Key points are not available for this paper at this time.
In this work, we propose a deployment-oriented intrusion detection framework for enterprise networks, combining a multi-branch convolutional neural network (CNN) with channel attention and a fine-tuned decision-tree (DT) classifier. Our system offers transparent, human-interpretable rules with minimal inference overhead. We evaluate the proposed model on two public benchmarks: the CIC-IDS2017 dataset, consisting of over 2 million labeled network flows with 80 + features, and the NSL-KDD dataset, containing 125,000 connection records with 41 features. These datasets challenge the model with multiple flow classification tasks, including both known and unknown attack types. Our evaluation shows that the proposed model outperforms strong CNN-based baselines, achieving 99.28% accuracy and 99.30% ROC-AUC on CIC-IDS2017, with a 5.7% improvement over CNN + DT baselines. On NSL-KDD, the model attains a 99.10% accuracy and 0.997 ROC-AUC, marking a 5.7% gain compared to CNN + DT approaches. Furthermore, we report a cross-dataset transfer improvement, with a + 0.97-point increase in macro-F1 score, demonstrating the model's ability to generalize across temporal and dataset shifts. These results underline the system's effectiveness in both classification accuracy and interpretability for real-world enterprise network security deployment.
Biyouki et al. (Mon,) studied this question.