Adaptive Intrusion Detection System with Ensemble Classifiers for Handling Imbalanced Datasets and Dynamic Network Traffic

Intrusion Detection Systems (IDS) are crucial for network security, but their effectiveness often diminishes in dynamic environments due to outdated models and imbalanced datasets. This paper presents a novel Adaptive Intrusion Detection System (AIDS) that addresses these challenges by incorporating ensemble classifiers and dynamic retraining. The AIDS model integrates K-Nearest Neighbors (KNN), Fuzzy c-means clustering, and weight mapping to improve detection accuracy and adaptability to evolving network traffic. The system dynamically updates its reference model based on the severity of changes in network traffic, enabling more accurate and timely detection of cyber threats. To mitigate the effects of imbalanced datasets, ensemble classifiers, including Decision Tree (DT) and Random Forest (RF), are employed, resulting in significant performance improvements. Experimental results show that the proposed model achieves an overall accuracy of 97.7% and a false alarm rate (FAR) of 2.0%, outperforming traditional IDS models. Additionally, the study explores the impact of various retraining thresholds and demonstrates the model's robustness in handling both common and rare attack types. A comparative analysis with existing IDS models highlights the advantages of the AIDS model, particularly in dynamic and imbalanced network environments. The findings suggest that the AIDS model offers a promising solution for real-time IDS applications, with potential for further enhancements in scalability and computational efficiency.