ARMBoost+: Empowering stacking, ensemble, and boosting models for network intrusion detection with dynamic rule repository

As network security threats become increasingly complex, the need for efficient and effective network intrusion detection systems (NIDS) is more important than ever. Machine learning (ML) has emerged as a promising solution for NIDS due to its ability to analyze large volumes of network traffic data...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Journal of network and computer applications Ročník 243; s. 104292
Hlavní autori: Vivek, Vullikanti, Veeravalli, Bharadwaj
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier Ltd 01.11.2025
Predmet:
Accuracy
Associative rule mining
Bloom filter
Boosting
Detection rate
Dynamic rule repository building
Ensemble
False positives
Feature repository
Machine learning
Network Intrusion Detection
Security
Stacking classifier
Detection rate
Dynamic rule repository building
Stacking classifier
Boosting
Bloom filter
Network Intrusion Detection
Security
Accuracy
Machine learning
Ensemble
Feature repository
False positives
Associative rule mining
ISSN:1084-8045
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:As network security threats become increasingly complex, the need for efficient and effective network intrusion detection systems (NIDS) is more important than ever. Machine learning (ML) has emerged as a promising solution for NIDS due to its ability to analyze large volumes of network traffic data and detect suspicious patterns. In this paper, we propose ARMBoost+ a novel integrated approach for NIDS using dynamic rule repository building with a combination of stacking, ensemble, and boosting ML models, and associative rule mining (ARM) and bloom filter techniques. ARMBoost+ approach involves generating frequent feature sets using ARM and building a feature repository using bloom filter to avoid duplicate patterns. We then use the feature repository to train the ML models, which are tested on live network traffic data to generate dynamic rules for the rule repository. The live traffic data allowed us to assess the performance and robustness of our NIDS under dynamic and unpredictable network scenarios. The dynamic rule repository is continuously updated with new attack patterns, ensuring that the NIDS is always up-to-date with the latest security threats. To evaluate the effectiveness of ARMBoost+, we conducted experiments using a publicly available datasets and compared the results to existing NIDS approaches. We tested our approach under various scenarios, including simulating ML models without ARM and without automated feature dropping, and using ARM and bloom filter. We employed several ML models, including Stacking Classifier (with logistic regression (LR), random forest (RF), and support vector machine (SVM)), Ensemble with SVM, AdaBoost with Decision Tree, Gradient Boosting, and XGBoosting. Our experimental results demonstrate that the proposed novel ARMBoost+ integrated approach outperforms existing NIDS approaches in terms of accuracy and detection rates. The combination of stacking, ensemble, and boosting ML models, along with ARM and bloom filter, proved to be highly effective in detecting network intrusions. The dynamic rule repository building approach allowed for continuous updating of the NIDS with the latest attack patterns, resulting in improved performance over time. Furthermore, ARMBoost+ approach showed robustness against various types of attacks, including denial-of-service (DoS) and port scanning attacks. We also observed that the inclusion of ARM and bloom filter resulted notable reduction in the False Positive Rate (FPR) by around 4.07% and improved the efficiency of the feature repository.
ISSN:1084-8045
DOI:10.1016/j.jnca.2025.104292