The ability to identify and assess potential security risks to a communication network is a critical function of network intrusion detection systems. The data it provides regarding the frequency and type of assaults is a valuable addition to other network security measures, including firewalls. Typically, an NIDS will have a sensor that scans all incoming and outgoing packets on the monitored network, flags those that seem suspicious, and then sends the flagged packets and an alert message to a server system, which will then store them and analyse them in conjunction with other events. First, we standardised the protocol structure. Then, we used a genetic approach to generate mutation and cross-over values for device identification. Finally, we used a modified J48 decision tree algorithm to conduct our search. The developed algorithms/ones outperform the existing methods in terms of performance. As an initial step in detecting an intrusion, the 64-byte structured protocol standardisation technique is created. The wire shark tool is used to monitor the communication process network, taking into account all potential transactions. An array is created from the recorded packets. Included in the array are details about the frames, as well as the protocol type, hardware device type, source and destination IP addresses, MAC addresses, and data. This information is transformed by the 64-byte protocol structured standardisation. Because all of the necessary attributes are determined in the same place by this common protocol structure procedure, finding the MAC and IP addresses in packets should take as little time as possible. As a second step, the product and device details are supplied by the least and most important 16 bits of the MAC address. Using the cross-over and mutation functions, the genetic iv method compares the invader device to the Current Active Directory List (CADL).