Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction
Md. Alamin Talukder, Md. Manowarul Islam, Md Ashraf Uddin, Khondokar Fida Hasan, Selina Sharmin, Salem A. Alyami, Mohammad Ali Moni
TL;DR
The paper addresses intrusion detection on big, imbalanced network data by combining Random Oversampling, Stacking Feature Embedded with clustering, and PCA-based dimensionality reduction. It proposes ROSFE-PCA as a scalable framework evaluated on UNSW-NB15, CIC-IDS2017, and CIC-IDS2018 using four classifiers (DT, RF, ET, XGB), reporting near-perfect accuracies and ROC-AUC across tasks. Key contributions include a novel data preprocessing + oversampling + clustering-based feature embedding pipeline that reduces dimensionality while preserving discriminative information, and strong empirical results surpassing prior work on multiple benchmarks. The work demonstrates practical potential for robust, real-time intrusion detection on large-scale, imbalanced datasets, while noting the absence of deep learning integration and pointing to future DL-based extensions.
Abstract
Cybersecurity has emerged as a critical global concern. Intrusion Detection Systems (IDS) play a critical role in protecting interconnected networks by detecting malicious actors and activities. Machine Learning (ML)-based behavior analysis within the IDS has considerable potential for detecting dynamic cyber threats, identifying abnormalities, and identifying malicious conduct within the network. However, as the number of data grows, dimension reduction becomes an increasingly difficult task when training ML models. Addressing this, our paper introduces a novel ML-based network intrusion detection model that uses Random Oversampling (RO) to address data imbalance and Stacking Feature Embedding based on clustering results, as well as Principal Component Analysis (PCA) for dimension reduction and is specifically designed for large and imbalanced datasets. This model's performance is carefully evaluated using three cutting-edge benchmark datasets: UNSW-NB15, CIC-IDS-2017, and CIC-IDS-2018. On the UNSW-NB15 dataset, our trials show that the RF and ET models achieve accuracy rates of 99.59% and 99.95%, respectively. Furthermore, using the CIC-IDS2017 dataset, DT, RF, and ET models reach 99.99% accuracy, while DT and RF models obtain 99.94% accuracy on CIC-IDS2018. These performance results continuously outperform the state-of-art, indicating significant progress in the field of network intrusion detection. This achievement demonstrates the efficacy of the suggested methodology, which can be used practically to accurately monitor and identify network traffic intrusions, thereby blocking possible threats.