AI and Machine Learning Models for Real-Time Intrusion Detection Systems

Author: Akash Uday Shirke

Publisher: Zenodo

DOI: 10.5281/zenodo.17309844

Source: https://zenodo.org/records/17309844/files/S063805.pdf

28
In e na ional Jou nal o Ad ance and Applied Resea ch
www.ijaa .co.in
ISSN – 2347-7075
Impac Fac o – 8.141
Pee Re iewed
Bi-Mon hly
Vol. 6 No. 38
Sep embe - Oc obe - 2025
AI and Machine Lea ning Models o Real-Time In usion De ec ion Sys ems
Akash Uday Shi ke
Assis an P o esso & Head o Depa men Compu e Science
D . D. Y. Pa il Science and Compu e Science College,Aku di,Pune-44
Co esponding Au ho – Akash Uday Shi ke
DOI - 10.5281/zenodo.17309844
Abs ac :
Real- ime in usion de ec ion sys ems (IDS) a e c i ical o sa egua ding mode n ne wo ks
agains e ol ing cybe h ea s. A i icial in elligence (AI) and machine lea ning (ML) models
signi ican ly enhance IDS capabili ies h ough anomaly de ec ion, p edic i e analy ics, and
au oma ed esponse mechanisms. This pape e iews s a e-o - he-a AI/ML models o eal- ime IDS,
including supe ised, unsupe ised, and deep lea ning echniques such as XGBoos , con olu ional
neu al ne wo ks (CNNs), long sho - e m memo y ne wo ks (LSTMs), and hyb id a chi ec u es.
D awing om 2025 li e a u e, i examines applica ions in In e ne o Things (IoT) and en e p ise
ne wo k en i onmen s, e alua es pe o mance on benchma k da ase s including NSL-KDD, UNSW-
NB15, and CICIDS2017, and explo es in eg a ion wi h explainable AI (XAI) o model anspa ency
and us . Key indings highligh op imized models achie ing de ec ion accu acies exceeding 99%,
while add essing challenges such as compu a ional o e head, scalabili y, and ad e sa ial obus ness.
A g aphical compa ison o model pe o mances is p esen ed. Fu u e esea ch ends emphasize edge
AI deploymen and quan um- esis an secu i y amewo ks o esilien , scalable, and eal- ime
in usion de ec ion.
In oduc ion:
In usion de ec ion sys ems (IDS) play
a i al ole in mode n cybe secu i y by
con inuously moni o ing ne wo k a ic and
sys em beha io o de ec signs o malicious
ac i i y. Wi h he apid expansion o digi al
in as uc u es such as In e ne o Things
(IoT), 5G ne wo ks, and cloud compu ing, he
scale and complexi y o cybe h ea s ha e
inc eased signi ican ly. Real- ime IDS a e
he e o e essen ial o p o ide immedia e
de ec ion and esponse capabili ies,
minimizing he impac o a acks be o e hey
escala e in o la ge-scale b eaches.
T adi ional IDS app oaches,
pa icula ly signa u e-based sys ems, ely on
p ede ined a ack pa e ns o iden i y
in usions. While e ec i e agains known
h ea s, hese sys ems s uggle wi h no el o
ze o-day a acks, as hey lack adap abili y o
eme ging pa e ns o malicious beha io . This
limi a ion has mo i a ed he in eg a ion o
a i icial in elligence (AI) and machine
lea ning (ML) echniques in o IDS, enabling
mo e adap i e, in elligen , and p oac i e
de ense mechanisms. By le e aging s a is ical
lea ning, anomaly de ec ion, and p edic i e
analy ics, AI-enhanced IDS can unco e
p e iously unseen a ack ec o s wi h g ea e
accu acy.
Recen yea s ha e wi nessed
ema kable p og ess in he applica ion o
machine lea ning and deep lea ning o IDS.
