Khandakar Md Shafin, G. M. Abdullah Al Kafi, Saha Reno
{"title":"Guardians of the Network: An Ensemble Learning Framework With Adversarial Alignment for Evasive Cyber Threat Detection","authors":"Khandakar Md Shafin, G. M. Abdullah Al Kafi, Saha Reno","doi":"10.1002/eng2.70419","DOIUrl":null,"url":null,"abstract":"<p>Advanced cyber threats such as zero-day exploits and sophisticated evasion techniques challenge Network Intrusion Detection Systems (NIDS). To address this, we propose a robust machine learning framework that integrates multi-source data fusion, protocol-aware preprocessing, and ensemble learning. Our study uses a comprehensive dataset of 12.7 million real-world network flows (10.1M benign, 2.6M malicious) collected from enterprise environments. Our key innovation is a weighted voting ensemble—combining Logistic Regression, Decision Trees, and a 1D-CNN—which achieves 99.8% detection accuracy while reducing false positives by 4.9% compared to individual models. The system also incorporates a lightweight adversarial aligner to counter evasion techniques (e.g., IP fragmentation, MAC spoofing), recovering up to 95% of baseline recall. Notably, under extreme class imbalance (1:99), our framework maintains 80.1% recall with only 8.2 false positives per million packets, outperforming deep learning models like LSTM and 1D-CNN while using 100 times fewer parameters. These results demonstrate the framework's practicality for efficient, high-throughput NIDS deployments in real-world settings.</p>","PeriodicalId":72922,"journal":{"name":"Engineering reports : open access","volume":"7 10","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2025-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/eng2.70419","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering reports : open access","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/eng2.70419","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0
Abstract
Advanced cyber threats such as zero-day exploits and sophisticated evasion techniques challenge Network Intrusion Detection Systems (NIDS). To address this, we propose a robust machine learning framework that integrates multi-source data fusion, protocol-aware preprocessing, and ensemble learning. Our study uses a comprehensive dataset of 12.7 million real-world network flows (10.1M benign, 2.6M malicious) collected from enterprise environments. Our key innovation is a weighted voting ensemble—combining Logistic Regression, Decision Trees, and a 1D-CNN—which achieves 99.8% detection accuracy while reducing false positives by 4.9% compared to individual models. The system also incorporates a lightweight adversarial aligner to counter evasion techniques (e.g., IP fragmentation, MAC spoofing), recovering up to 95% of baseline recall. Notably, under extreme class imbalance (1:99), our framework maintains 80.1% recall with only 8.2 false positives per million packets, outperforming deep learning models like LSTM and 1D-CNN while using 100 times fewer parameters. These results demonstrate the framework's practicality for efficient, high-throughput NIDS deployments in real-world settings.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
