An Applied Framework for Real-Time Network Intrusion Detection Using Optimized Ensemble Learning in Enterprise IT Environments.
DOI:
https://doi.org/10.51903/yxzn1163Keywords:
Network Intrusion Detection, Ensemble Learning, Real-Time Analysis, Bayesian Optimization, Inference Latency, CybersecurityAbstract
Modern enterprise IT environments require proactive, real-time intrusion detection systems to combat increasingly sophisticated and high-speed cyber threats. However, existing machine learning and deep learning models face a critical trade-off between predictive accuracy and inference latency, rendering many computationally heavy frameworks unsuitable for line-rate, high-throughput network streams. To address this practical deployment gap, this study proposes a novel, lightweight applied framework for real-time network intrusion detection using an optimized ensemble learning architecture. The proposed methodology utilizes a stacking ensemble strategy that combines highly efficient gradient boosting base learners with a meta-classifier. To minimize computational overhead without sacrificing sensitivity, a Bayesian Optimization algorithm is implemented to dynamically tune the multidimensional hyperparameters. Evaluated against the comprehensive CSE-CIC-IDS2018 dataset, empirical results demonstrate that the proposed framework achieves an outstanding Detection Rate of 99.85% and a minimal False Positive Rate of 0.04%. Crucially, the optimized architecture maintains a sub-millisecond inference latency of 0.92 milliseconds per flow, significantly outperforming traditional Convolutional Neural Networks (CNN) which recorded severe latencies of 4.20 milliseconds alongside lower detection accuracy. Ultimately, this research delivers a deployable, highly accurate architectural solution that successfully overcomes the latency constraints of conventional models, making it highly viable for real-time enterprise security operations.
References
[1] Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions,” Electronics, vol. 12, no. 6, p. 1333, Jan. 2023, doi: 10.3390/electronics12061333.
[2] A. Khraisat and A. Alazab, “A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges,” Cybersecurity, vol. 4, no. 1, p. 18, Mar. 2021, doi: 10.1186/s42400-021-00077-7.
[3] B. Karabacak and T. Whittaker, “Zero Trust and Advanced Persistent Threats: Who Will Win the War?,” Int. Conf. Cyber Warf. Secur., vol. 17, no. 1, pp. 92–101, Mar. 2022, doi: 10.34190/iccws.17.1.10.
[4] Y. Guo, “A review of Machine Learning-based zero-day attack detection: Challenges and future directions,” Comput. Commun., vol. 198, pp. 175–185, Jan. 2023, doi: 10.1016/j.comcom.2022.11.001.
[5] Z. K. Maseer, R. Yusof, N. Bahaman, S. A. Mostafa, and C. F. M. Foozy, “Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset,” IEEE Access, vol. 9, pp. 22351–22370, 2021, doi: 10.1109/ACCESS.2021.3056614.
[6] A. Chaudhary, “Anomaly Detection in Network Security: A Comparative Study of Cybersecurity Intrusion Detection Machine Learning Algorithms,” J. Inf. Syst. Eng. Manag., vol. 10, no. 38s, pp. 396–403, Apr. 2025, doi: 10.52783/jisem.v10i38s.6861.
[7] “Network Traffic Classification Model Based on Spatio-Temporal Feature Extraction.” Accessed: Mar. 12, 2026. [Online]. Available: https://www.mdpi.com/2079-9292/13/7/1236
[8] Y. S. Kuruba Manjunath, S. Zhao, X.-P. Zhang, and L. Zhao, “Time-Distributed Feature Learning for Internet of Things Network Traffic Classification,” IEEE Trans. Netw. Serv. Manag., vol. 21, no. 6, pp. 6566–6581, Dec. 2024, doi: 10.1109/TNSM.2024.3457579.
[9] Y.-C. Wang, Y.-C. Houng, H.-X. Chen, and S.-M. Tseng, “Network Anomaly Intrusion Detection Based on Deep Learning Approach,” Sensors, vol. 23, no. 4, p. 2171, Jan. 2023, doi: 10.3390/s23042171.
[10] B. A. Tama and S. Lim, “Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation,” Comput. Sci. Rev., vol. 39, p. 100357, Feb. 2021, doi: 10.1016/j.cosrev.2020.100357.
[11] D. N. Mhawi, A. Aldallal, and S. Hassan, “Advanced Feature-Selection-Based Hybrid Ensemble Learning Algorithms for Network Intrusion Detection Systems,” Symmetry, vol. 14, no. 7, p. 1461, Jul. 2022, doi: 10.3390/sym14071461.
[12] Y. Alotaibi and M. Ilyas, “Ensemble-Learning Framework for Intrusion Detection to Enhance Internet of Things’ Devices Security,” Sensors, vol. 23, no. 12, p. 5568, Jan. 2023, doi: 10.3390/s23125568.
[13] “Meta-Heuristic Optimization Algorithm-Based Hierarchical Intrusion Detection System.” Accessed: Mar. 12, 2026. [Online]. Available: https://www.mdpi.com/2073-431X/11/12/170
[14] Y. K. Saheed and S. Misra, “A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things,” Int. J. Inf. Secur., vol. 23, no. 3, pp. 1557–1581, Jun. 2024, doi: 10.1007/s10207-023-00803-x.
[15] H. S. Abdullah, “A comparison of several intrusion detection methods using the NSL-KDD dataset,” Wasit J. Comput. Math. Sci., vol. 3, no. 2, pp. 32–41, Jun. 2024, doi: 10.31185/wjcms.251.
