Enhanced Meta-IDS: Adaptive multi-stage IDS with sequential model adjustments

Nadia Niknami; Vahid Mahzoon; Slobadan Vucetic; Jie Wu

doi:10.1016/j.hcc.2025.100298

High-Confidence Computing ›› 2025, Vol. 5 ›› Issue (3) : 100298 DOI: 10.1016/j.hcc.2025.100298

Research Articles

research-article

Enhanced Meta-IDS: Adaptive multi-stage IDS with sequential model adjustments

Author information +

History +

PDF (2161KB)

Abstract

Traditional single-machine Network Intrusion Detection Systems (NIDS) are increasingly challenged by rapid network traffic growth and the complexities of advanced neural network methodologies. To address these issues, we propose an Enhanced Meta-IDS framework inspired by meta-computing principles, enabling dynamic resource allocation for optimized NIDS performance. Our hierarchical architecture employs a three-stage approach with iterative feedback mechanisms. We leverage these intervals in real-world scenarios with intermittent data batches to enhance our models. Outputs from the third stage provide labeled samples back to the first and second stages, allowing retraining and fine-tuning based on the most recent results without incurring additional latency. By dynamically adjusting model parameters and decision boundaries, our system optimizes responses to real-time data, effectively balancing computational efficiency and detection accuracy. By ensuring that only the most suspicious data points undergo intensive analysis, our multi-stage framework optimizes computational resource usage. Experiments on benchmark datasets demonstrate that our Enhanced Meta-IDS improves detection accuracy and reduces computational load or CPU time, ensuring robust performance in high-traffic environments. This adaptable approach offers an effective solution to modern network security challenges.

Keywords

Adaptive IDS / CPU time / Dynamic adaptation / Intrusion detection system(IDS) / Meta-computing

Cite this article

Download citation ▾

Nadia Niknami, Vahid Mahzoon, Slobadan Vucetic, Jie Wu. Enhanced Meta-IDS: Adaptive multi-stage IDS with sequential model adjustments. High-Confidence Computing, 2025, 5(3): 100298 DOI:10.1016/j.hcc.2025.100298

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Nadia Niknami: Writing - review & editing, Writing - original draft, Validation, Methodology, Formal analysis, Conceptualization. Vahid Mahzoon: Writing - review & editing, Writing - original draft, Methodology, Data curation, Conceptualization. Slobadan Vucetic: Writing - review & editing. Jie Wu: Supervision.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	V. Chandola, A. Banerjee, V. Kumar, Anomaly detection: A survey, ACM Comput. Surv. 41 (2009) 1-58.

[2]	Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, F. Ahmad, Network intrusion detection system: A systematic study of machine learning and deep learning approaches, Trans. Emerg. Telecommun. Technol. 32 (2021) e4150.

[3]	A.A. Ahmad, S. Boukari, A.M. Bello, M.A. Muhammad, A survey of intrusion detection techniques on software-defined networking, Intl. J. Innov. Sci. Res. Technol. (2021).

[4]	A. Chen, Y. Fu, X. Zheng, G. Lu, An efficient network behavior anomaly detection using a hybrid DBN-LSTM network, Comput. Secur. 114 (2022) 102600.

[5]	W. Wei, H. Gu, W. Deng, Z. Xiao, X. Ren, ABL-TC: A lightweight design for network traffic classification empowered by deep learning, Neurocomputing 489 (2022) 333-344.

[6]	N. Niknami, V. Mahzoon, J. Wu,Meta-IDS: A multi-stage deep intrusion detection system with optimal CPU usage, in: 1st IEEE International Conference on Meta Computing, ICMC, 2024.

[7]	I. Goodfellow, Y. Bengio, A. Courville, Deep learning, MIT Press, 2016, http://www.deeplearningbook.org.