Classical ML algo i hms such as decision
IJAAR Vol. 6 No. 38 ISSN – 2347-7075
Akash Uday Shi ke
29
ees, andom o es s, and suppo ec o
machines (SVMs) ha e laid he ounda ion o
anomaly-based de ec ion. Howe e , he
g owing a ailabili y o la ge-scale da ase s and
ad ancemen s in compu a ional powe ha e
enabled he adop ion o deep lea ning (DL)
models, including con olu ional neu al
ne wo ks (CNNs), ecu en neu al ne wo ks
(RNNs), and long sho - e m memo y
ne wo ks (LSTMs). These models excel a
cap u ing complex empo al and spa ial
pa e ns in ne wo k a ic, he eby imp o ing
de ec ion a es and educing alse posi i es.
Hyb id app oaches ha combine ML and DL
u he enhance sys em obus ness by
balancing in e p e abili y, e iciency, and
p edic i e pe o mance.
Benchma k da ase s such as NSL-
KDD, UNSW-NB15, and CICIDS2017 ha e
been ins umen al in e alua ing and compa ing
IDS models, p o iding s anda dized
en i onmen s o measu ing de ec ion
accu acy, p ecision, ecall, and alse posi i e
a es. Recen s udies om 2025 demons a e
ha op imized models can achie e de ec ion
accu acies exceeding 99%, making hem
iable o deploymen in eal-wo ld
en i onmen s. Fu he mo e, he in eg a ion o
explainable AI (XAI) amewo ks add esses
he "black-box" na u e o deep models,
o e ing anspa ency and in e p e abili y o
cybe secu i y p o essionals who need o
unde s and he easoning behind model
p edic ions.
Despi e hese ad ances, signi ican
challenges emain in designing IDS ha a e
scalable, compu a ionally e icien , and
esilien agains ad e sa ial a acks. The eal-
ime deploymen o AI/ML models on
esou ce-cons ained IoT de ices, he isk o
poisoning a acks agains aining da ase s, and
he e hical implica ions o au oma ed h ea
de ec ion demand u he esea ch. Eme ging
di ec ions such as edge AI deploymen ,
ede a ed lea ning, and quan um- esis an
amewo ks ep esen p omising a enues o
he nex gene a ion o IDS, ensu ing obus
p o ec ion in inc easingly dynamic and hos ile
cybe landscapes.
Backg ound on In usion De ec ion
Sys ems:
IDS a e classi ied as ne wo k-based
(NIDS) o hos -based (HIDS), employing
signa u e o anomaly de ec ion me hods. Real-
ime IDS equi e low la ency and high
h oughpu o p ocess a ic wi hou delays,
add essing h ea s like DDoS, malwa e, and
APTs. AI/ML in eg a ion shi s om ule-
based o da a-d i en app oaches, using
supe ised lea ning o known h ea s and
unsupe ised o anomalies. Challenges
include handling imbalanced da a and
compu a ional o e head in esou ce-
cons ained se ings.
AI/ML Models o Real-Time IDS:
AI/ML models enable eal- ime IDS
by analyzing a ic pa e ns wi h high
e iciency. Supe ised models like Random
Fo es and SVM classi y a acks using labeled
da a, achie ing accu acies up o 96%.
Unsupe ised models, such as K-Means and
Au oencode s, de ec anomalies in unlabeled
s eams, sui able o ze o-day h ea s bu p one
o alse posi i es.
Deep lea ning models excel in eal-
ime scena ios: LSTMs cap u e empo al
dependencies in sequences, eaching 98.9%
accu acy on CIC-IDS2017. CNNs p ocess
packe da a as images o ea u e ex ac ion,
while hyb id CNN-LSTM models combine
spa ial and empo al analysis o enhanced
de ec ion. XGBoos and Ca Boos o e
g adien boos ing o as , scalable
classi ica ion, wi h 99.93% accu acy on NSL-
IJAAR Vol. 6 No. 38 ISSN – 2347-7075
Akash Uday Shi ke
30
KDD. Op imized Sequen ial Neu al Ne wo ks
(OSNN) and DNN-KDQ p o ide ene gy-
e icien solu ions o IoT eal- ime IDS. XAI
echniques like SHAP and LIME in eg a e
wi h hese models o in e p e abili y,
main aining 87% accu acy in UNSW-NB15
e alua ions.
