detecting intrusions in iot and 5g utilizing deep learning,

U. K. Lilhore, S. Dalal, and S. Simaiya, “A cognitive security framework for detecting intrusions in iot and 5g utilizing deep learning,”Computers & Security, vol. 136, p. 103560, 2024

2024
[17]

Intrusion detection in iot and wireless networks using image-based neural network classification,

Y . Sun and Z. Wang, “Intrusion detection in iot and wireless networks using image-based neural network classification,”Applied Soft Comput- ing, vol. 177, p. 113236, 2025

2025
[18]

Gcb-ppo2: A hybrid deep reinforcement learning intrusion detection system for under- represented attack categories in sdn,

C. Jue, T. Hongyu, C. Meng, P. Haidong, and Q. Xihe, “Gcb-ppo2: A hybrid deep reinforcement learning intrusion detection system for under- represented attack categories in sdn,”IEEE Transactions on Network Science and Engineering, vol. 13, pp. 84–101, 2026

2026
[19]

Towards real-time network intrusion detection with image-based sequential packets representation,

J. Ghadermazi, A. Shah, and N. D. Bastian, “Towards real-time network intrusion detection with image-based sequential packets representation,” IEEE Transactions on Big Data, vol. 11, no. 1, pp. 157–173, 2024

2024
[20]

Network intrusion detection via flow-to-image conversion and vision transformer classification,

C. M. K. Ho, K.-C. Yow, Z. Zhu, and S. Aravamuthan, “Network intrusion detection via flow-to-image conversion and vision transformer classification,”IEEE Access, vol. 10, pp. 97 780–97 793, 2022

2022
[21]

A feature selection algorithm for intrusion detection system based on the enhanced heuristic opti- mizer,

H. Yu, W. Zhang, C. Kang, and Y . Xue, “A feature selection algorithm for intrusion detection system based on the enhanced heuristic opti- mizer,”Expert Systems with Applications, vol. 265, p. 125860, 2025

2025
[22]

Tier-based optimization for synthesized network intrusion detection system,

M. A. Siddiqi and W. Pak, “Tier-based optimization for synthesized network intrusion detection system,”IEEE Access, vol. 10, pp. 108 530– 108 544, 2022

2022
[23]

A deep-learned embedding technique for categorical features encoding,

M. K. Dahouda and I. Joe, “A deep-learned embedding technique for categorical features encoding,”IEEE Access, vol. 9, pp. 114 381– 114 391, 2021

2021
[24]

Repre- sentation learning for tabular data: A comprehensive survey,

J.-P. Jiang, S.-Y . Liu, H.-R. Cai, Q.-L. Zhou, and H.-J. Ye, “Repre- sentation learning for tabular data: A comprehensive survey,”IEEE Transactions on Pattern Analysis and Machine Intelligence, pp. 1–20, 2026

2026
[25]

A hybrid cnn-lstm approach for intelligent cyber intrusion detection system,

S. S. Bamber, A. V . R. Katkuri, S. Sharma, and M. Angurala, “A hybrid cnn-lstm approach for intelligent cyber intrusion detection system,” Computers & Security, vol. 148, p. 104146, 2025

2025
[26]

Lightweight cnn-bilstm based intrusion detection systems for resource-constrained iot devices,

M. Jouhari and M. Guizani, “Lightweight cnn-bilstm based intrusion detection systems for resource-constrained iot devices,” in2024 Inter- national Wireless Communications and Mobile Computing (IWCMC). IEEE, 2024, pp. 1558–1563

2024
[27]

Intrusion detection algorithm based on multi-scale feature fusion,

J. Zhao, H. Hou, and L. Chang, “Intrusion detection algorithm based on multi-scale feature fusion,”Computers & Security, vol. 161, p. 104783, 2026

2026
[28]

Tmg-gan: Generative adversarial networks-based imbalanced learning for network intrusion detection,

H. Ding, Y . Sun, N. Huang, Z. Shen, and X. Cui, “Tmg-gan: Generative adversarial networks-based imbalanced learning for network intrusion detection,”IEEE Transactions on Information Forensics and Security, vol. 19, pp. 1156–1167, 2024

2024
[29]

Gma-sawgan-gp: A novel data generative framework to enhance ids detection performance,

Z. Mu, X. Shi, and S. Dogan, “Gma-sawgan-gp: A novel data generative framework to enhance ids detection performance,” 2026

2026

[1] [1]

Evaluating large language models effectiveness for flow-based intrusion detection: a comparative study with ml and dl baselines,