[8]	M. Nayebi Kerdabadi, A. Hadizadeh Moghaddam, B. Liu, M. Liu, Z. Yao, Contrastive learning of temporal distinctiveness for survival analysis in electronic health records, in:Proceedings of the 32nd ACM International Conference on Information and Knowledge Management, 2023, pp. 1897-1906.

[9]	N. Niknami, A. Srinivasan, J. Wu, Cyber-AnDe: Cybersecurity framework with adaptive distributed sampling for anomaly detection on SDNs, IEEE Trans. Inf. Forensics Secur. (2024).

[10]	A. Yazdinejadna, R.M. Parizi, A. Dehghantanha, M.S. Khan, A kangaroo- based intrusion detection system on software-defined networks, Comput. Netw. 184 (2021) 107688.

[11]	R. Zhao, G. Gui, Z. Xue, J. Yin, T. Ohtsuki, B. Adebisi, H. Gacanin, A novel intrusion detection method based on lightweight neural network for internet of things, IEEE Internet Things J. 9 (2021) 9960-9972.

[12]	Z. Wang, Z. Li, D. He, S. Chan, A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning, Expert Syst. Appl. 206 (2022) 117671.

[13]	S. Yang, X. Zheng, Z. Xu, X. Wang, A lightweight approach for network intrusion detection based on self-knowledge distillation, in: Proc. of the IEEE Intl. Conf. on Communications, ICC, 2023, pp. 3000-3005.

[14]	W. Ge, Z. Cui, J. Wang, B. Tang, X. Li, MetaCluster: a universal interpretable classification framework for cybersecurity, IEEE Trans. Inf. Forensics Secur. (2024) 1.

[15]	N. Niknami, V. Mahzoon, J. Wu,PTN-IDS: Prototypical network solution for the few-shot detection in intrusion detection systems, in: IEEE 49th Conference on Local Computer Networks, LCN, IEEE, 2024, pp. 1-9.

[16]	N. Hocine, C. Zitouni, A multi-agent system based on dynamic load balancing for collaborative intrusion detection, in: Proc. of the IEEE Intl. Conf. on Networking and Advanced Systems, ICNAS, 2023, pp. 1-6.

[17]	N. Niknami, J. Wu, Enhancing load balancing by intrusion detection system chain on SDN data plane, in: Proc. of the IEEE Conf. on Communications and Network Security, CNS, 2022, pp. 264-272.

[18]	M. Verkerken, L. D’hooge, D. Sudyana, Y.-D. Lin, T. Wauters, B. Volckaert, F. De Turck, A novel multi-stage approach for hierarchical intrusion detection, IEEE Trans. Netw. Serv. Manag. (2023).

[19]	N. Niknami, V. Mahzoon, J. Wu, CrossAlert: Enhancing multi-stage attack detection through semantic embedding of alerts across targeted domain, in: Proc. of the IEEE Conf. on Communications and Network Security, CNS, 2024.

[20]	X. Cheng, M. Xu, R. Pan, D. Yu, C. Wang, X. Xiao, W. Lyu, Meta computing, IEEE Netw. (2023).

[21]	Y. Liu, M. Zhang, X. Wang, Task assignment and capacity allocation for ML-based intrusion detection in resource-constrained edge networks, IEEE Xplore (2022).

[22]	A. Gupta, S. Singh, R. Kumar, Fair resource allocation in an intrusion-detection system for edge computing, IEEE Xplore (2018).

[23]	J.R. Vergara, P.A. Estévez, A review of feature selection methods based on mutual information, Neural Comput. Appl. 24 (2014) 175-186.

[24]	H. Peng, F. Long, C. Ding, Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy, IEEE Trans. Pattern Anal. Mach. Intell. 27 (2005) 1226-1238.

[25]	K. Manohar, B.W. Brunton, J.N. Kutz, S.L. Brunton, Data-driven sparse sen-sor placement for reconstruction: Demonstrating the benefits of exploiting known patterns, IEEE Control Syst. Mag. 38 (2018) 63-86.