[16] H. Zouhri, A. Idri, and A. Ratnani, “Evaluating the impact of filter-based feature selection in intrusion detection systems,” Int. J. Inf. Secur., vol. 23, no. 2, pp. 759–785, Apr. 2024, doi: 10.1007/s10207-023-00767-y.
[17] “Full article: Enhanced an Intrusion Detection System for IoT networks through machine learning techniques: an examination utilizing the AWID dataset.” Accessed: Apr. 03, 2026. [Online]. Available: https://www.tandfonline.com/doi/full/10.1080/23311916.2024.2378603
[18] M. Sarhan, S. Layeghy, and M. Portmann, “Evaluating Standard Feature Sets Towards Increased Generalisability and Explainability of ML-Based Network Intrusion Detection,” Big Data Res., vol. 30, p. 100359, Nov. 2022, doi: 10.1016/j.bdr.2022.100359.
[19] “Transformer Tokenization Strategies for Network Intrusion Detection: Addressing Class Imbalance Through Architecture Optimization.” Accessed: Apr. 03, 2026. [Online]. Available: https://www.mdpi.com/2073-431X/15/2/75
[20] V. Shanmugam, R. Razavi-Far, and E. Hallaji, “Addressing Class Imbalance in Intrusion Detection: A Comprehensive Evaluation of Machine Learning Approaches,” Electronics, vol. 14, no. 1, p. 69, Jan. 2025, doi: 10.3390/electronics14010069.
[21] S. Bagui and K. Li, “Resampling imbalanced data for network intrusion detection datasets,” J. Big Data, vol. 8, no. 1, p. 6, Jan. 2021, doi: 10.1186/s40537-020-00390-x.
[22] M. Sarhan, S. Layeghy, and M. Portmann, “Towards a Standard Feature Set for Network Intrusion Detection System Datasets,” Mob. Netw. Appl., vol. 27, no. 1, pp. 357–370, Feb. 2022, doi: 10.1007/s11036-021-01843-0.
[23] M. Baruwal Chhetri, S. Tariq, R. Singh, F. Jalalvand, C. Paris, and S. Nepal, “Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres,” ACM Trans Internet Technol, vol. 24, no. 3, p. 12:1-12:22, Jul. 2024, doi: 10.1145/3670009.
[24] “Multi-layer stacking ensemble learners for low footprint network intrusion detection | Complex & Intelligent Systems | Springer Nature Link.” Accessed: Apr. 03, 2026. [Online]. Available: https://link.springer.com/article/10.1007/s40747-022-00809-3
[25] A. M. Alsaffar, M. Nouri-Baygi, and H. M. Zolbanin, “Shielding networks: enhancing intrusion detection with hybrid feature selection and stack ensemble learning,” J. Big Data, vol. 11, no. 1, p. 133, Sep. 2024, doi: 10.1186/s40537-024-00994-7.
[26] N. Thockchom, M. M. Singh, and U. Nandi, “A novel ensemble learning-based model for network intrusion detection,” Complex Intell. Syst., vol. 9, no. 5, pp. 5693–5714, Oct. 2023, doi: 10.1007/s40747-023-01013-7.
[27] “MCH-Ensemble: Minority Class Highlighting Ensemble Method for Class Imbalance in Network Intrusion Detection.” Accessed: Apr. 03, 2026. [Online]. Available: https://www.mdpi.com/2076-3417/15/23/12647
[28] J. Ghadermazi, A. Shah, and N. D. Bastian, “Towards Real-Time Network Intrusion Detection With Image-Based Sequential Packets Representation,” IEEE Trans. Big Data, vol. 11, no. 1, pp. 157–173, Feb. 2025, doi: 10.1109/TBDATA.2024.3403394.
[29] “Deep Learning vs. Machine Learning for Intrusion Detection in Computer Networks: A Comparative Study.” Accessed: Apr. 03, 2026. [Online]. Available: https://www.mdpi.com/2076-3417/15/4/1903
[30] M. B. Musthafa, S. Huda, T. T. Nguyen, Y. Kodera, and Y. Nogami, “Optimized Ensemble Deep Learning for Real-Time Intrusion Detection on Resource-Constrained Raspberry Pi Devices,” IEEE Access, vol. 13, pp. 113544–113556, 2025, doi: 10.1109/ACCESS.2025.3584373.
[31] “Hyperparameter optimization: Foundations, algorithms, best practices, and open challenges - Bischl - 2023 - WIREs Data Mining and Knowledge Discovery - Wiley Online Library.” Accessed: Apr. 03, 2026. [Online]. Available: https://wires.onlinelibrary.wiley.com/doi/full/10.1002/widm.1484
[32] “A Comprehensive Survey on Ensemble Learning-Based Intrusion Detection Approaches in Computer Networks | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Apr. 03, 2026. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10299619
[33] Q. Lu, K. An, J. Li, and J. Wang, “Network Intrusion Detection for Modern Smart Grids Based on Adaptive Online Incremental Learning,” IEEE Trans. Smart Grid, vol. 16, no. 3, pp. 2541–2553, May 2025, doi: 10.1109/TSG.2025.3535949.
[34] “Mitigating Class Imbalance in Network Intrusion Detection with Feature-Regularized GANs.” Accessed: Apr. 03, 2026. [Online]. Available: https://www.mdpi.com/1999-5903/17/5/216
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Cici Rossa Natalia, Iman Saufik Suasana S.Kom, M.Kom (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
