Adaptive Intrusion Detection System with Ensemble Classifiers for Handling Imbalanced Datasets and Dynamic Network Traffic
DOI:
https://doi.org/10.18196/jrc.v6i1.23648Keywords:
Regulated Adaptive IDS, IDS, KNN, Adaptive Intrusion Detection SystemAbstract
Intrusion Detection Systems (IDS) are crucial for network security, but their effectiveness often diminishes in dynamic environments due to outdated models and imbalanced datasets. This paper presents a novel Adaptive Intrusion Detection System (AIDS) that addresses these challenges by incorporating ensemble classifiers and dynamic retraining. The AIDS model integrates K-Nearest Neighbors (KNN), Fuzzy c-means clustering, and weight mapping to improve detection accuracy and adaptability to evolving network traffic. The system dynamically updates its reference model based on the severity of changes in network traffic, enabling more accurate and timely detection of cyber threats. To mitigate the effects of imbalanced datasets, ensemble classifiers, including Decision Tree (DT) and Random Forest (RF), are employed, resulting in significant performance improvements. Experimental results show that the proposed model achieves an overall accuracy of 97.7% and a false alarm rate (FAR) of 2.0%, outperforming traditional IDS models. Additionally, the study explores the impact of various retraining thresholds and demonstrates the model's robustness in handling both common and rare attack types. A comparative analysis with existing IDS models highlights the advantages of the AIDS model, particularly in dynamic and imbalanced network environments. The findings suggest that the AIDS model offers a promising solution for real-time IDS applications, with potential for further enhancements in scalability and computational efficiency.
References
J. Liang, M. Ma and X. Tan, "GaDQN-IDS: A Novel Self-Adaptive IDS for VANETs Based on Bayesian Game Theory and Deep Reinforcement Learning," in IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 8, pp. 12724-12737, 2022.
E. Gyamfi, J. A. Ansere, M. Kamal, M. Tariq and A. Jurcut, "An Adaptive Network Security System for IoT-Enabled Maritime Transportation," in IEEE Transactions on Intelligent Transportation Systems, vol. 24, no. 2, pp. 2538-2547, Feb. 2023.
S. T. Bakhsh, S. Alghamdi, R. A. Alsemmeari, and S. R. J. I. J. o. D. S. N. Hassan, "An adaptive intrusion detection and prevention system for Internet of Things," International Journal of Distributed Sensor Networks, vol. 15, no. 11, 2019.
A. Almomani, A. Al-Nawasrah, M. Alauthman, M. A. Al-Betar, and F. Meziane, “Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm,” International Journal of Ad Hoc and Ubiquitous Computing, vol. 36, no. 1, pp. 50-65, 2021.
A. Al Nawasrah. Fast flux botnet detection based on adaptive dynamic evolving spiking neural network. University of Salford (United Kingdom), 2018.
A. Al-Nawasrah, A. A. Almomani, S. Atawneh, and M. Alauthman, “A survey of fast flux botnet detection with fast flux cloud computing,” International Journal of Cloud Applications and Computing (IJCAC), vol. 10, no. 3, pp. 17-53, 2020.
A. Al-Nawasrah, A. Al-Momani, F. Meziane and M. Alauthman, "Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm," 2018 9th International Conference on Information and Communication Systems (ICICS), pp. 7-11, 2018.
A. Al-Nawasrah et al., "Botnet Attack Detection Using A Hybrid Supervised Fast-Flux Killer System," in Journal of Web Engineering, vol. 21, no. 2, pp. 179-202, 2022.
A. Zainal, An Adaptive Intrusion Detection Model for Dynamic Network Traffic Patterns Using Machine Learning Techniques. (Doctoral dissertation, Universiti Teknologi Malaysia), 2011.
Z. Yu, J. J. Tsai, and T. Weigert, “An adaptive automatically tuning intrusion detection system,” ACM Transactions on Autonomous and Adaptive Systems (TAAS), vol. 3, no. 3, pp. 1-25, 2008.
T. Merk, V. Peterson, R. Köhler, S. Haufe, R. M. Richardson, and W. J. Neumann, “Machine learning based brain signal decoding for intelligent adaptive deep brain stimulation,” Experimental Neurology, vol. 351, p. 113993, 2022.
