Flow-Based Intrusion Detection Using Ensemble Machine Learning
DOI:
https://doi.org/10.58445/rars.3367Keywords:
Flow-based intrusion detection, Network traffic analysis, Anomaly detection, Supervised learning, Ensemble learning, Stacking, Meta-classifier, Feature engineering, Model generalizationAbstract
This paper presents a flow-based intrusion detection approach designed for modern encrypted network traffic. The proposed method uses an ensemble of machine learning classifiers in a two-tier stacking architecture to detect malicious flows using only flow-level metadata, without inspecting any packet payloads. The approach is evaluated on a large-scale benchmark dataset (CIC-IDS2018) containing diverse attack types mixed with extensive encrypted traffic. Results indicate that the stacking ensemble outperforms individual classifiers and traditional voting ensembles in detecting a wide range of attacks, while preserving privacy by avoiding decryption. The study establishes baseline performance for various algorithms on encrypted flows, demonstrates the advantages of learned ensemble fusion, and provides insights through ablation and feature augmentation experiments. These contributions illustrate a practical solution for intrusion detection in fully encrypted network environments, combining high detection effectiveness with privacy preservation.
References
Kang, M. et al. (2017). Encrypted Traffic Analysis: A New Blind Spot for Intrusion Detection. Proceedings of the IEEE Conference on Communications and Network Security (CNS), 415–418.
Shiravi, A., Shiravi, H., Tavallaee, M., & Ghorbani, A.A. (2012). Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security, 31(3), 357–374.
Ibraheem, H.R., Zaki, N.D., & Al-Mashhadani, M.I. (2022). Anomaly Detection in Encrypted HTTPS Traffic Using Machine Learning: A Comparative Analysis of Feature Selection Techniques. Mesopotamian Journal of Computer Science, 2022(1), 18–28.
Singh, K., Kashyap, A., & Cherukuri, A.K. (2025). Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models. arXiv preprint arXiv:2505.16261.
Guo, Y. (2023). A Survey of Machine Learning-Based Zero-Day Attack Detection: Challenges and Future Directions. Computer Communications, 198, 50–66.
Emanet, S., Karataş Baydoğan, G., & Demir, O. (2023). An Ensemble Learning Based IDS Using Voting Rule: VEL-IDS. PeerJ Computer Science, 9:e1553. https://doi.org/10.7717/peerj-cs.1553
Sharafaldin, I., Lashkari, A.H., & Ghorbani, A.A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), 108–116.
Downloads
Posted
Categories
License
Copyright (c) 2025 Devesh Senthilraja
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
