{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T16:32:30Z","timestamp":1769099550417,"version":"3.49.0"},"reference-count":49,"publisher":"MDPI AG","issue":"20","license":[{"start":{"date-parts":[[2023,10,10]],"date-time":"2023-10-10T00:00:00Z","timestamp":1696896000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Princess Nourah bint Abdulrahman University","award":["PNURSP2023R319"],"award-info":[{"award-number":["PNURSP2023R319"]}]},{"name":"Princess Nourah bint Abdulrahman University","award":["PNURSP2023R319"],"award-info":[{"award-number":["PNURSP2023R319"]}]},{"name":"Prince Sultan University","award":["PNURSP2023R319"],"award-info":[{"award-number":["PNURSP2023R319"]}]},{"name":"Prince Sultan University","award":["PNURSP2023R319"],"award-info":[{"award-number":["PNURSP2023R319"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization\u2019s network security. This is because IDSs serve as the organization\u2019s first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs\u2019 performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model\u2019s performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF\u2019s capabilities in intrusion detection and network security solutions.<\/jats:p>","DOI":"10.3390\/s23208362","type":"journal-article","created":{"date-parts":[[2023,10,10]],"date-time":"2023-10-10T10:23:42Z","timestamp":1696933422000},"page":"8362","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis"],"prefix":"10.3390","volume":"23","author":[{"given":"Fatma S.","family":"Alrayes","sequence":"first","affiliation":[{"name":"Information Systems Department, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh 11671, Saudi Arabia"}]},{"given":"Mohammed","family":"Zakariah","sequence":"additional","affiliation":[{"name":"College of Computer and Information Sciences, King Saud University, Riyadh 11362, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8236-8746","authenticated-orcid":false,"given":"Maha","family":"Driss","sequence":"additional","affiliation":[{"name":"Robotics and Internet-of-Things Laboratory, Prince Sultan University, Riyadh 12435, Saudi Arabia"},{"name":"RIADI Laboratory, National School of Computer Sciences, University of Manouba, Manouba 2010, Tunisia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2133-0757","authenticated-orcid":false,"given":"Wadii","family":"Boulila","sequence":"additional","affiliation":[{"name":"Robotics and Internet-of-Things Laboratory, Prince Sultan University, Riyadh 12435, Saudi Arabia"},{"name":"RIADI Laboratory, National School of Computer Sciences, University of Manouba, Manouba 2010, Tunisia"}]}],"member":"1968","published-online":{"date-parts":[[2023,10,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1988","DOI":"10.1109\/COMST.2018.2883147","article-title":"Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey","volume":"21","author":"Pacheco","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/s12530-020-09364-z","article-title":"Developing new deep-learning model to enhance network intrusion classification","volume":"13","author":"Azzaoui","year":"2021","journal-title":"Evol. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4124","DOI":"10.1109\/TNSM.2022.3193748","article-title":"Ensemble-Based Deep Learning Model for Network Traffic Classification","volume":"19","author":"Aouedi","year":"2022","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Balamurugan, N.M., Adimoolam, M., Alsharif, M.H., and Uthansakul, P. (2022). A Novel Method for Improved Network Traffic Prediction Using Enhanced Deep Reinforcement Learning Algorithm. Sensors, 22.","DOI":"10.3390\/s22135006"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"59326","DOI":"10.1109\/ACCESS.2020.2982592","article-title":"Servicing your requirements: An fca and rca-driven approach for semantic web services composition","volume":"8","author":"Driss","year":"2020","journal-title":"IEEE Access"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"2385","DOI":"10.1016\/j.procs.2021.09.007","article-title":"Microservices in IoT security: Current solutions, research challenges, and future directions","volume":"192","author":"Driss","year":"2021","journal-title":"Procedia Comput. Sci."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/s10922-021-09639-z","article-title":"Network Traffic Classification Using Deep Learning Networks and Bayesian Data Fusion","volume":"30","author":"Izadi","year":"2022","journal-title":"J. Netw. Syst. Manag."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1007\/s11277-021-08208-6","article-title":"Hybridization of Mean Shift Clustering and Deep Packet Inspected Classification for Network Traffic Analysis","volume":"127","author":"Kumar","year":"2021","journal-title":"Wirel. Pers. Commun."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"628","DOI":"10.3390\/network2040036","article-title":"Detection of Malicious Network Flows with Low Preprocessing Overhead","volume":"2","author":"Fox","year":"2022","journal-title":"Network"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"4374385","DOI":"10.1155\/2023\/4374385","article-title":"Network Traffic Classification Based on SD Sampling and Hierarchical Ensemble Learning","volume":"2023","author":"Qin","year":"2023","journal-title":"Secur. Commun. Netw."