The escalating volume and sophistication of cyberattacks on network infrastructures processing massive daily traffic have overwhelmed security teams in prioritizing incident responses rapidly and accurately, a phenomenon known as alert fatigue. This study aims to analyze and compare the performance of the Support Vector Machine (SVM) and Random Forest (RF) algorithms for classifying cyberattack severity levels (Low, Medium, and High). The study uses the public Cyber Security Attacks dataset, consisting of 40,000 network traffic records reduced to 20,000 clean entries through preprocessing and feature engineering. The methodology includes data cleaning, selecting 10 significant features using SelectKBest, standardizing numerical features, and evaluating models across three data split scenarios (70:30, 80:20, and 90:10) using a stratified splitting approach. Experimental results show that SVM consistently outperforms RF across all scenarios, with the best performance in the 80:20 split, achieving 98.92% accuracy and a weighted average F1-Score of 0.99 using hyperparameter configurations of C = 100 and gamma = 0.01. The superiority of SVM lies in its ability to model non-linear relationships and complex feature interactions in data with overlapping class boundaries. In contrast, RF exhibits an over-prediction bias toward the minority class (’Low’) due to the class_weight=’balanced’ mechanism and limitations of axis-based separation. These findings confirm that SVM with a Radial Basis Function (RBF) kernel is more suitable for cyberattack severity classification, particularly in automated incident detection systems requiring balanced precision and recall as well as reliable decision-making.

Cyber Security; Attack Classification; Machine Learning; Random Forest; Support Vector Machine

B. O. Zhang, Y. Gao, B. Kuang, C. Yu, A. Fu, and W. Susilo, “A survey on advanced persistent threat detection: A unified framework, challenges, and countermeasures,” ACM, vol. 57, no. 3, 2026, doi: 10.1145/3700749.

V. Sharma, “Advanced persistent threat (APT) detection using SIEM: A review of techniques and tools,” Engineering and Technology Journal, vol. 10, no. 7, pp. 5738–5746, 2025, doi: 10.47191/etj/v10i07.21.

A. Awaludin, W. Sulistyadi, and A. F. Chandra, “Analysis of attacks and cybersecurity in the health sector during the COVID-19 pandemic: A scoping review,” Journal of Social Science, vol. 4, no. 1, pp. 62–70, Jan. 2023, doi: 10.46799/jss.v4i1.512.

M. Bhukya et al., “IoT network attack severity,” in E3S Web of Conferences, 2023.

A. S. Alqahtani, O. A. Altammami, and M. A. Haq, “A comprehensive analysis of network security attack classification using machine learning algorithms,” International Journal of Advanced Computer Science and Applications, vol. 15, no. 4, pp. 1269–1280, 2024.

H. Z. Rui, T. Y. Chien, L. X. Ee, C. W. San, and L. T. Yi, “Comparison of the use of support vector machine (SVM) and random forest (RF) algorithms for DDoS attack detection,” International Journal of Research and Innovation in Social Science, vol. 9, pp. 1126–1138, 2025.

M. Lopez-Ledezma, “Cyber security data science: Machine learning methods and their performance on imbalanced datasets,” in Digital Management and Artificial Intelligence, 2024, pp. 1–13.

R. Mai and M. Wu, “Using information technology to quantitatively evaluate and prevent cybersecurity threats in a hierarchical manner,” International Journal for Applied Information Management, vol. 3, no. 1, pp. 1–10, 2023.

R. Buchta, A. Data, and S. Hannover, “Advanced persistent threat attack detection systems: A review of approaches, challenges, and trends,” Digital Threats: Research and Practice, vol. 5, no. 4, 2024, doi: 10.1145/3696014.

D. Revaldo, “Implementation of random forest classification and support vector machine algorithms for phishing link detection,” Journal of Informatics, Information System, Software Engineering and Applications, vol. 8106, pp. 127–137, 2024.