K. Albulayhi and F. T. Sheldon, "An Adaptive Deep-Ensemble Anomaly-Based Intrusion Detection System for the Internet of Things," 2021 IEEE World AI IoT Congress (AIIoT), pp. 0187-0196, 2021.
S. Ahmad, F. Arif, Z. Zabeehullah and N. Iltaf, "Novel Approach Using Deep Learning for Intrusion Detection and Classification of the Network Traffic," 2020 IEEE International Conference on Computational Intelligence and Virtual Environments for Measurement Systems and Applications (CIVEMSA), pp. 1-6, 2020.
S. Zwane, P. Tarwireyi and M. Adigun, "Performance Analysis of Machine Learning Classifiers for Intrusion Detection," 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), pp. 1-5, 2018.
T. Zoppi and A. Ceccarelli, “Prepare for trouble and make it double! Supervised–Unsupervised stacking for anomaly-based intrusion detection,” Journal of Network and Computer Applications, vol. 189, p. 103106, 2021.
S. Thakur, A. Chakraborty, R. De, N. Kumar, and R. Sarkar, “Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model,” Computers & Electrical Engineering, vol. 91, p. 107044, 2021.
A. Thakkar and R. Lohiya, "Attack Classification of Imbalanced Intrusion Data for IoT Network Using Ensemble-Learning-Based Deep Neural Network," in IEEE Internet of Things Journal, vol. 10, no. 13, pp. 11888-11895, 2023.
A. Thakkar and R. Lohiya, “A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions,” Artificial Intelligence Review, vol. 55, no. 1, pp. 453-563, 2022.
O. Aouedi, K. Piamrat, G. Muller and K. Singh, "Federated Semisupervised Learning for Attack Detection in Industrial Internet of Things," in IEEE Transactions on Industrial Informatics, vol. 19, no. 1, pp. 286-295, 2023.
K. Sood, M. R. Nosouhi, D. D. N. Nguyen, F. Jiang, M. Chowdhury and R. Doss, "Intrusion Detection Scheme With Dimensionality Reduction in Next Generation Networks," in IEEE Transactions on Information Forensics and Security, vol. 18, pp. 965-979, 2023.
M. Casimiro, P. Romano, D. Garlan, and L. Rodrigues, "Towards a framework for adapting machine learning components," in 2022 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), pp. 131-140, 2022.
X. Li, Z. Hu, M. Xu, Y. Wang, and J. Ma, “Transfer learning based intrusion detection scheme for Internet of vehicles,” Information Sciences, vol. 547, pp. 119-135, 2021.
J. Gu and S. Lu, “An effective intrusion detection approach using SVM with naïve Bayes feature embedding,” Computers & Security, vol. 103, p. 102158, 2021.
Y. Wei, C. Cheng and G. Xie, "OFIDS : Online Learning-Enabled and Fingerprint-Based Intrusion Detection System in Controller Area Networks," in IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 6, pp. 4607-4620, 2023.
S. Hajj, R. El Sibai, J. Bou Abdo, J. Demerjian, A. Makhoul, and C. Guyeux, “Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets,” Transactions on Emerging Telecommunications Technologies, vol. 32, no. 4, p. e4240, 2021.
J. Zipfel, F. Verworner, M. Fischer, U. Wieland, M. Kraus, and P. Zschech, “Anomaly detection for industrial quality assurance: A comparative evaluation of unsupervised deep learning models,” Computers & Industrial Engineering, vol. 177, p. 109045, 2023.
I. Rosenberg, A. Shabtai, Y. Elovici, and L. Rokach, “Adversarial machine learning attacks and defense methods in the cyber security domain,” ACM Computing Surveys (CSUR), vol. 54, no. 5, pp. 1-36, 2021.
S. D. Hunt, and S. Madhavaram, “Adaptive marketing capabilities, dynamic capabilities, and renewal competences: The “outside vs. inside” and “static vs. dynamic” controversies in strategy,” Industrial Marketing Management, vol. 89, pp. 129-139, 2020.