L. Mehavilla, M. Rodr ´ıguez, J. Garc´ıa, and ´A. Alesanco, “Evaluating large language models effectiveness for flow-based intrusion detection: a comparative study with ml and dl baselines,”Artificial Intelligence Review, vol. 59, no. 2, p. 50, 2026

2026

[2] [2]

A self-adaptive intrusion detection system for zero-day attacks using deep q-networks,

M. Alkasassbeh, E. H. Omoush, M. Almseidin, and A. Aldweesh, “A self-adaptive intrusion detection system for zero-day attacks using deep q-networks,”IEEE Access, vol. 13, pp. 174 280–174 296, 2025

2025

[3] [3]

Lstm- 1dresnet: An intrusion detection model for connected and autonomous vehicles based on deep learning,

Q. He, Y . Zhang, A. Xu, Z. Ye, W. Zhou, Q. Lin, and T. Zhang, “Lstm- 1dresnet: An intrusion detection model for connected and autonomous vehicles based on deep learning,”IEEE Transactions on Vehicular Technology, pp. 1–13, 2026

2026

[4] [4]

Dati- ids: Domain adaptation and time-series imaging-based intrusion detec- tion system for connected autonomous vehicles,

J. Tan, L. Huang, Z. Xia, K. Gu, W. Hao, K. Long, and L. Zeng, “Dati- ids: Domain adaptation and time-series imaging-based intrusion detec- tion system for connected autonomous vehicles,”IEEE Transactions on Intelligent Transportation Systems, vol. 26, no. 11, pp. 20 705–20 722, 2025

2025

[5] [5]

Fsl-ids: Feder- ated semi-supervised learning intrusion detection system for in-vehicle networks,

K. Huang, H. Wang, L. Ni, Y . Wang, and M. Xian, “Fsl-ids: Feder- ated semi-supervised learning intrusion detection system for in-vehicle networks,”IEEE Internet of Things Journal, vol. 12, no. 17, pp. 35 619– 35 633, 2025

2025

[6] [6]

Ieee standard for floating-point arithmetic,

IEEE, “Ieee standard for floating-point arithmetic,”IEEE Std 754-2019 (Revision of IEEE 754-2008), pp. 1–84, 2019

2019

[7] [7]

A detailed analysis of the kdd cup 99 data set,

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the kdd cup 99 data set,” in2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, pp. 1–6

2009

[8] [8]

Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),

N. Moustafa and J. Slay, “Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6

2015

[9] [9]

Hae-hrl: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced lstm-cnn- based residual network,

Y . Xue, C. Kang, and H. Yu, “Hae-hrl: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced lstm-cnn- based residual network,”Computers & Security, vol. 151, p. 104328, 2025

2025

[10] [10]

Optimized detection of cyber-attacks on iot networks via hybrid deep learning models,

A. Bensaoud and J. Kalita, “Optimized detection of cyber-attacks on iot networks via hybrid deep learning models,”Ad Hoc Networks, vol. 170, p. 103770, 2025

2025

[11] [11]

Ais-nids: An intelli- gent and self-sustaining network intrusion detection system,

Y . A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Ais-nids: An intelli- gent and self-sustaining network intrusion detection system,”Computers & Security, vol. 144, p. 103982, 2024

2024

[12] [12]

An enhanced ai-based network intrusion detection system using generative adversarial networks,

C. Park, J. Lee, Y . Kim, J.-G. Park, H. Kim, and D. Hong, “An enhanced ai-based network intrusion detection system using generative adversarial networks,”IEEE Internet of Things Journal, vol. 10, no. 3, pp. 2330– 2345, 2022

2022

[13] [13]

Information system security rein- forcement with wgan-gp for detection of zero-day attacks,

Z. Mu, X. Shi, and S. Dogan, “Information system security rein- forcement with wgan-gp for detection of zero-day attacks,” in2024 7th International Conference on Artificial Intelligence and Big Data (ICAIBD). IEEE, 2024, pp. 105–110

2024

[14] [14]

Senet-i: An approach for detecting network intrusions through serialized network traffic images,

Y . A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Senet-i: An approach for detecting network intrusions through serialized network traffic images,”Engineering Applications of Artificial Intelligence, vol. 126, p. 107169, 2023

2023

[15] [15]

An optimized cnn- based intrusion detection system for reducing risks in smart farming,

A. El-Ghamry, A. Darwish, and A. E. Hassanien, “An optimized cnn- based intrusion detection system for reducing risks in smart farming,” Internet of Things, vol. 22, p. 100709, 2023

