Network Intrusion Detection Using Ensemble Learning Techniques on the CIC-IDS2017 Public Dataset
Keywords:
Ensemble Learning, Network Intrusion Detection, CIC-IDS2017, Feature Selection, Hybrid Models.Abstract
Network intrusion detection remains a critical challenge in cybersecurity due to evolving attack patterns, class imbalance, and high-dimensional network traffic data. This study investigates the effectiveness of ensemble learning techniques on the CIC-IDS2017 public dataset, integrating decision trees, random forests, and gradient boosting models through stacking, voting, and hybrid Boost-Bag strategies. Data preprocessing involved normalization, handling missing values, and feature selection based on correlation and mutual information to reduce dimensionality while preserving predictive relevance. Empirical evaluation employed stratified 10-fold cross-validation and performance metrics including accuracy, recall, F1-score, and AUC-ROC, with additional analyses of confusion matrices and temporal stability to assess operational reliability. Results indicate that hybrid ensembles achieve superior detection performance, particularly for low-frequency attacks, while maintaining moderate computational overhead compared to individual classifiers. Comparative insights reveal trade-offs between accuracy, minority-class sensitivity, and inference latency, guiding practical deployment considerations. The findings substantiate the theoretical benefits of ensemble diversity and optimized feature selection, offering a robust framework for scalable, interpretable, and resilient network intrusion detection systems.
Downloads
References
Alhakeem, M. S., & Ajlan, K. B. (2024). A Comparative Evaluation of Machine Learning-Based Intrusion Detection Systems for Securing Cloud Environments. Journal of Information Security and Cybercrimes Research, 7(2), 127-142.
Alhassan, A. M., & Altmami, N. I. (2025). Intrusion detection using search-based learning optimized ensemble tree classifier model. PloS one, 20(12), e0339822.
Angulo, E., Lizcano, L., & Marquez, J. (2026). A Stacking-Based Ensemble Model for Multiclass DDoS Detection Using Shallow and Deep Machine Learning Algorithms. Applied Sciences, 16(2), 578.
Awad, Z., Zakaria, M., & Hassan, R. (2025). An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems. Scientific Reports, 15(1), 14177.
Bakro, M., Kumar, R. R., Alabrah, A. A., Ashraf, Z., Bisoy, S. K., Parveen, N., ... & Abdelsalam, A. (2023). Efficient intrusion detection system in the cloud using fusion feature selection approaches and an ensemble classifier. Electronics, 12(11), 2427.
Biyyapu, N., Veerapaneni, E. J., Surapaneni, P. P., Vellela, S. S., & Vatambeti, R. (2024). Designing a modified feature aggregation model with hybrid sampling techniques for network intrusion detection. Cluster Computing, 27(5), 5913-5931.
Bulavas, V., Marcinkevičius, V., & Rumiński, J. (2021). Study of multi-class classification algorithms’ performance on highly imbalanced network intrusion datasets. Informatica, 32(3), 441-475.
Cantone, M., Marrocco, C., & Bria, A. (2024). Machine learning in network intrusion detection: A cross-dataset generalization study. IEEE Access, 12, 144489-144508.
Chua, T. H., & Salam, I. (2023). Evaluation of machine learning algorithms in network-based intrusion detection using progressive dataset. Symmetry, 15(6), 1251.
Coşar, H. İ., Arısoy, Ç., & Ulutaş, H. (2024). Intrusion detection on CSE-CIC-IDS2018 dataset using machine learning methods. Artificial Intelligence Theory and Applications, 4(2), 143-154.
Göcs, L., & Johanyák, Z. C. (2024). Identifying relevant features of CSE-CIC-IDS2018 dataset for the development of an intrusion detection system. Intelligent Data Analysis, 28(6), 1527-1553.
Hassan, S. K., & Daneshwar, M. A. (2023). Anomaly-based network intrusion detection system using deep intelligent technique. Polytechnic Journal, 12(2), 11.
Javed, D. (2025). Multi-Ensemble Architecture For Network Intrusion Detection: A Stacking, Voting, And Hybrid Adaboost-Random Forest Approach On CIC-IDS2024. Spectrum of Engineering Sciences, 967-981.
Jose, J., & Jose, D. V. (2023). Deep learning algorithms for intrusion detection systems in internet of things using CIC-IDS 2017 dataset. International Journal of Electrical and Computer Engineering (IJECE), 13(1), 1134-1141.
Kilincer, I. F., Ertam, F., & Sengur, A. (2022). A comprehensive intrusion detection framework using boosting algorithms. Computers and Electrical Engineering, 100, 107869.
Lucas, T. J., De Figueiredo, I. S., Tojeiro, C. A. C., De Almeida, A. M. G., Scherer, R., Brega, J. R. F., ... & Da Costa, K. A. P. (2023). A comprehensive survey on ensemble learning-based intrusion detection approaches in computer networks. IEEE Access, 11, 122638-122676.
Mahdi, ZS., M Zaki, R., & Majma, N. (2025). An Intrusion and Cyber-Attack Detection System Based on Ensemble Machine Learning Techniques. The Journal of Engineering Research, 22(2), 173.
Mhawi, D. N., Aldallal, A., & Hassan, S. (2022). Advanced feature-selection-based hybrid ensemble learning algorithms for network intrusion detection systems. Symmetry, 14(7), 1461.
Mills, G. A., Acquah, D. K., & Sowah, R. A. (2024). Network intrusion detection and prevention system using hybrid machine learning with supervised ensemble stacking model. Journal of Computer Networks and Communications, 2024(1), 5775671.
Nassreddine, G., Nassereddine, M., & Al-Khatib, O. (2025). Ensemble learning for network intrusion detection based on correlation and embedded feature selection techniques. Computers, 14(3), 82.
Okey, O. D., Maidin, S. S., Adasme, P., Rosa, R. L., Saadi, M., Carrillo Melgarejo, D., & Zegarra Rodríguez, D. (2022). BoostedEnML: Efficient technique for detecting cyberattacks in IoT systems using boosted ensemble machine learning. Sensors, 22(19), 7409.
Saidi, Z., & Ouidad, A. (2025). A Machine Learning and Blockchain-Based Framework for Enhanced Intrusion Detection Systems Using the CSE-CIC-IDS2018 Dataset. Informatica, 49(18).
Saini, N., Bhat Kasaragod, V., Prakasha, K., & Das, A. K. (2023). A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection. Concurrency and Computation: Practice and Experience, 35(28), e7865.
Sajid, M., Malik, K. R., Almogren, A., Malik, T. S., Khan, A. H., Tanveer, J., & Rehman, A. U. (2024). Enhancing intrusion detection: a hybrid machine and deep learning approach. Journal of Cloud Computing, 13(1), 123.
Sobhani, M. E., Rodela, A. T., & Farid, D. M. (2025). Adaptive TreeHive: Ensemble of trees for enhancing imbalanced intrusion classification. PLoS One, 20(9), e0331307.
Thockchom, N., Singh, M. M., & Nandi, U. (2023). A novel ensemble learning-based model for network intrusion detection. Complex & Intelligent Systems, 9(5), 5693-5714.
Uddamari, N., & Sammulal, P. (2025). Ensemble-Based Network Anomaly Detection Using RFE and Information Gain for Optimized Feature Selection. Informatica, 49(10).
Zhang, Y., Zhang, H., & Zhang, B. (2022). An effective ensemble automatic feature selection method for network intrusion detection. Information, 13(7), 314.