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez, M., Alesanco, \u00c1., Mehavilla, L., and Garc\u00eda, J. (2022). Evaluation of Machine Learning Techniques for Traffic Flow-Based Intrusion Detection. Sensors, 22.","DOI":"10.3390\/s22239326"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Malik, A., de Frein, R., Al-Zeyadi, M., and Andreu-Perez, J. (2020, January 26\u201329). Intelligent SDN Traffic Classification Using Deep Learning: Deep-SDN. Proceedings of the 2020 2nd International Conference on Computer Communication and the Internet (ICCCI), Nagoya, Japan.","DOI":"10.1109\/ICCCI49374.2020.9145971"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.comcom.2021.01.021","article-title":"Deep Learning for Network Traffic Monitoring and Analysis (NTMA): A Survey","volume":"170","author":"Abbasi","year":"2021","journal-title":"Comput. Commun."},{"key":"ref_14","first-page":"658","article-title":"Fusion of convolutional neural networks based on Dempster\u2013Shafer theory for automatic pneumonia detection from chest X-ray images","volume":"32","author":"Driss","year":"2021","journal-title":"Int. J. Imaging Syst. Technol."},{"key":"ref_15","first-page":"55","article-title":"Randomly initialized convolutional neural network for the recognition of COVID-19 using X-ray images","volume":"32","author":"Driss","year":"2021","journal-title":"Int. J. Imaging Syst. Technol."},{"key":"ref_16","first-page":"2076987","article-title":"Research on DoS Traffic Detection Model Based on Random Forest and Multilayer Perceptron","volume":"2022","author":"He","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Wang, W., Bai, Y., Yu, C., Gu, Y., Feng, P., Wang, X., and Wang, R. (2018, January 23\u201327). A network traffic flow prediction with deep learning approach for large-scale metropolitan area network. Proceedings of the NOMS 2018\u20142018 IEEE\/IFIP Network Operations and Management Symposium, Taipei, Taiwan.","DOI":"10.1109\/NOMS.2018.8406252"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"96","DOI":"10.18488\/76.v9i2.3065","article-title":"Machine Learning Based Network Traffic Predictive Analysis","volume":"9","author":"Ponmalar","year":"2022","journal-title":"Rev. Comput. Eng. Res."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2662","DOI":"10.1109\/TNSM.2020.3025131","article-title":"Predicting Network Flow Characteristics Using Deep Learning and Real-World Network Traffic","volume":"17","author":"Hardegen","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Bolakhrif, A., Ozger, M., Sandberg, D., and Cavdar, C. (2022, January 19\u201322). AI-Assisted Network Traffic Prediction Without Warm-Up Periods. Proceedings of the 2022 IEEE 95th Vehicular Technology Conference: (VTC2022-Spring), Helsinki, Finland.","DOI":"10.1109\/VTC2022-Spring54318.2022.9860997"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Adeke, J.M., Chen, J., Zhang, L., Mensah, R.N.K., and Tong, K. (2020, January 28\u201329). An Efficient Approach Based on Parameter Optimization for Network Traffic Classification Using Machine Learning. Proceedings of the 2020 7th International Conference on Dependable Systems and Their Applications (DSA), Xi\u2019an, China.","DOI":"10.1109\/DSA51864.2020.00021"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Khairalla, M.A., Ning, X., Al-Jallad, N.T., and El-Faroug, M.O. (2018). Short-Term Forecasting for Energy Consumption through Stacking Heterogeneous Ensemble Learning Model. Energies, 11.","DOI":"10.3390\/en11061605"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"101750","DOI":"10.1016\/j.pmcj.2023.101750","article-title":"F-BIDS: Federated-Blending based Intrusion Detection System","volume":"89","author":"Aouedi","year":"2023","journal-title":"Pervasive Mob. Comput."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Xie, Q., Guo, T., Chen, Y., Xiao, Y., Wang, X., and Zhao, B.Y. (2020, January 19\u201323). Deep Graph Convolutional Networks for Incident-Driven Traffic Speed Prediction. Proceedings of the 29th ACM International Conference on Information & Knowledge Management, Online.","DOI":"10.1145\/3340531.3411873"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Han, Z., Guan, J., Yao, Y., and Yao, S. (2021, January 14\u201316). Adaptive Convolutional Neural Network Structure for Network Traffic Classification. Proceedings of the 2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS), Beijing, China.","DOI":"10.1109\/ICPADS53394.2021.00037"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1049\/ise2.12020","article-title":"T-SNERF: A novel high accuracy machine learning approach for Intrusion Detection Systems","volume":"15","author":"Hammad","year":"2021","journal-title":"IET Inf. