DefinePK

Abstract

The growing sophistication of cyber threats demands highly precise, robust IDS systems to defend networks against all forms of attacks in real time. This paper proposes an ensemble learning approach for network intrusion detection using the CIC-IDS2024 dataset, which contains 2.83 million network flow records across 15 traffic classes, including benign traffic and 14 attack types. Our method addresses three main contemporary issues in the design of modern IDSs: high-dimensional feature spaces, significant class imbalance, and accuracy of heterogeneous attack vectors. We apply a methodology that can be defined as: (1) advanced feature engineering using selection of features through Random Forest to narrow down the initial 78 attributes to 22 discriminative ones, and (2) Synthetic Minority Oversampling Technique to balance the class population and enhance detection for the minority 'attack' class, plus finally, (3) a new ensemble framework containing voting, stacking, bagging together with an innovation AdaBoost+Random Forest hybrid ensemble method among five base classifiers such as Random Forest, k-Nearest Neighbors, Gradient Boosting, AdaBoost, and Decision Tree. The proposed system achieves outstanding performance in the Stacking Ensemble, attaining 99.8% accuracy, with precision almost perfectly equal to 0.995, recall at 0.996, and F1-score also matching recall at 0.996, with a ROC-AUC value of 1.000. A performance evaluation, conducted using radar charts, confusion matrices, precision-recall analysis, and attack-specific heatmaps, shows better detection capabilities across all attack categories, including DoS, DDoS, brute-force and web-based attacks, infiltration, and botnet activities. Packet length variance and inter-arrival time statistics have been identified as the main anomaly indicators in the feature importance analysis results. Stability analysis across cross-validation folds shows that ensembles are consistently stable and reliable compared with single classifiers, with very small performance variance. This work supersedes contemporary state-of-the-art approaches towards fully scalable production deployment in defense of modern networked infrastructure from advanced evolving cyber threats.