Adaptive security framework for multi-environment networks using ensemble data drift detection and incremental deep learning

Modern multi-environment (M-En) networks comprise diverse architectures such as IoT and traditional IP-based networks. These networks pose significant challenges for threat mitigation due to heterogeneous protocols and traffic patterns. This study proposes a unified incremental learning framework to efficiently secure M-En networks by reducing management overhead, improving scalability, and lowering costs. We designed this approach for real-time environments, enabling adaptation to new scenarios with high accuracy and efficiency. To develop the framework, we first generate an M-En dataset using partial least squares canonical analysis, synthesizing data from two benchmark datasets: IoT23 and CICDDoS2019, representing IoT and traditional IP-based networks, respectively. Our approach employs an ensemble data drift detection (EDDD) mechanism that combines ADaptive WINdowing and autoencoders, enabling adaptive model updates. A deep neural network is incrementally retrained only when data drift is detected, ensuring adaptability to evolving attacks while conserving computational resources. To avoid catastrophic forgetting, we incorporate replay-based memory, regularization, and an interpolation mechanism governed by a blending parameter $\alpha \in [0,1]$, which balances the integration of new and historical knowledge. Furthermore, the explainable AI technique LIME is integrated to enhance the transparency of the model’s decision-making process. Experimental results indicate that our approach achieves a mean accuracy of 0.999 while maintaining low memory usage, approximately 32.1 MB, and a stable model size of 0.11 MB.