Towards unbalanced multiclass intrusion detection with hybrid sampling methods and ensemble classification

Abstract

Intrusion Detection Systems (IDS) play a crucial role in securing computer networks against malicious activities. However, their efficacy is consistently hindered by the persistent challenge of class imbalance in real-world datasets. While various methods, such as resampling techniques, ensemble methods, cost-sensitive learning, data augmentation, and so on, have individually addressed imbalance classification issues, there exists a notable gap in the literature for effective hybrid methodologies aimed at enhancing IDS performance. To bridge this gap, our research introduces an innovative methodology that integrates hybrid undersampling and oversampling strategies within an ensemble classification framework. This novel approach is designed to harmonize dataset distributions and optimize IDS performance, particularly in intricate multi-class scenarios. In-depth evaluations were conducted using well-established intrusion detection datasets, including the Car Hacking: Attack and Defense Challenge 2020 (CHADC2020) and IoTID20. Our results showcase the remarkable efficacy of the proposed methodology, revealing significant improvements in precision, recall, and F1-score metrics. Notably, the hybrid-ensemble method demonstrated an exemplary average F1 score exceeding 98% for both datasets, underscoring its exceptional capability to substantially enhance intrusion detection accuracy. In summary, this research represents a significant contribution to the field of IDS, providing a robust solution to the pervasive challenge of class imbalance. The hybrid framework not only strengthens IDS efficacy but also illuminates the seamless integration of undersampling and oversampling within ensemble classifiers, paving the way for fortified network defenses.