R. M. Adnan, R. R. Mostafa, A. R. M. T. Islam, O. Kisi, A. Kuriqi, and S. Heddam, “Estimating reference evapotranspiration using hybrid adaptive fuzzy inferencing coupled with heuristic algorithms,” Computers and Electronics in Agriculture, vol. 191, p. 106541, 2021.
J. Pacheco, V. H. Benitez, L. C. Félix-Herrán and P. Satam, "Artificial Neural Networks-Based Intrusion Detection System for Internet of Things Fog Nodes," in IEEE Access, vol. 8, pp. 73907-73918, 2020.
O. Lifandali, N. Abghour, and Z. Chiba, “Feature selection using a combination of ant colony optimization and random forest algorithms applied to isolation forest based intrusion detection system,” Procedia Computer Science, vol. 220, pp. 796-805, 2023.
M. A. Elsayed, M. Wrana, Z. Mansour, K. Lounis, S. H. H. Ding and M. Zulkernine, "AdaptIDS: Adaptive Intrusion Detection for Mission-Critical Aerospace Vehicles," in IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 12, pp. 23459-23473, 2022.
M. Alalhareth and S. C. Hong, “An Adaptive Intrusion Detection System in the Internet of Medical Things Using Fuzzy-Based Learning,” Sensors, vol. 23, no. 22, p. 9247, 2023.
F. Zhao, H. Zhang, J. Peng, X. Zhuang, and S. G. Na, “A semi-self-taught network intrusion detection system,” Neural Computing and Applications, vol. 32, pp. 17169-17179, 2020.
C. Zhang, X. Costa-Pérez and P. Patras, "Adversarial Attacks Against Deep Learning-Based Network Intrusion Detection Systems and Defense Mechanisms," in IEEE/ACM Transactions on Networking, vol. 30, no. 3, pp. 1294-1311, 2022.
F. Alotaibi and S. Maffeis, "Rasd: Semantic Shift Detection and Adaptation for Network Intrusion Detection," in IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 16-30, 2024.
A. J. Siddiqui and A. Boukerche, “Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection,” Computing, vol. 103, no. 6, pp. 1209-1232, 2021.
A. Khraisat and A. Alazab, “A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges” Cybersecurity, vol. 4, pp. 1-27, 2021.
K. S. Adewole et al., “Empirical analysis of data streaming and batch learning models for network intrusion detection,” Electronics, vol. 11, no. 19, p. 3109, 2022.
L. Singh and H. Jahankhani, “An Approach of Applying, Adapting Machine Learning into the IDS and IPS Component to Improve Its Effectiveness and Its Efficiency,” Artificial Intelligence in Cyber Security: Impact and Implications: Security Challenges, Technical and Ethical Issues, Forensic Investigative Challenges, pp. 43-71, 2021.
P. Aravamudhan, “A novel adaptive network intrusion detection system for internet of things,” Plos one, vol. 18, no. 4, p. e0283725, 2023.
N. Sourbier. Learning-Based Network Intrusion Detection: an Imbalanced, Constantly Evolving and Timely Problem (Doctoral dissertation, INSA de Rennes), 2022.
A. Ghosh. ME-IDS: An Ensemble Transfer Learning Framework Based on Misclassified Samples for Intrusion Detection Systems. Dalhousie University, 2023.
L. Xu, “Phased progressive learning with coupling-regulation-imbalance loss for imbalanced data classification,” Neural Computing and Applications, pp. 1-20, 2024.
N. Malekghaini. Adapting to data drift in encrypted traffic classification using deep learning (Master's thesis, University of Waterloo), 2023.
B. Sabir, F. Ullah, M. A. Babar, and R. Gaire, “Machine learning for detecting data exfiltration: A review,” ACM Computing Surveys (CSUR), vol. 54, no. 3, pp. 1-47, 2021.
S. Seth, K. K. Chahal, and G. Singh, “Concept Drift–Based Intrusion Detection For Evolving Data Stream Classification In IDS: Approaches And Comparative Study,” The Computer Journal, bxae023, 2024.
J. Suaboot et al., “A taxonomy of supervised learning for idss in scada environments,” ACM Computing Surveys (CSUR), vol. 53, no. 2, pp. 1-37, 2020.
