Experimental Analysis of Random Forest-Based Classification for Adaptive Network Attack Detection

DOI

10.2991/978-94-6239-636-4_11How to use a DOI?

Keywords

Random Forest; Adaptive Cyber Attacks; Intrusion Detection System; Suricata; CHR

Abstract

The evolution of modern cyberattacks has introduced increasingly adaptive and dynamic behaviors that challenge conventional security mechanisms. Adaptive attacks employ strategies such as randomized timing intervals, unconventional source ports, and multi-vector techniques, allowing them to bypass traditional signature-based Intrusion Detection Systems (IDS). As a result, static rule-based detection approaches often struggle to recognize evolving attack patterns, highlighting the need for machine learning-based solutions capable of analyzing behavioral characteristics in network traffic. This study presents an experimental evaluation of the Random Forest for adaptive cyberattack classification using network traffic data. The dataset was generated through an enterprise network simulation consisting of four target systems, including two routers and two Ubuntu servers, alongside ten distributed attacker IP addresses. A total of 5,005 network log entries were collected over a seven-day observation period and categorized into six classes: adaptive brute force, unconventional denial-of-service, network scanning, anomalous login behavior, multi-vector attacks, and normal traffic. Following data preprocessing, twelve relevant features were selected to represent traffic behavior and flow characteristics. The dataset was divided using an 80:20 split for training and testing purposes. Experimental results indicate that the Random Forest model achieved an overall accuracy of 94.1%, with precision, recall, and F1-score values of 94%. Class-level analysis demonstrated perfect detection performance for several attack categories, while behavior-driven attacks such as adaptive brute force and anomalous login patterns exhibited lower classification accuracy due to their subtle characteristics. Feature importance analysis further revealed that anomaly-related metrics and traffic volume attributes played a significant role in attack detection.

Copyright

© 2026 The Author(s)

Open Access

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

TY  - CONF
AU  - Hillman Akhyar Damanik
AU  - Merry Anggraeni
PY  - 2026
DA  - 2026/04/28
TI  - Experimental Analysis of Random Forest-Based Classification for Adaptive Network Attack Detection
BT  - Proceedings of the International Conference on Cross- Disciplinary Academic Research 2025 - Track 1 Advances in Computing, Electronics, Engineering, and Mathematics (ICAR-T1 2025)
PB  - Atlantis Press
SP  - 128
EP  - 145
SN  - 2352-5401
UR  - https://doi.org/10.2991/978-94-6239-636-4_11
DO  - 10.2991/978-94-6239-636-4_11
ID  - Damanik2026
ER  -