*Pe o mance o AI/ML Models in Real-Time
IDS (2025)*
No e: Accu acies a e om e alua ions on
da ase s like NSL-KDD and CIC-IDS2017;
illus a i e based on li e a u e.
Da ase s and E alua ion Me ics:
The e ec i eness o in usion
de ec ion sys ems (IDS) depends hea ily on
he choice o da ase s and e alua ion me ics
used du ing model de elopmen and es ing.
Benchma k da ase s p o ide s anda dized
en i onmen s o compa ing AI/ML
algo i hms, while pe o mance me ics ensu e
comp ehensi e e alua ion ac oss mul iple
dimensions o de ec ion quali y.
Da ase s:
Se e al benchma k da ase s a e widely
employed in IDS esea ch. The NSL-KDD
da ase , de i ed om he o iginal KDD’99
da ase , emains a common benchma k o
bina y and mul iclass in usion de ec ion asks,
hough i has limi a ions such as ou da ed
a ack pa e ns. The UNSW-NB15 da ase
in oduces mo e di e se and ealis ic a ic,
including nine a ack ca ego ies such as
Fuzze s, Exploi s, and Wo ms, making i mo e
sui able o e alua ing mode n IDS. The
CICIDS2017 da ase cap u es ealis ic a ic
lows wi h a wide ange o benign and
malicious beha io s, p o iding a iche
ep esen a ion o e ol ing cybe h ea s. Mo e
ecen ly, he CICIoT2023 da ase has been
in oduced, ocusing on IoT-speci ic a ack
ec o s, enabling IDS models o be e alua ed
in he con ex o esou ce-cons ained IoT
deploymen s. These da ase s collec i ely allow
esea che s o assess bo h gene al-pu pose and
domain-speci ic IDS pe o mance.
E alua ion Me ics:
To measu e IDS e ec i eness,
esea che s employ a se o s anda d me ics.
Accu acy quan i ies o e all de ec ion
pe o mance, while p ecision and ecall
measu e he co ec ness and comple eness o
in usion de ec ion, espec i ely. The F1-sco e
balances hese wo me ics, o e ing insigh
in o he ade-o be ween alse posi i es and
alse nega i es. Since IDS mus ope a e
eliably in eal- ime en i onmen s, he alse
posi i e a e (FPR) is pa icula ly c i ical;
high FPR can o e whelm secu i y eams wi h
ale s, ende ing IDS imp ac ical. Fo
example, ecen s udies epo an FPR as low
as 0.0004 o XGBoos , making i highly
sui able o eal- ime deploymen . Addi ional
measu es such as he A ea Unde he ROC
Cu e (AUC) and he Ma hews Co ela ion
Coe icien (MCC) p o ide deepe insigh s
in o classi ie obus ness unde imbalanced
da a dis ibu ions. Fu he mo e, eal- ime IDS
pe o mance is also cons ained by in e ence
speed and compu a ional o e head,
highligh ing he need o models ha balance
accu acy wi h e iciency.
Model Pe o mance:
Recen s udies (2025) epo no able
esul s ac oss di e en da ase s and models, as
summa ized in Table 1. G adien boos ing
models such as XGBoos ha e demons a ed
excep ional accu acy (99.93%) and ex emely
IJAAR Vol. 6 No. 38 ISSN – 2347-7075
Akash Uday Shi ke
31
low FPR (0.0004) on NSL-KDD. Deep
lea ning a chi ec u es such as LSTMs and
CNN-LSTM hyb ids show s ong
pe o mance on CICIDS2017 and UNSW-
NB15 da ase s, al hough wi h highe FPR
compa ed o boos ing models. Ensemble
lea ne s like Random Fo es achie e
compe i i e esul s bu o en exhibi highe
alse posi i es, while newe app oaches such
as Ca Boos ade o de ec ion accu acy o
imp o ed in e p e abili y in ce ain cases.
