A Novel Byte-Level Flow-to-Image Encoding Method for Network Intrusion Detection Systems
For network intrusion detection systems, this encoding method improves classification accuracy by transforming tabular flow data into images, but the gains are dataset-dependent and incremental.
The paper introduces a byte-level flow-to-image encoding method that converts network flow records into fixed-size RGB images, enabling convolutional architectures to exploit spatial correlations. On UNSW-NB15, this method achieves accuracy gains of up to 15.6% for binary and 12.8% for multi-classification; on NSL-KDD, gains are up to 3.5% and 3.2%.
Network-based Intrusion Detection Systems (IDS) are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that converts each network-flow record into a fixed-size RGB image. Continuous features are serialised using IEEE-754 single-precision format and packed sequentially into pixels along an inverted-L shaped trajectory, while discrete features are mapped to byte values and placed contiguously in the middle image row's centre. The encoding is deterministic and reversible, preserving a fixed spatial layout across all samples. Four IDS models are evaluated on NSL-KDD and UNSW-NB15 datasets with both flow and image-based configurations. The image-based representation yields consistent accuracy gains of up to 15.6\% and 12.8\% for binary and multi-classification on UNSW-NB15, and up to 3.5\% and 3.2\% on NSL-KDD, highlighting the potential of byte-level visual encoding to strengthen AI-driven intrusion detection in local computer networks.