On the Effectiveness of Random Undersampling for Intrusion Detection of Imbalanced Network Traffic

{"name"=>"Phi Ngoc Nguyen", "type"=>"co-first"} , {"name"=>"Tuan-Cuong Vuong"} , {"name"=>"Trang Xuan Mai"} , {"name"=>"Vu-Duc Ngo"} , {"name"=>"Hung Tran"} , {"name"=>"Huan Vu"} , {"name"=>"Thien Luong Van", "type"=>"corresponding"}

CITA 2026 (2025) Conference

PDF

Abstract

Class imbalance is a prevalent challenge in network intrusion detection, where normal traffic significantly outnumbers malicious activities. While various sophisticated techniques have been proposed to address this issue, the effectiveness of simple random undersampling remains underexplored. This paper provides a comprehensive empirical study on the effectiveness of random undersampling for intrusion detection in imbalanced network traffic scenarios. We evaluate its performance across multiple datasets and compare it with more complex balancing techniques. Our findings reveal that random undersampling, despite its simplicity, achieves competitive or even superior performance in many cases, while offering significant computational advantages.

Abstract

Key Contributions

Comprehensive Empirical Study: Extensive evaluation of random undersampling for intrusion detection
Multi-dataset Analysis: Evaluation across various network intrusion datasets
Comparative Study: Detailed comparison with sophisticated balancing techniques
Practical Insights: Guidelines for applying random undersampling in real-world scenarios
Computational Efficiency: Analysis of computational advantages over complex methods

Conference Details

Conference: CITA 2026 (The 15th Conference on Information Technology and its Applications)
Status: Under Review
Year: 2025

Keywords

Intrusion Detection, Imbalanced Learning, Random Undersampling, Network Security, Machine Learning