Litcius/Paper detail

Twined ensemble framework for network security: integrating Random Forest, AdaBoost, and Gradient Boosting for enhanced intrusion detection

C. Kishor Kumar Reddy, Pulakurthi Anaghaa Reddy, Pulakurthi Satyanarayana Reddy, Mohammed Shuaib, Shadab Alam, Sadaf Ahmad, A. Rajaram

2025Discover Internet of Things7 citationsDOIOpen Access PDF

Abstract

An Intrusion Detection System (IDS) is crucial for safeguarding networks against cyber threats. This research presents a novel Twined Ensemble model, specifically designed to enhance intrusion detection performance using the NSL-KDD dataset. The proposed approach leverages a combination of two algorithms from AdaBoost, Gradient Boosting, or Random Forest for each attack category based on their individual performance. These selected classifiers are then combined using a Soft Voting Ensemble technique, which aggregates their probabilistic outputs to yield more accurate and robust predictions. To address the inherent class imbalance in the NSL-KDD dataset, particularly for underrepresented attacks like U2R and R2L, the Synthetic Minority Oversampling Technique (SMOTE) is employed to generate synthetic examples, thereby improving model generalization for rare classes. The Twined Ensemble model is evaluated using metrics such as Accuracy, Precision, Recall, F1-Score, and Cohen’s Kappa. The model achieves 99.68% accuracy for DoS, R2L, and Probe attacks, and 99.83% for U2R attacks, accompanied by a Cohen’s Kappa score of 1.0, indicating near-perfect classification. This architecture effectively integrates adaptive ensemble learning with class balancing strategies, offering a powerful and reliable solution for modern network intrusion detection. Beyond classification accuracy, this study also evaluates the computational performance of each classifier in terms of training time, prediction latency, and memory consumption. Gradient Boosting, while more accurate, exhibits higher training overhead (428.57 s), whereas AdaBoost and Random Forest maintain significantly faster training times (23.05 s and 24.93 s respectively) with minimal memory usage (< 0.04 MB). These findings demonstrate potential scope for the model’s feasibility for real-time IDS deployment in resource-constrained environments.

Topics & Concepts

Computer scienceIntrusion detection systemEnsemble learningRandom forestBoosting (machine learning)Artificial intelligenceMachine learningData miningAdaBoostAlgorithmGradient boostingProbabilistic logicGradient descentClassifier (UML)GeneralizationOverhead (engineering)Network securityPattern recognition (psychology)Artificial neural networkOversamplingClass (philosophy)False positive paradoxStatistical classificationBrier scoreEnsemble forecastingEquivalence (formal languages)CryptographyNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection Techniques