Greenberg News

    Green Futures: Innovate, Sustain, Thrive

    Applied Sciences, Vol. 15, Pages 12647: MCH-Ensemble: Minority Class Highlighting Ensemble Method for Class Imbalance in Network Intrusion Detection

    Greenberg     November 29, 2025 in News - 1 Minute


    Applied Sciences, Vol. 15, Pages 12647: MCH-Ensemble: Minority Class Highlighting Ensemble Method for Class Imbalance in Network Intrusion Detection

    Applied Sciences doi: 10.3390/app152312647

    Authors:
    Sumin Oh
    Seoyoung Sohn
    Chaewon Kim
    Minseo Park

    As cyber threats such as denial-of-service (DoS) attacks continue to rise, network intrusion detection systems (NIDS) have become essential components of cybersecurity defense. Although machine learning is widely applied to network intrusion detection, its performance often deteriorates due to the extreme class imbalance present in real-world data. This imbalance causes models to become biased and unable to detect critical attack instances. To address this issue, we propose MCH-Ensemble (Minority Class Highlighting Ensemble), an ensemble framework designed to improve the detection of minority attack classes. The method constructs multiple balanced subsets through random under-sampling and trains base learners, including decision tree, XGBoost, and LightGBM models. Features of correctly predicted attack samples are then amplified by adding a constant value, producing a boosting-like effect that enhances minority class representation. The highlighted subsets are subsequently combined to train a random forest meta-model, which leverages bagging to capture diverse and fine-grained decision boundaries. Experimental evaluations on the UNSW-NB15, CIC-IDS2017, and WSN-DS datasets demonstrate that MCH-Ensemble effectively mitigates class imbalance and achieves superior recognition of DoS attacks. The proposed method achieves enhanced performance compared with those reported previously. On the UNSW-NB15 and CIC-IDS2017 datasets, it achieves improvements in accuracy, precision, recall, F1-score, and area under the receiver operating characteristic curve (AUC-ROC) by ~1.2% and ~0.61%, ~9.8% and 0.77%, ~0.7% and ~0.56%, ~5.3% and 0.66%, and ~0.1% and ~0.06%, respectively. In addition, it achieves these improvements by ~0.17%, ~1.66%, ~0.11%, ~0.88%, and ~0.06%, respectively, on the WSN-DS dataset. These findings indicate that the proposed framework offers a robust and accurate approach to intrusion detection, contributing to the development of reliable cybersecurity systems in highly imbalanced network environments.



    Source link

    Sumin Oh www.mdpi.com

    Related Posts

    Entropy, Vol. 27, Pages 1215: Extreme Events and Event Size Fluctuations in Resetting Random Walks on Networks
    November 29, 2025
    Microorganisms, Vol. 13, Pages 2724: Effects of Cinnamon Essential Oil on Intestinal Flora Regulation of Ulcerative Colitis Mice Colonized by Candida albicans
    November 28, 2025
    Diagnostics, Vol. 15, Pages 3047: Lung Ultrasound Versus Chest Radiography for Acute Heart Failure: Impact of Heart Failure History and Pleural Effusion
    November 28, 2025

    Greenberg

    Learn More →
    This website uses cookies to improve user experience. By continuing to use the site, you consent to the use of cookies.