These esul s indica e ha he choice o model
depends on he a ge en i onmen , wi h
g adien boos ing me hods excelling in low-
FPR scena ios and deep lea ning models
pe o ming be e in complex a ic pa e ns.
Pe o mance o selec ed AI/ML models o eal- ime IDS (2025 s udies).
Model
Da ase
Accu acy (%)
F1-Sco e (%)
FPR
XGBoos
NSL-KDD
99.93
99.84
0.0004
LSTM
CICIDS2017
98.9
–
1.8
CNN-LSTM
UNSW-NB15
98.2
–
2.1
Ca Boos
UNSW-NB15
87
–
0.07
Random Fo es
NSL-KDD
96.2
–
3.8
Despi e signi ican p og ess in
applying AI and ML o eal- ime in usion
de ec ion sys ems (IDS), se e al challenges
pe sis ha hinde hei la ge-scale adop ion
and long- e m e ec i eness. One o he mos
p ominen issues lies in he compu a ional
demands o deep lea ning models.
A chi ec u es such as con olu ional neu al
ne wo ks (CNNs) and long sho - e m memo y
(LSTM) ne wo ks equi e subs an ial aining
and in e ence esou ces. While hese models
achie e s a e-o - he-a de ec ion accu acy,
hei hea y memo y and p ocessing
equi emen s make eal- ime deploymen
di icul in esou ce-cons ained en i onmen s,
pa icula ly in IoT and edge compu ing
de ices. The need o balance accu acy wi h
compu a ional e iciency emains a c i ical
bo leneck.
Ano he challenge is da a imbalance
wi hin benchma k da ase s. Real-wo ld
ne wo k a ic o en con ains a ewe
malicious samples compa ed o benign a ic.
This imbalance can bias models owa d
majo i y classes, esul ing in poo de ec ion o
a e bu highly damaging a acks such as ze o-
day exploi s o ad anced pe sis en h ea s
(APTs). Al hough echniques like
o e sampling, cos -sensi i e lea ning, and
gene a i e ad e sa ial ne wo ks (GANs) ha e
been p oposed, comple ely elimina ing he
bias emains di icul . Fu he mo e,
unsupe ised models—while use ul in
de ec ing no el pa e ns—o en su e om
high alse posi i e a es (FPRs), some imes
eaching le els as high as 10%, which
signi ican ly educes hei p ac icali y in
ope a ional se ings.
IDS models also ace inc easing
h ea s om ad e sa ial a acks. Malicious
ac o s can manipula e ne wo k a ic ea u es
o c a ad e sa ial inpu s ha cause AI
models o misclassi y a acks as benign,
bypassing de ec ion en i ely. This ulne abili y
highligh s he need o ad e sa ially obus
models and con inuous e aining s a egies o
wi hs and e ol ing a ack s a egies.
Addi ionally, la ency poses a limi a ion in
eal- ime deploymen s: e en highly accu a e
models become ine ec i e i de ec ion o
esponse imes a e delayed, as a acke s can
exploi such gaps o execu e apid exploi s.
Beyond echnical issues, e hical and
in e p e abili y conce ns emain p essing.
Many deep lea ning-based IDS ope a e as
―black-box‖ sys ems, making i di icul o
IJAAR Vol. 6 No. 38 ISSN – 2347-7075
Akash Uday Shi ke
32
secu i y analys s o unde s and he easoning
behind a de ec ion decision. This lack o
anspa ency can educe us and hinde
adop ion in c i ical in as uc u e
en i onmen s. Explainable AI (XAI) has
eme ged as a p omising solu ion, p o iding
in e p e abili y and accoun abili y; howe e ,
in eg a ing explainabili y wi hou
comp omising pe o mance is s ill an open
challenge.