V. Malik, A. Khanna, N. Sharma, and S. Nalluri, “Advanced persistent threats (APTs): Detection techniques and mitigation strategies,” International Journal of Global Innovations and Solutions, 2024.

F. Genuario et al., “Machine learning-based methodologies for cyber-attacks and network traffic monitoring: A review and insights,” Information, vol. 15, no. 11, 2024, doi: 10.3390/info15110741.

V. K. Pandey et al., “Enhancing intrusion detection in wireless sensor networks using a tabu search based optimized random forest,” Scientific Reports, vol. 15, no. 1, 2025, doi: 10.1038/s41598-025-03498-3.

Y. Chang and Y. Lin, “Support vector machines with hyperparameter optimization frameworks for classifying mobile phone prices in multi-class,” Electronics, 2025.

W. H. Elashmawi, A. Sheta, and A. Al-Qerem, “Intelligent intrusion detection system using RF, SVM, and DT: A comparison-based KDD dataset,” Journal of Computer Science, vol. 21, no. 8, pp. 1749–1759, 2025, doi: 10.3844/jcssp.2025.1749.1759.

B. Madhu et al., “IoT network attack severity classification,” in E3S Web of Conferences, 2023, doi: 10.1051/e3sconf/202343001152.

W. Chen et al., “A survey on imbalanced learning: Latest research, applications and future directions,” Artificial Intelligence Review, 2024, doi: 10.1007/s10462-024-10759-6.

I. H. Sarker et al., “Cybersecurity data science: An overview from machine learning perspective,” Journal of Big Data, 2020, doi: 10.1186/s40537-020-00318-5.

S. T. Hamidou and A. Mehdi, “Enhancing IDS performance through a comparative analysis of random forest, XGBoost, and deep neural networks,” Machine Learning with Applications, vol. 22, Art. no. 100738, 2025, doi: 10.1016/j.mlwa.2025.100738.

N. D. Primadya, A. Nugraha, and S. Y. Fahrezi, “Optimizing imbalanced data classification: Under sampling algorithm strategy with classification combination,” Techné Jurnal Ilmiah Elektroteknika, pp. 277–288, 2024.

L. Saitta, “Support-vector networks,” Machine Learning, vol. 297, pp. 273–297, 1995.

N. Galea et al., “Comparative evaluation of Optuna-optimized radial basis function and sigmoid kernels in support vector machine,” Indonesian Journal of Artificial Intelligence and Data Mining, vol. 8, no. 3, pp. 677–686, 2025.

F. Genuario et al., “Machine learning-based methodologies for cyber-attacks and network traffic monitoring: A review and insights,” Information, vol. 15, no. 11, 2024, doi: 10.3390/info15110741.

A. Nanda, H. Wahyu, R. Rahmaddeni, S. Sutisna, and R. Rinaldi, “Perbandingan efektivitas random forest, SVM, dan logistic regression dalam deteksi intrusi jaringan,” JATISI, vol. 12, no. 2, pp. 129–139, 2025, doi: 10.35957/jatisi.v12i2.10908.

A. Z. K. Matloob, M. I. Kareem, and H. K. Alwan, “Machine learning-based classification models for efficient DDoS detection,” International Journal of Computing and Digital Systems, vol. 17, no. 1, pp. 1–13, 2025.

M. A. Faizin et al., “Optimizing feature selection method in intrusion detection system using thresholding,” International Journal of Intelligent Engineering and Systems, vol. 17, no. 3, pp. 214–226, 2024, doi: 10.22266/ijies2024.0630.18.

K. Sundaram et al., “A novel hybrid feature selection with cascaded LSTM: Enhancing security in IoT networks,” Wireless Communications and Mobile Computing, 2024, doi: 10.1155/2024/5522431.

A. Nanda and H. Wahyu Perdana, “Perbandingan efektivitas random forest, SVM, dan logistic regression dalam deteksi intrusi jaringan,” vol. 12, no. 2, pp. 129–139, 2025. [Online]. Available: http://jurnal.mdp.ac.id.