K. L. Pennington, T. Y. Chan, M. P. Torres, and J. Andersen, “The dynamic and stress-adaptive signaling hub of 14-3-3: emerging mechanisms of regulation and context-dependent protein–protein interactions,” Oncogene, vol. 37, no. 42, pp. 5587-5604, 2018.
M. Juez-Gil, Á. Arnaiz-González, J. J. Rodríguez, “Experimental evaluation of ensemble classifiers for imbalance in big data,” Applied soft computing, vol. 108, p. 107447, 2021.
C. -F. Tsai and W. -C. Lin, "Feature Selection and Ensemble Learning Techniques in One-Class Classifiers: An Empirical Study of Two-Class Imbalanced Datasets," in IEEE Access, vol. 9, pp. 13717-13726, 2021.
Z. Chen, J. Duan, L. Kang, and G. Qiu, “A hybrid data-level ensemble to enable learning from highly imbalanced dataset,” Information Sciences, vol. 554, pp. 157-176, 2021.
Y. Xu, Z. Yu, C. L. P. Chen and Z. Liu, "Adaptive Subspace Optimization Ensemble Method for High-Dimensional Imbalanced Data Classification," in IEEE Transactions on Neural Networks and Learning Systems, vol. 34, no. 5, pp. 2284-2297, 2023.
N. Liu, X. Li, E. Qi, M. Xu, L. Li and B. Gao, "A Novel Ensemble Learning Paradigm for Medical Diagnosis With Imbalanced Data," in IEEE Access, vol. 8, pp. 171263-171280, 2020.
R. G. Devi and P. Sumanjani, "Improved classification techniques by combining KNN and Random Forest with Naive Bayesian classifier," 2015 IEEE International Conference on Engineering and Technology (ICETECH), pp. 1-4, 2015.
A. P. Engelbrecht and R. Brits, “Supervised training using an unsupervised approach to active learning,” Neural processing letters, vol. 15, pp. 247-260, 2002.
J. V. De Oliveira and W. Pedrycz (Eds.). Advances in fuzzy clustering and its applications. John Wiley & Sons, 2007.
V. H. A. Ribeiro and G. Reynoso-Meza, “Ensemble learning by means of a multi-objective optimization design approach for dealing with imbalanced data sets,” Expert Systems with Applications, vol. 147, p. 113232, 2020.
X. Yin, Q. Liu, Y. Pan, X. Huang, J. Wu, and X. Wang, “Strength of stacking technique of ensemble learning in rockburst prediction with imbalanced data: Comparison of eight single and ensemble models,” Natural Resources Research, vol. 30, pp. 1795-1815, 2021.
H. G. Zefrehi and H. Altınçay, “Imbalance learning using heterogeneous ensembles,” Expert Systems with Applications, vol. 142, p. 113005, 2020.
A. Almomani, A. Al-Nawasrah, W. Alomoush, M. Al-Abweh, A. Alrosan, and B. B. Gupta, “Information management and IoT technology for safety and security of smart home and farm systems,” Journal of Global Information Management (JGIM), vol. 29, no. 6, pp. 1-23, 2021.
W. Alomoush, A. Alrosan, A. Almomani, K. Alissa, O. A. Khashan, and A. Al-Nawasrah, “Spatial information of fuzzy clustering based mean best artificial bee colony algorithm for phantom brain image segmentation,” International Journal of Electrical and Computer Engineering (IJECE), vol. 11, no. 5, pp. 4050-4058, 2021.
A. Almomani, A. Al-Nawasrah, M. Alauthman, M. A. Al-Betar, and F. Meziane, “Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm,” International Journal of Ad Hoc and Ubiquitous Computing, vol. 36, no. 1, pp. 50-65, 2021.
H. A. Al Issa, M. H. Al-Jarah, A. Almomani, and A. Al-Nawasrah, “Encryption and decryption cloud computing data based on XOR and genetic algorithm,” International Journal of Cloud Applications and Computing (IJCAC), vol. 12, no. 1, pp. 1-10, 2022.
A. Al Nawasrah. Fast flux botnet detection based on adaptive dynamic evolving spiking neural network. University of Salford (United Kingdom). 2018.