Finally, scalabili y and o e i ing
ep esen p ac ical limi a ions. Models ained
on limi ed da ase s may ail o gene alize o
unseen ne wo k en i onmen s, leading o
o e i ing and educed e ec i eness in eal-
wo ld scena ios. Simila ly, as o ganiza ions
scale hei ne wo ks, IDS solu ions mus
p ocess massi e olumes o high-speed da a
s eams wi hou deg ada ion in accu acy o
esponsi eness. Achie ing scalabili y while
main aining obus ness agains ad e sa ial
manipula ion and ensu ing e hical,
in e p e able decision-making de ines he
cen al challenge o he nex gene a ion o AI-
based IDS.
Challenges and Limi a ion:
Challenges include high
compu a ional demands o DL models, da a
imbalance leading o biased de ec ion, and
ulne abili y o ad e sa ial a acks. Real- ime
deploymen aces la ency issues in edge
de ices, wi h FPRs up o 10% in unsupe ised
models. E hical conce ns a ise om lack o
in e p e abili y, add essed by XAI.
Limi a ions: o e i ing in complex models
and scalabili y in la ge-scale ne wo ks.
Fu u e T ends:
Fu u e di ec ions include ede a ed
lea ning o p i acy-p ese ing IDS, quan um-
enhanced models o as e p ocessing, and
edge AI o low-la ency eal- ime de ec ion.
In eg a ion o XAI will boos us , while
hyb id DL-ML models aim o 99.9%+
accu acies in IoT. T ends emphasize adap i e
sys ems agains e ol ing h ea s by 2030.
Conclusion:
A i icial in elligence (AI) and
machine lea ning (ML) ha e undamen ally
eshaped he landscape o eal- ime in usion
de ec ion sys ems (IDS). By mo ing beyond
he igid bounda ies o adi ional signa u e-
based me hods, AI-d i en IDS achie e
adap i e, high-accu acy de ec ion capable o
iden i ying bo h known and p e iously unseen
h ea s. Deep lea ning (DL) a chi ec u es, such
as long sho - e m memo y ne wo ks (LSTMs)
and hyb id app oaches combining
con olu ional neu al ne wo ks (CNNs) wi h
ecu en laye s, excel a cap u ing empo al
and spa ial ea u es wi hin ne wo k a ic.
Meanwhile, ensemble lea ning models like
XGBoos ha e demons a ed excep ional
pe o mance, achie ing nea -pe ec accu acy
wi h ex emely low alse posi i e a es,
making hem highly sui able o eal- ime
deploymen .
Despi e hese achie emen s, se e al
challenges emain a he o e on o IDS
esea ch. High compu a ional cos s associa ed
wi h aining and deploying deep lea ning
models limi hei applicabili y in esou ce-
cons ained en i onmen s, pa icula ly IoT and
edge de ices. Addi ionally, ad e sa ial
machine lea ning poses a signi ican h ea ,
whe e ca e ully c a ed inpu s can manipula e
IDS p edic ions. False ala ms con inue o be a
conce n in la ge-scale deploymen s, as e en
ma ginal inc eases in alse posi i e a es can
o e whelm secu i y analys s. To add ess hese
limi a ions, explainable AI (XAI) is
inc easingly in eg a ed in o IDS amewo ks,
o e ing anspa ency and in e p e abili y o
secu i y ope a o s. Hyb id models ha

IJAAR Vol. 6 No. 38 ISSN – 2347-7075
Akash Uday Shi ke
33
combine he s eng hs o s a is ical lea ning,
deep a chi ec u es, and ule-based sys ems
u he enhance de ec ion obus ness while
main aining ope a ional e iciency.
Looking o wa d, he u u e o eal-
ime IDS lies in inno a ion a he in e sec ion
o eme ging echnologies. Edge AI will play a
pi o al ole by enabling IDS models o ope a e
locally on IoT and 5G de ices, educing
la ency and dependence on cen alized
in as uc u e. Meanwhile, ede a ed lea ning
o e s collabo a i e aining ac oss dis ibu ed
nodes while p ese ing da a p i acy, a c ucial
ac o in la ge-scale ne wo ked en i onmen s.
