This work addresses the limitation of traditional flow-based network intrusion detection systems, which rely on one-dimensional tabular data and thus fail to leverage the spatial feature modeling capacity of convolutional neural networks (CNNs). To overcome this, the authors propose a deterministic and invertible byte-level encoding method that transforms network flow records into fixed-size RGB images. Continuous features are serialized according to the IEEE-754 single-precision format and embedded along an inverted L-shaped trajectory into pixel positions, while discrete features are mapped to byte values and placed in the central row of the image. This approach establishes, for the first time in intrusion detection, a visually structured input with consistent spatial layout, thereby unlocking the full potential of CNNs. Experimental results on the NSL-KDD and UNSW-NB15 datasets demonstrate accuracy improvements of up to 15.6% and 12.8% in binary classification, and 3.5% and 3.2% in multi-class classification, respectively.

Network-based Intrusion Detection Systems (IDS) are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that converts each network-flow record into a fixed-size RGB image. Continuous features are serialised using IEEE-754 single-precision format and packed sequentially into pixels along an inverted-L shaped trajectory, while discrete features are mapped to byte values and placed contiguously in the middle image row's centre. The encoding is deterministic and reversible, preserving a fixed spatial layout across all samples. Four IDS models are evaluated on NSL-KDD and UNSW-NB15 datasets with both flow and image-based configurations. The image-based representation yields consistent accuracy gains of up to 15.6\% and 12.8\% for binary and multi-classification on UNSW-NB15, and up to 3.5\% and 3.2\% on NSL-KDD, highlighting the potential of byte-level visual encoding to strengthen AI-driven intrusion detection in local computer networks.