M. S. ElSayed, N. A. Le-Khac, M. A. Albahar, and A. Jurcut, “A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique,” Journal of Network and Computer Applications, vol. 191, p. 103160, 2021.
M. D. Rokade and Y. K. Sharma, "MLIDS: A Machine Learning Approach for Intrusion Detection for Real Time Network Dataset," 2021 International Conference on Emerging Smart Computing and Informatics (ESCI), pp. 533-536, 2021.
Q. Qin, K. Poularakis, K. K. Leung and L. Tassiulas, "Line-Speed and Scalable Intrusion Detection at the Network Edge via Federated Learning," 2020 IFIP Networking Conference (Networking), pp. 352-360, 2020.
Y. Fu, Y. Du, Z. Cao, Q. Li, and W. Xiang, “A deep learning model for network intrusion detection with imbalanced data,” Electronics, vol. 11, no. 6, p. 898, 2022.
K. Sood, M. R. Nosouhi, D. D. N. Nguyen, F. Jiang, M. Chowdhury and R. Doss, "Intrusion Detection Scheme With Dimensionality Reduction in Next Generation Networks," in IEEE Transactions on Information Forensics and Security, vol. 18, pp. 965-979, 2023.
Q. R. S. Fitni and K. Ramli, "Implementation of Ensemble Learning and Feature Selection for Performance Improvements in Anomaly-Based Intrusion Detection Systems," 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), pp. 118-124, 2020.
C. Iwendi, S. Khan, J. H. Anajemba, M. Mittal, M. Alenezi, and M. Alazab, “The use of ensemble models for multiple class and binary class classification for improving intrusion detection systems,” Sensors, vol. 20, no. 9, p. 2559, 2020.
Y. Zhou, G. Cheng, S. Jiang, and M. Dai, “Building an efficient intrusion detection system based on feature selection and ensemble classifier,” Computer networks, vol. 174, p. 107247, 2020.
A. Abbas, M. A. Khan, S. Latif, M. Ajaz, A. A. Shah, and J. Ahmad, “A new ensemble-based intrusion detection system for internet of things,” Arabian Journal for Science and Engineering, pp. 1-15, 2022.
B. S. Bhati, G. Chugh, F. Al‐Turjman, and N. S. Bhati, “An improved ensemble based intrusion detection technique using XGBoost,” Transactions on emerging telecommunications technologies, vol. 32, no. 6, p. e4076, 2021.
A. Alhowaide, I. Alsmadi, and J. Tang, “Ensemble detection model for IoT IDS,” Internet of Things, vol. 16, p. 100435, 2021.
S. Ennaji, N. E. Akkad and K. Haddouch, "A Powerful Ensemble Learning Approach for Improving Network Intrusion Detection System (NIDS)," 2021 Fifth International Conference On Intelligent Computing in Data Sciences (ICDS), pp. 1-6, 2021.
E. Jaw and X. Wang, “Feature selection and ensemble-based intrusion detection system: an efficient and comprehensive approach,” Symmetry, vol. 13, no. 10, p. 1764, 2021.
D. N. Mhawi, A. Aldallal, and S. Hassan, “Advanced feature-selection-based hybrid ensemble learning algorithms for network intrusion detection systems,” Symmetry, vol. 14, no. 7, p. 1461, 2022.
F. Jemili, R. Meddeb, and O. Korbaa, “Intrusion detection based on ensemble learning for big data classification,” Cluster Computing, vol. 27, no. 3, pp. 3771-3798, 2024.
Y. Alotaibi and M. Ilyas, “Ensemble-learning framework for intrusion detection to enhance internet of things’ devices security,” Sensors, vol. 23, no. 12, p. 5568, 2023.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Moaad Abdulaziz Almania
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This journal is based on the work at https://journal.umy.ac.id/index.php/jrc under license from Creative Commons Attribution-ShareAlike 4.0 International License. You are free to:
- Share – copy and redistribute the material in any medium or format.
- Adapt – remix, transform, and build upon the material for any purpose, even comercially.
The licensor cannot revoke these freedoms as long as you follow the license terms, which include the following:
- Attribution. You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- ShareAlike. If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
- No additional restrictions. You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
• Creative Commons Attribution-ShareAlike (CC BY-SA)
JRC is licensed under an International License
