Deteccion de intrusiones en redes mediante algoritmos de aprendizaje automatico: Un estudio multiclase sobre el conjunto de datos NSL-KDD

Intrusion detection is a critical component of cybersecurity, responsible for identifying unauthorized access or anomalous behavior in computer networks. This paper presents a comprehensive study on intrusion detection in networks using classical machine learning algorithms applied to the multiclass version of the NSL-KDD dataset (Normal, DoS, Probe, R2L, and U2R classes). The characteristics of NSL-KDD are described in detail, including its variants and class distribution, and the data preprocessing process (cleaning, coding, and normalization) is documented. Four supervised classification models were implemented: Logistic Regression, Decision Tree, Random Forest, and XGBoost, whose performance is evaluated using standard metrics (accuracy, recall, F1 score, confusion matrix, and area under the ROC curve). Experiments show that models based on tree sets (Random Forest and XGBoost) achieve the best performance, with accuracies approaching 99%, significantly outperforming logistic regression and individual decision trees. The ability of each model to detect each attack category is also analyzed, highlighting the challenges in identifying rare attacks (R2L and U2R). Finally, the implications of the results are discussed, comparing them with the state of the art, and potential avenues for future research are proposed, such as the application of class balancing techniques and deep learning models to improve intrusion detection.