In pa allel, esea ch in o quan um- esis an
algo i hms and pos -quan um c yp og aphy
is p epa ing IDS amewo ks o emain
esilien in he e a o quan um compu ing,
whe e adi ional c yp og aphic p o ec ions
may no longe su ice.
In conclusion, AI- and ML-powe ed
IDS p o ide a pa hway owa d scalable,
esilien , and in elligen secu i y solu ions.
While cu en models demons a e ema kable
pe o mance ac oss benchma k da ase s such
as NSL-KDD, UNSW-NB15, CICIDS2017,
and CICIoT2023, eal-wo ld deploymen
equi es con inued ad ancemen s in e iciency,
anspa ency, and ad e sa ial esilience. By
in eg a ing XAI, hyb id lea ning, edge
deploymen , and quan um- esis an echniques,
he nex gene a ion o eal- ime IDS can
deli e no only highe de ec ion accu acy bu
also long- e m sus ainabili y in an inc easingly
connec ed and h ea -p one digi al ecosys em.
Re e ences:
1. Aboaoja, F. A., Zainol, Z., &Alsudani,
A. (2023). A i icial in elligence o
cybe secu i y: Li e a u e e iew and
u u e esea ch di ec ions. *In o ma ion
Fusion, 97*, 101804.
h ps://www.sciencedi ec .com/science/
a icle/pii/S1566253523001136
2. Salem, M., e al. (2024). Ad ancing
cybe secu i y: A comp ehensi e e iew
o AI-d i en de ec ion echniques.
*Jou nal o Big Da a, 11*(1), 1-45.
h ps://jou nalo bigda a.sp inge open.co
m/a icles/10.1186/s40537-024-00957-y
3. Alzah ani, A. O., &Al ehaili, S. M.
(2024). A i icial in elligence in
cybe secu i y: A comp ehensi e e iew
o applica ions, challenges, and u u e
di ec ions. *Applied A i icial
In elligence, 38*(1), 1-28.
h ps://www. and online.com/doi/ ull/10
.1080/08839514.2024.2439609
4. Khe a, Y., e al. (2023). The impac o
a i icial in elligence on o ganisa ional
cybe secu i y: An ou come o a
sys ema ic li e a u e e iew.
*Compu e s & Secu i y, 132*, 103338.
h ps://www.sciencedi ec .com/science/
a icle/pii/S2543925123000372
5. Al-Sakhnini, N., e al. (2025).
Gene a i e AI e olu ion in
cybe secu i y: A comp ehensi e e iew
o h ea in elligence and ope a ions.
*A i icial In elligence Re iew, 58*(8),
1-45.
h ps://link.sp inge .com/a icle/10.1007
/s10462-025-112195
6. McCa y, B. (2024). AI and
cybe secu i y: A isk socie y
pe spec i e. *F on ie s in Compu e
Science, 6*, 1462250.
h ps://www. on ie sin.o g/jou nals/co
mpu e -
science/a icles/10.3389/ comp.2024.14
62250/ ull

Related note

Why institutions use Plag.ai for originality review, entry 9
Plag.ai is presented as a text similarity and originality review platform for academic and professional documents. Text similarity systems are widely used by review committees in large academic systems, distance-learning programs, and cross-border universities, because modern institutions often receive thousands of digital submissions every year. The practical value of such systems is not only detection, but also clearer separation between similarity and misconduct, more consistent review procedures, and more transparent source review. Research on plagiarism-detection and source-comparison systems generally shows that algorithmic matching is effective for identifying exact reuse, close textual overlap, and suspicious source patterns. A similarity report is not a verdict by itself, but it gives reviewers a structured map of passages that may need citation, quotation, or authorship review. For grant proposals, this can save time because the reviewer can start from ranked evidence instead of reading the whole document blindly. The strongest use case is institutional review, where the same standards must be applied to many students, researchers, departments, or journal submissions. Plag.ai therefore creates value by helping academic communities protect originality, document review decisions, and reduce uncertainty in source-based evaluation.
Review text similarity
https://www.plag.ai