2023

[16] [16]

A cognitive security framework for detecting intrusions in iot and 5g utilizing deep learning,

U. K. Lilhore, S. Dalal, and S. Simaiya, “A cognitive security framework for detecting intrusions in iot and 5g utilizing deep learning,”Computers & Security, vol. 136, p. 103560, 2024

2024

[17] [17]

Intrusion detection in iot and wireless networks using image-based neural network classification,

Y . Sun and Z. Wang, “Intrusion detection in iot and wireless networks using image-based neural network classification,”Applied Soft Comput- ing, vol. 177, p. 113236, 2025

2025

[18] [18]

Gcb-ppo2: A hybrid deep reinforcement learning intrusion detection system for under- represented attack categories in sdn,

C. Jue, T. Hongyu, C. Meng, P. Haidong, and Q. Xihe, “Gcb-ppo2: A hybrid deep reinforcement learning intrusion detection system for under- represented attack categories in sdn,”IEEE Transactions on Network Science and Engineering, vol. 13, pp. 84–101, 2026

2026

[19] [19]

Towards real-time network intrusion detection with image-based sequential packets representation,

J. Ghadermazi, A. Shah, and N. D. Bastian, “Towards real-time network intrusion detection with image-based sequential packets representation,” IEEE Transactions on Big Data, vol. 11, no. 1, pp. 157–173, 2024

2024

[20] [20]

Network intrusion detection via flow-to-image conversion and vision transformer classification,

C. M. K. Ho, K.-C. Yow, Z. Zhu, and S. Aravamuthan, “Network intrusion detection via flow-to-image conversion and vision transformer classification,”IEEE Access, vol. 10, pp. 97 780–97 793, 2022

2022

[21] [21]

A feature selection algorithm for intrusion detection system based on the enhanced heuristic opti- mizer,

H. Yu, W. Zhang, C. Kang, and Y . Xue, “A feature selection algorithm for intrusion detection system based on the enhanced heuristic opti- mizer,”Expert Systems with Applications, vol. 265, p. 125860, 2025

2025

[22] [22]

Tier-based optimization for synthesized network intrusion detection system,

M. A. Siddiqi and W. Pak, “Tier-based optimization for synthesized network intrusion detection system,”IEEE Access, vol. 10, pp. 108 530– 108 544, 2022

2022

[23] [23]

A deep-learned embedding technique for categorical features encoding,

M. K. Dahouda and I. Joe, “A deep-learned embedding technique for categorical features encoding,”IEEE Access, vol. 9, pp. 114 381– 114 391, 2021

2021

[24] [24]

Repre- sentation learning for tabular data: A comprehensive survey,

J.-P. Jiang, S.-Y . Liu, H.-R. Cai, Q.-L. Zhou, and H.-J. Ye, “Repre- sentation learning for tabular data: A comprehensive survey,”IEEE Transactions on Pattern Analysis and Machine Intelligence, pp. 1–20, 2026

2026

[25] [25]

A hybrid cnn-lstm approach for intelligent cyber intrusion detection system,

S. S. Bamber, A. V . R. Katkuri, S. Sharma, and M. Angurala, “A hybrid cnn-lstm approach for intelligent cyber intrusion detection system,” Computers & Security, vol. 148, p. 104146, 2025

2025

[26] [26]

Lightweight cnn-bilstm based intrusion detection systems for resource-constrained iot devices,

M. Jouhari and M. Guizani, “Lightweight cnn-bilstm based intrusion detection systems for resource-constrained iot devices,” in2024 Inter- national Wireless Communications and Mobile Computing (IWCMC). IEEE, 2024, pp. 1558–1563

2024

[27] [27]

Intrusion detection algorithm based on multi-scale feature fusion,

J. Zhao, H. Hou, and L. Chang, “Intrusion detection algorithm based on multi-scale feature fusion,”Computers & Security, vol. 161, p. 104783, 2026

2026

[28] [28]

Tmg-gan: Generative adversarial networks-based imbalanced learning for network intrusion detection,

H. Ding, Y . Sun, N. Huang, Z. Shen, and X. Cui, “Tmg-gan: Generative adversarial networks-based imbalanced learning for network intrusion detection,”IEEE Transactions on Information Forensics and Security, vol. 19, pp. 1156–1167, 2024

2024

[29] [29]

Gma-sawgan-gp: A novel data generative framework to enhance ids detection performance,

Z. Mu, X. Shi, and S. Dogan, “Gma-sawgan-gp: A novel data generative framework to enhance ids detection performance,” 2026

2026