<![CDATA[The increasing complexity of network security threats demands intrusion detection systems that are both contextual and adaptive. Conventional signature-based Intrusion Detection Systems (IDS) suffer from limitations in detecting emerging and previously unseen attack patterns, making machine learning–based approaches a more flexible alternative. However, fragmented packet-level feature representations still limit the ability of models to capture network behavior comprehensively. This study aims to evaluate the performance of boosting models, namely XGBoost and LightGBM, using the publicly available Cybersecurity Intrusion Detection Dataset from Kaggle, which represents network activity at the session level. The proposed approach develops a session-level feature representation based on aggregated and ratio-based features to capture network behavior characteristics more comprehensively. Experimental results demonstrate that the implementation of session-level feature representation yields consistent improvements across multiple evaluation metrics. Accuracy increased from 0.8779 to 0.8847, while the F1-score improved from 0.8452 to 0.8525 for XGBoost and from 0.8455 to 0.8523 for LightGBM. Furthermore, ROC-AUC increased from 0.8789 to 0.8844 for XGBoost and from 0.8793 to 0.8859 for LightGBM. Although the improvement in accuracy is relatively moderate, the gains in F1-score and ROC-AUC indicate enhanced discriminative capability and a better balance between precision and recall. The main contribution of this study lies in the integration of session-level feature engineering with boosting models within a systematic evaluation framework, emphasizing the critical role of behavioral feature representation in improving intrusion detection performance.]]>
Copyrights © 2026
