An Incremental Learning-Based Majority Voting Framework for Network Intrusion Detection System

Abstract

In the past, Intrusion Detection has played a crucial role in securing networked infrastructures against malicious attacks. Initially dominated by signature-based methods, early IDS frameworks excelled in identifying known threats but struggled with zero-day or polymorphic attacks. To address this limitation, anomaly-based systems emerged to detect unknown threats by analyzing deviations from normal behavior. Nevertheless, these systems frequently encountered high false-positive rates and lacked contextual precision. The introduction the advancement progress in machine learning (ML) has enabled the design of intelligent IDS capable of learning from evolving attack patterns. This study introduces an integrated Intrusion Detection System design which integrates signature-based and anomaly-based detection, strengthened by a majority-voting ensemble machine learning model. Leveraging public datasets like NSL-KDD and CICIDS2017, the system undergoes thorough Data preprocessing, feature extraction, and classification using (Support Vector Machine) SVM, Decision Tree, and Random Forest algorithms. Each model plays a role in overall prediction, enhancing robustness and accuracy through majority voting. Empirical findings reveal the suggested idea hybrid the model obtains a precision rate of over 94%, with precision and recall consistently exceeding 90% across key attack categories. The modular design allows for deployment in enterprise networks and real-time systems, providing scalability and low-latency performance. Moreover, the framework effectively tackles challenges such as dataset imbalance, feature noise, and model generalization. This study emphasizes the viability of implementing machine learning-based IDS solutions in contemporary digital infrastructures, combining detection accuracy with operational feasibility.

Introduction

With the rise of interconnected digital systems, cyber threats are becoming increasingly complex, rendering traditional security measures like firewalls and antivirus insufficient. Intrusion Detection Systems (IDS) play a critical role in detecting unauthorized access and unusual network behavior. IDS technologies mainly fall into two types: signature-based (effective for known threats but weak against new attacks) and anomaly-based (can detect unknown threats but prone to false positives). Both have limitations when used alone.

Recent research integrates Machine Learning (ML) and Artificial Intelligence (AI) into IDS to improve detection of evolving threats. ML models like Support Vector Machines (SVM), Decision Trees, and Random Forests have shown promising results when trained on datasets like NSL-KDD and CICIDS2017, which represent diverse and modern attack types.

This work proposes a hybrid IDS combining signature- and anomaly-based methods with an ensemble ML approach. It uses a voting mechanism among SVM, Random Forest, and Decision Tree classifiers to boost accuracy and reduce false alarms. The system incorporates thorough data preprocessing, feature selection, and engineering to enhance adaptability. Tested on NSL-KDD and CICIDS2017 datasets, the framework achieved high performance metrics: approximately 95% accuracy, 91.5% precision, 93.2% recall, and 92.3% F1-score, demonstrating strong detection capability and balance across attack types.

Implemented as a real-time detection tool with a Flask-based backend and user-friendly web interface, the system supports live network traffic monitoring and handles high concurrency with low latency (~90 ms). Each classifier contributes roughly equally to the ensemble, with Random Forest performing slightly better.

Overall, the hybrid ensemble IDS presents a scalable, precise, and practical solution for modern network security challenges, building on existing research while addressing limitations like adaptability and false alarms.

Conclusion

This research introduces a combined Network Intrusion Detection System (IDS) that combines machine learning classifiers through a majority voting ensemble for enhanced detection of malicious activities in network traffic. The system addresses the limitations of traditional IDS methods, particularly their inability to identify new attacks or reduce false positives in dynamic network settings. By utilizing both the NSL-KDD and CICIDS2017 datasets, the framework underwent rigorous training and evaluation on various attack scenarios and real-world traffic patterns. The approach involves structured data preprocessing, effective feature selection, and the use of (Support Vector Machine) SVM, (Decision Tree) DT, and Random Forest (RF) classifiers. The ensemble method harnesses the unique strengths of each algorithm while minimizing biases in individual models. Experimental assessments confirmed the framework\'s efficacy, achieving high results assessed across various evaluation measures including accuracy and precision, and recall and F1-score consistently exceeding 90%. Furthermore, the system\'s a modular structure provides compatibility with existing enterprise networks, offering a scalable and Flexible real-time threat detection system solution. The results unequivocally show that the presented system tackles the initial problem statement by providing an IDS which is intelligent and deployable in practical environments. It significantly enhances detection reliability while preserving operational efficiency. As a direction for future research, the framework could be improved to incorporate modern deep learning approaches including LSTM and CNN to enhance sequence-aware attack recognition. Additionally, real-time deployment implementation could benefit from federated learning, enabling secure model training across distributed data sources while upholding privacy. These advancements aim to adapt and the efficacy of intrusion detection in complex, decentralized infrastructures.

References

[1] Kumar, S., Singh, A., & Verma, R. (2018). An overview of intrusion detection Systems along with their classification approaches. International Journal of Computer Applications,179(30), 28–35. [2] Zhang, Y., & Lee, H. (2019). Neural Network–based Techniques for Network Intrusion Detection: A Comparative Analysis. IEEE Access, 7, 21954–21962. [3] Patel, N., Sharma, D., & Bhatt, A. (2020). Hybrid Intrusion Detection Framework Based on Machine Learning Techniques Procedia Computer Science, 167, 1234–1243. [4] Ahmed, M., & Khan, S. (2021). Machine Learning Approaches to Intrusion Detection: A Comparative Analysis. Journal of Network and Computer Applications,150, 102–110. [5] Smith, J., & Jones, T. (2017). A Review of Signature-based and Anomaly-based Intrusion Detection Systems. International Journal of Cybersecurity, 5(1), 44–53. [6] Roy, A., & Gupta, P. (2022). Comparison of A Study on Supervised Machine Learning Algorithms in Network Intrusion Detection. International Journal of Information Security, 21(2), 158–168. [7] Chen, L., Zhao, M., & Wang, H. (2020). Enterprise network real-time intrusion detection system. Computers & Security, 95, 101–113. [8] Singh, R., & Reddy, K. (2018). Intrusion Detection with an Ensemble Learning Approach. International Journal of Computer Science & Information Security, 16(6), 45–51. [9] Liu, X., Zhou, J., & Tang, Y. (2019). Improving Intrusion Detection System Accuracy through Feature Selection and Data Preprocessing Techniques. Journal of Information Assurance and Security, 14(4), 217-223. [10] Mehta, A., & Sharma, V. (2021). Intrusion Network Traffic Anomaly identification using convolutional neural networks and Applications33, 15075-15089.

Copyright

Copyright © 2025 K Rajitha, Dr. Girish Kumar D. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.