ANALYSIS OF PCAP-DERIVED FLOW-BASED TRAFFIC REPRESENTATION FOR LIGHTWEIGHT INTRUSION DETECTION

(Received: 13-Mar.-2026, Revised: 30-May-2026 , Accepted: 6-Jun.-2026)

Authors Andrés Eduardo Villamarín Olmos, Edward Paul Guillen Pinto,

Keywords #Intrusion detection systems (IDSs) #Network traffic classification #UNSW-NB15 #Machine learning #Network security

Abstract The proliferation of interconnected network infrastructures and IoT devices has significantly expanded the cyber-attack surface, requiring efficient Machine Learning-based Intrusion Detection Systems (IDSs). Although reference datasets like UNSW-NB15 exist, their official features impose limitations regarding flexibility and class imbalance. This study evaluates the impact of a custom data representation by constructing a new dataset from the original UNSW-NB15 PCAP files. We implemented a workflow to label packets, group unidirectional flows and extract a reduced set of 21 features, comparing this representation with the official 49-feature UNSW-NB15 set using different ML architectures in binary and multi-class classification tasks. Results indicate that the custom dataset achieves competitive performance despite a significant reduction in file size and the number of features. Notably, the custom representation effectively balances detection accuracy with computational efficiency, offering a viable strategy for environments with strict operational constraints, such as edge nodes or IoT gateways.

References

[1] S. Sinha, "State of IoT 2025: Number of Connected IoT Devices Growing 14% to 21.1 Billion Globally," IoT Analytics, [Online], Available: https://iot-analytics.com/number-connected-iot-devices/, 2025.

[2] T. Fox, "Cybercrime to Cost the World $12.2 Trillion Annually by 2031," Cybersecurity Ventures, [Online], Available: https://cybersecurityventures.com/ official-cybercrime-report-2025/, 2025.

[3] N. Moustafa and J. Slay, "UNSW-NB15: A Comprehensive Dataset for Network Intrusion Detection Systems (UNSW-NB15 Network Dataset)," Proc. of the IEEE 2015 Military Communications and Information Systems Conf. (MilCIS), pp. 1-6, Canberra, ACT, Australia 2015.

[4] S. More, M. Idrissi, H. Mahmoud and A. T. Asyhari, "Enhanced Intrusion Detection Systems Performance with UNSW-NB15 Data Analysis," Algorithms, vol. 17, no. 2, p. 64, 2024.

[5] M. Ahmad et al., "Intrusion Detection in Internet of Things Using Supervised Machine Learning Based on Application and Transport Layer Features Using UNSW-NB15 Dataset," EURASIP Journal on Wireless Communications and Networking, vol. 2021, no. 1, p. 10, 2021.

[6] M. Z. Hussain, A. Iftikhar, T. N. Usmani and M. Z. Hasan, "Leveraging Zero Trust Architecture for Network Intrusion Detection: A Comprehensive Evaluation Using the UNSW-NB15 Dataset," Spectrum of Engineering Sciences, vol. 3, no. 3, pp. 669-676, 2025.

[7] M. Jouhari, H. Benaddi and K. Ibrahimi, "Efficient Intrusion Detection: Combining x² Feature Selection with CNN-BiLSTM on the UNSW-NB15 Dataset," arXiv preprint, arXiv: 2407.14945, 2024.

[8] V. Sharma and M. Kumar, "Improving Intrusion Detection with Hybrid Deep Learning Models: A Study on CIC-IDS2017, UNSW-NB15 and KDD CUP 99," Journal of Information Systems Engineering and Management, vol. 10, no. 11, DOI: 10.52783/jisem.v10i11s.1665, 2025.

[9] A. D. Vibhute, M. Khan, C. H. Patil, S. V. Gaikwad, A. V. Mane and K. K. Patel, "Network Anomaly Detection and Performance Evaluation of Convolutional Neural Networks on UNSW-NB15 Dataset," Procedia Computer Science, vol. 235, pp. 2227-2236, 2024.

[10] M. Farhan et al., "Network-based Intrusion Detection Using Deep Learning Technique," Scientific Reports, vol. 15, no. 1, p. 25550, 2025.

[11] Z. Chkirbene, S. Eltanbouly, M. Bashendy, N. AlNaimi and A. Erbad, "Hybrid Machine Learning for Network Anomaly Intrusion Detection," Proc. of 2020 IEEE Int. Conf. on Informatics, IoT and Enabling Technologies (ICIoT), pp. 163-170, Doha, Qatar, 2020.

[12] M. H. Kabir et al., "Network Intrusion Detection Using UNSW-NB15 Dataset: Stacking Machine Learning Based Approach," Proc. of the 2022 IEEE Int. Conf. on Advancement in Electrical and Electronic Engineering (ICAEEE), pp. 1-6, Gazipur, Bangladesh, 2022.

[13] M. Belouch, S. El Hadaj and M. Idhammad, "Performance Evaluation of Intrusion Detection Based on Machine Learning Using Apache Spark," Procedia Computer Science, vol. 127, pp. 1-6, 2018.

[14] I. Mutambik, "An Efficient Flow-based Anomaly Detection System for Enhanced Security in IoT Networks," Sensors, vol. 24, no. 22, p. 7408, 2024.

[15] M. M. Mahmoud, Y. O. Youssef and A. A. Abdel-Hamid, "XI2S-IDS: An Explainable Intelligent 2-stage Intrusion Detection System," Future Internet, vol. 17, no. 1, p. 25, 2025.