In recent years, as the frequency and types of network attacks increase, Intrusion Detection Systems (IDSs) have become essential components of most organizations’ security infrastructure. Although the use of machine learning methods shows great promise for the design of effective IDSs, existing methods still have several limitations. Single classifiers are never able to recognize all types of attacks, regardless of the underlying algorithm. This paper proposes MIDES, a novel multi-layer IDS that integrates binary, multi-class, and meta-classifiers into a flexible architecture. MIDES employs a fast binary classifier to filter clearly benign traffic, an ensemble of specialized multi-class classifiers to analyze suspicious events, and a meta-classification layer to refine decisions. A self-adaptive agent dynamically selects the most appropriate decision strategy for each input using both static and dynamic heuristics. The system is designed to be extensible, adaptable to evolving threats, and efficient in real-time scenarios. The proposed system has been extensively evaluated on the well-known CIC-IDS2017 and CSE-CIC-IDS2018 public datasets and compared against state-of-the-art works, showing that MIDES achieves high accuracy across all 14 attack classes while significantly reducing classification time, outperforming the compared systems.
Agate, V., De Paola, A., Ferraro, P., Lo Re, G. (2025). MIDES: A multi-layer Intrusion Detection System using ensemble machine learning. INTERNATIONAL JOURNAL OF INTELLIGENT NETWORKS, 6, 204-223 [10.1016/j.ijin.2025.09.001].
MIDES: A multi-layer Intrusion Detection System using ensemble machine learning
Agate, Vincenzo
;De Paola, Alessandra;Ferraro, Pierluca;Lo Re, Giuseppe
2025-09-01
Abstract
In recent years, as the frequency and types of network attacks increase, Intrusion Detection Systems (IDSs) have become essential components of most organizations’ security infrastructure. Although the use of machine learning methods shows great promise for the design of effective IDSs, existing methods still have several limitations. Single classifiers are never able to recognize all types of attacks, regardless of the underlying algorithm. This paper proposes MIDES, a novel multi-layer IDS that integrates binary, multi-class, and meta-classifiers into a flexible architecture. MIDES employs a fast binary classifier to filter clearly benign traffic, an ensemble of specialized multi-class classifiers to analyze suspicious events, and a meta-classification layer to refine decisions. A self-adaptive agent dynamically selects the most appropriate decision strategy for each input using both static and dynamic heuristics. The system is designed to be extensible, adaptable to evolving threats, and efficient in real-time scenarios. The proposed system has been extensively evaluated on the well-known CIC-IDS2017 and CSE-CIC-IDS2018 public datasets and compared against state-of-the-art works, showing that MIDES achieves high accuracy across all 14 attack classes while significantly reducing classification time, outperforming the compared systems.
| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S2666603025000156-main-2.pdf
accesso aperto
Descrizione: Articolo in versione editoriale
Tipologia:
Versione Editoriale
Dimensione
2.67 MB
Formato
Adobe PDF
|
2.67 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