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1186\/s40537-020-00318-5","article-title":"Cybersecurity data science: An overview from machine learning perspective","volume":"7","author":"Sarker","year":"2020","journal-title":"J. Big Data"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"607","DOI":"10.1038\/s41586-019-1677-2","article-title":"Towards spike-based machine intelligence with neuromorphic computing","volume":"575","author":"Roy","year":"2019","journal-title":"Nature"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"9444","DOI":"10.1109\/JIOT.2021.3126811","article-title":"A Taxonomy of Machine-Learning-Based Intrusion Detection Systems for the Internet of Things: A Survey","volume":"9","author":"Jamalipour","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/s40537-019-0176-5","article-title":"Data mining approach for predicting the daily Internet data traffic of a smart university","volume":"6","author":"Adekitan","year":"2019","journal-title":"J. Big Data"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1186\/s40537-019-0192-5","article-title":"Survey on deep learning with class imbalance","volume":"6","author":"Johnson","year":"2019","journal-title":"J. Big Data"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"30387","DOI":"10.1109\/ACCESS.2020.2973023","article-title":"An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection","volume":"8","author":"Hwang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Aouedi, O., Piamrat, K., and Parrein, B. (2021, January 14\u201323). Performance evaluation of feature selection and tree-based algorithms for traffic classification. Proceedings of the 2021 IEEE International Conference on Communications Workshops (ICC Workshops), Montreal, QC, Canada.","DOI":"10.1109\/ICCWorkshops50388.2021.9473580"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1016\/j.patcog.2017.07.024","article-title":"Synthetic minority oversampling technique for multiclass imbalance problems","volume":"72","author":"Zhu","year":"2017","journal-title":"Pattern Recognit."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"114885","DOI":"10.1016\/j.eswa.2021.114885","article-title":"Multi class SVM algorithm with active learning for network traffic classification","volume":"176","author":"Dong","year":"2021","journal-title":"Expert Syst. Appl."},{"key":"ref_36","first-page":"566","article-title":"An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests","volume":"56","author":"Ren","year":"2019","journal-title":"Jisuanji Yanjiu Yu Fazhan\/Comput. Res. Dev."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1007\/s11277-021-09139-y","article-title":"Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset","volume":"123","author":"Choobdar","year":"2021","journal-title":"Wirel. Pers. Commun."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Henry, A., Gautam, S., Khanna, S., Rabie, K., Shongwe, T., Bhattacharya, P., Sharma, B., and Chowdhury, S. (2023). Composition of Hybrid Deep Learning Model and Feature Optimization for Intrusion Detection System. Sensors, 23.","DOI":"10.3390\/s23020890"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"118641","DOI":"10.1016\/j.eswa.2022.118641","article-title":"Transfer learning for raw network traffic detection","volume":"211","author":"Bierbrauer","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref_40","unstructured":"Krishna, K.V., Swathi, K., Rao, P.R.K., and Rao, B.B. (2022). Pervasive Computing and Social Networking, Springer."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Abu Al-Haija, Q., Alohaly, M., and Odeh, A. (2023). A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach. Sensors, 23.","DOI":"10.3390\/s23073489"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Al-Qudah, M., Ashi, Z., Alnabhan, M., and Abu Al-Haija, Q. (2023). Effective One-Class Classifier Model for Memory Dump Malware Detection. J. Sens. Actuator Netw., 12.","DOI":"10.3390\/jsan12010005"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Abu Al-Haija, Q., and Al-Badawi, A. (2021). Attack-Aware IoT Network Traffic Routing Leveraging Ensemble Learning. Sensors, 22.","DOI":"10.3390\/s22010241"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Alsulami, A.A., Abu Al-Haija, Q., Tayeb, A., and Alqahtani, A. (2022). An Intrusion Detection and Classification System for IoT Traffic with Improved Data Engineering. Appl. Sci., 12.","DOI":"10.20944\/preprints202210.0431.v1"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"108495","DOI":"10.1109\/ACCESS.2021.3101650","article-title":"SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning","volume":"9","year":"2021","journal-title":"IEEE Access"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1007\/s10462-011-9272-4","article-title":"Decision trees: A recent overview","volume":"39","author":"Kotsiantis","year":"2011","journal-title":"Artif. Intell. Rev."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"4016073","DOI":"10.1155\/2022\/4016073","article-title":"Deep learning for intrusion detection and security of Internet of things (IoT): Current analysis, challenges, and possible solutions","volume":"2022","author":"Khan","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Butt, M.A., Ajmal, Z., Khan, Z.I., Idrees, M., and Javed, Y. (2022). An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques. Appl. Sci., 12.","DOI":"10.3390\/app12136702"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1016\/j.isatra.2022.09.035","article-title":"Efficient and trusted autonomous vehicle routing protocol for 6G networks with computational intelligence","volume":"132","author":"Haseeb","year":"2023","journal-title":"ISA Trans."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/20\/8362\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:04:16Z","timestamp":1760130256000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/20\/8362"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,10]]},"references-count":49,"journal-issue":{"issue":"20","published-online":{"date-parts":[[2023,10]]}},"alternative-id":["s23208362"],"URL":"https:\/\/doi.org\/10.3390\/s23208362","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,10]]}}}