An Efficient Ensemble Network Anomaly Detection System for Cyber-Attacks
Received: 4 May 2025 | Revised: 20 June 2025 | Accepted: 28 June 2025 | Online: 2 August 2025
Corresponding author: Saed Alqaraleh
Abstract
This paper introduces an ensemble-based network anomaly detection system that synergizes classical machine learning classifiers with dimensionality reduction to balance detection accuracy and computational efficiency. The proposed system integrates preprocessing, feature engineering, hybrid learning, and ensemble decision-making to achieve robust anomaly detection and attack classification. Five algorithms, K-Nearest Neighbor (KNN), Naïve Bayes (NB), Random Forest (RF), AdaBoost, and Gradient Boosting (GB), were evaluated both as standalone models and within a soft-voting ensemble framework. To address the high-dimensionality challenges in cybersecurity data, Principal Component Analysis (PCA) was used to retain 95% variance in features while reducing dimensionality by 54% (from 41 to 19 features), achieving a latency improvement of 38% without compromising critical attack detection. A dual-phase SMOTE strategy mitigates class imbalance, enabling 100% recall for rare U2R attacks. Extensive experiments on the KDD CUP99 benchmark demonstrate the superiority of the ensemble method, achieving 93.7% accuracy (vs. 77.7–90% for individual models). Furthermore, while GB achieved the highest individual average performance at 90%, the proposed ensemble exhibited strong performance in adversarial tests, gaining 97.1% accuracy compared to GB's 85.2% against GAN-generated attacks. These findings establish a foundation for adaptive cybersecurity systems that employ machine learning to tackle emerging adversarial defense mechanisms, highlighting accuracy and operational feasibility in evolving threat landscapes.
Keywords:
network anomalies, cyber security attacks, network anomaly detection systems, ensemble learning, principal component analysisDownloads
References
K. Keerthana and A. M. Babu, "A Novel Trust Management and Secure Communication Framework for Wireless Sensor Networks," Engineering, Technology & Applied Science Research, vol. 15, no. 2, pp. 21728–21737, Apr. 2025. DOI: https://doi.org/10.48084/etasr.10009
M. A. Alqarni and S. H. Chauhdary, "A Security Scheme for Statistical Anomaly Detection and the Mitigation of Rank Attacks in RPL Networks (IoT Environment)," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12409–12414, Dec. 2023. DOI: https://doi.org/10.48084/etasr.6433
M. F. Guato Burgos, J. Morato, and F. P. Vizcaino Imacaña, "A Review of Smart Grid Anomaly Detection Approaches Pertaining to Artificial Intelligence," Applied Sciences, vol. 14, no. 3, Jan. 2024, Art. no. 1194. DOI: https://doi.org/10.3390/app14031194
O. Mounnan, O. Manad, L. Boubchir, A. El Mouatasim, and B. Daachi, "A review on deep anomaly detection in blockchain," Blockchain: Research and Applications, vol. 5, no. 4, Dec. 2024, Art. no. 100227. DOI: https://doi.org/10.1016/j.bcra.2024.100227
S. Alqaraleh and M. Madi, "Efficient anomaly detection system for cyber security attacks," in Proceedings of the 3rd International Conference on Life and Engineering Sciences, 2020, pp. 65–73.
P. Senthilraja, K. Palaniappan, B. Duraipandi, and U. M. Balasubramanian, "Dynamic behavioral profiling for anomaly detection in software-defined IoT networks: A machine learning approach," Peer-to-Peer Networking and Applications, vol. 17, no. 4, pp. 2450–2469, Jul. 2024. DOI: https://doi.org/10.1007/s12083-024-01694-y
L. F. Carvalho, T. Abrão, L. de S. Mendes, and M. L. Proença, "An ecosystem for anomaly detection and mitigation in software-defined networking," Expert Systems with Applications, vol. 104, pp. 121–133, Aug. 2018. DOI: https://doi.org/10.1016/j.eswa.2018.03.027
H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, "A Detection Method for Anomaly Flow in Software Defined Network," IEEE Access, vol. 6, pp. 27809–27817, 2018. DOI: https://doi.org/10.1109/ACCESS.2018.2839684
C. B. Zerbini, L. F. Carvalho, T. Abrão, and M. L. Proença, "Wavelet against random forest for anomaly mitigation in software-defined networking," Applied Soft Computing, vol. 80, pp. 138–153, Jul. 2019. DOI: https://doi.org/10.1016/j.asoc.2019.02.046
H. Kim, J. Kim, Y. Kim, I. Kim, and K. J. Kim, "Design of network threat detection and classification based on machine learning on cloud computing," Cluster Computing, vol. 22, no. 1, pp. 2341–2350, Jan. 2019. DOI: https://doi.org/10.1007/s10586-018-1841-8
E. Altulaihan, M. A. Almaiah, and A. Aljughaiman, "Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms," Sensors, vol. 24, no. 2, Jan. 2024, Art. no. 713. DOI: https://doi.org/10.3390/s24020713
B. R. Maddireddy and B. R. Maddireddy, "Neural Network Architectures in Cybersecurity: Optimizing Anomaly Detection and Prevention," International Journal of Advanced Engineering Technologies and Innovations, vol. 1, no. 2, pp. 238–266, 2024.
N. Jeffrey, Q. Tan, and J. R. Villar, "A hybrid methodology for anomaly detection in Cyber–Physical Systems," Neurocomputing, vol. 568, Feb. 2024, Art. no. 127068. DOI: https://doi.org/10.1016/j.neucom.2023.127068
E. Muhati and D. Rawat, "Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization," Journal of Cybersecurity and Privacy, vol. 4, no. 2, pp. 241–263, Jun. 2024. DOI: https://doi.org/10.3390/jcp4020012
W. F. Salvatore Stolfo, "KDD Cup 1999 Data." UCI Machine Learning Repository, 1999.
F. Alotaibi and S. Maffeis, "Mateen: Adaptive Ensemble Learning for Network Anomaly Detection," in Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, Jun. 2024, pp. 215–234. DOI: https://doi.org/10.1145/3678890.3678901
X. Zhao, K. W. Fok, and V. L. L. Thing, "Enhancing network intrusion detection performance using generative adversarial networks," Computers & Security, vol. 145, Oct. 2024, Art. no. 104005. DOI: https://doi.org/10.1016/j.cose.2024.104005
C. Strickland et al., "DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection," Sensors, vol. 24, no. 9, Jan. 2024, Art. no. 2746. DOI: https://doi.org/10.3390/s24092746
R. Bhatt and G. Indra, "Detecting the undetectable: GAN-based strategies for network intrusion detection," International Journal of Information Technology, vol. 16, no. 8, pp. 5231–5237, Dec. 2024. DOI: https://doi.org/10.1007/s41870-024-02172-7
W. Xu, J. Jang-Jaccard, T. Liu, and F. Sabrina, "Training a Bidirectional GAN-based One-Class Classifier for Network Intrusion Detection." arXiv, Mar. 08, 2022.
Downloads
How to Cite
License
Copyright (c) 2025 Saed Alqaraleh
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
