Khandakar Md Shafin, G. M. Abdullah Al Kafi, Saha Reno
{"title":"网络守护者:用于规避网络威胁检测的具有对抗对齐的集成学习框架","authors":"Khandakar Md Shafin, G. M. Abdullah Al Kafi, Saha Reno","doi":"10.1002/eng2.70419","DOIUrl":null,"url":null,"abstract":"<p>Advanced cyber threats such as zero-day exploits and sophisticated evasion techniques challenge Network Intrusion Detection Systems (NIDS). To address this, we propose a robust machine learning framework that integrates multi-source data fusion, protocol-aware preprocessing, and ensemble learning. Our study uses a comprehensive dataset of 12.7 million real-world network flows (10.1M benign, 2.6M malicious) collected from enterprise environments. Our key innovation is a weighted voting ensemble—combining Logistic Regression, Decision Trees, and a 1D-CNN—which achieves 99.8% detection accuracy while reducing false positives by 4.9% compared to individual models. The system also incorporates a lightweight adversarial aligner to counter evasion techniques (e.g., IP fragmentation, MAC spoofing), recovering up to 95% of baseline recall. Notably, under extreme class imbalance (1:99), our framework maintains 80.1% recall with only 8.2 false positives per million packets, outperforming deep learning models like LSTM and 1D-CNN while using 100 times fewer parameters. These results demonstrate the framework's practicality for efficient, high-throughput NIDS deployments in real-world settings.</p>","PeriodicalId":72922,"journal":{"name":"Engineering reports : open access","volume":"7 10","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2025-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/eng2.70419","citationCount":"0","resultStr":"{\"title\":\"Guardians of the Network: An Ensemble Learning Framework With Adversarial Alignment for Evasive Cyber Threat Detection\",\"authors\":\"Khandakar Md Shafin, G. M. Abdullah Al Kafi, Saha Reno\",\"doi\":\"10.1002/eng2.70419\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Advanced cyber threats such as zero-day exploits and sophisticated evasion techniques challenge Network Intrusion Detection Systems (NIDS). To address this, we propose a robust machine learning framework that integrates multi-source data fusion, protocol-aware preprocessing, and ensemble learning. Our study uses a comprehensive dataset of 12.7 million real-world network flows (10.1M benign, 2.6M malicious) collected from enterprise environments. Our key innovation is a weighted voting ensemble—combining Logistic Regression, Decision Trees, and a 1D-CNN—which achieves 99.8% detection accuracy while reducing false positives by 4.9% compared to individual models. The system also incorporates a lightweight adversarial aligner to counter evasion techniques (e.g., IP fragmentation, MAC spoofing), recovering up to 95% of baseline recall. Notably, under extreme class imbalance (1:99), our framework maintains 80.1% recall with only 8.2 false positives per million packets, outperforming deep learning models like LSTM and 1D-CNN while using 100 times fewer parameters. These results demonstrate the framework's practicality for efficient, high-throughput NIDS deployments in real-world settings.</p>\",\"PeriodicalId\":72922,\"journal\":{\"name\":\"Engineering reports : open access\",\"volume\":\"7 10\",\"pages\":\"\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2025-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1002/eng2.70419\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Engineering reports : open access\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/eng2.70419\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering reports : open access","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/eng2.70419","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
Guardians of the Network: An Ensemble Learning Framework With Adversarial Alignment for Evasive Cyber Threat Detection
Advanced cyber threats such as zero-day exploits and sophisticated evasion techniques challenge Network Intrusion Detection Systems (NIDS). To address this, we propose a robust machine learning framework that integrates multi-source data fusion, protocol-aware preprocessing, and ensemble learning. Our study uses a comprehensive dataset of 12.7 million real-world network flows (10.1M benign, 2.6M malicious) collected from enterprise environments. Our key innovation is a weighted voting ensemble—combining Logistic Regression, Decision Trees, and a 1D-CNN—which achieves 99.8% detection accuracy while reducing false positives by 4.9% compared to individual models. The system also incorporates a lightweight adversarial aligner to counter evasion techniques (e.g., IP fragmentation, MAC spoofing), recovering up to 95% of baseline recall. Notably, under extreme class imbalance (1:99), our framework maintains 80.1% recall with only 8.2 false positives per million packets, outperforming deep learning models like LSTM and 1D-CNN while using 100 times fewer parameters. These results demonstrate the framework's practicality for efficient, high-throughput NIDS deployments in real-world settings.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
