A method for improving the accuracy of an intrusion detection system in uncertainty zones based on error analysis and selective decision revision

Authors

DOI:

https://doi.org/10.34185/1562-9945-2-163-2026-09

Keywords:

intrusion detection system, binary classification, class imbalance, error analysis, uncertainty zone, selective decision revision, NSL-KDD, STFT, convolutional neural network

Abstract

The paper proposes a method for improving the accuracy of an intrusion detection sys-tem (IDS) in the task of binary classification of network traffic under class imbalance and the presence of borderline predictions. The approach is based on a two-stage decision scheme that combines error-driven data adaptation and selective decision revision within a prede-fined uncertainty zone. At the first stage, a baseline convolutional neural network (CNN) model is trained using spectrogram-based representations of network connections obtained via Short-Time Fourier Transform (STFT). After training, classification errors on the training and validation subsets are analyzed at the level of attack subclasses. Subclasses that contrib-ute the largest number of false decisions are identified and used to form an extended training set through targeted synthetic oversampling (ErrorBoost). A secondary IDS model with the same architecture is then trained from scratch on the extended dataset.
To handle borderline predictions, an uncertainty zone is introduced as an interval of posterior probabilities close to the decision threshold. For samples whose predicted probabil-ity falls within this interval, the decision of the baseline model is selectively re-evaluated us-ing the auxiliary model. Final classification is determined according to confidence thresholds defined exclusively on the validation subset, without using test data during parameter tuning. Such a mechanism enables controlled adjustment of the trade-off between false positive and false negative rates, which is critical in practical IDS deployment.
Experimental evaluation was conducted on the NSL-KDD dataset using a fixed protocol with separate training, validation, and test subsets. The ErrorBoost strategy alone did not provide stable improvements when applied as an independent solution. However, the com-bined approach integrating error-based oversampling and selective decision revision achieved improved performance. In the best experimental run, the overall accuracy reached 0.8522 on the test subset, while maintaining balanced precision and recall for the attack class. The results confirm that incorporating model-specific error analysis and selective re-evaluation of uncertain predictions can enhance IDS performance without increasing archi-tectural complexity or violating experimental validity.

References

Dalou’, J., Al-Duwairi, B., & Al-Jarrah, M. (2020). Adaptive entropy-based detection and mitigation of DDoS attacks in SDN networks. International Journal of Computing, 19(3), 399–410. doi: 10.47839/ijc.19.3.1889.

Joseph, J. E., Aleke, N. T., & Onyeanisi, O. P. (2025). Deep learning based intrusion detection system for network security in IoT system. International Journal of Education, Management, and Technology, 3(1), 119–138. doi: 10.58578/ijemt.v3i1.4539.

Farooq, M., & Ahmad, F. (2024). Improved intrusion detection in IoT using multi-layered neural architectures. International Journal of Computing, 23(2), 268–273. doi:10.47839/ijc.23.2.3546.

Kashtalian, A., Sergii, L., Sachenko, A., Savenko, B., Savenko, O. & Nicheporuk, A. (2025). Evaluation criteria of centralization options in the architecture of multicomputer systems with traps and baits. Radioelectronic and Computer Systems, 2025(1), 264–297. doi:10.32620/reks.2025.1.18.

Denysiuk, D., Savenko, O., Lysenko, S., Savenko, B., & Kashtalian, A. (2023). Method for detecting steganographic changes in images using machine learning. In Proceedings of the 13th International Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 1–6). Athens: IEEE. doi: 10.1109/DESSERT61349.2023.10416453.

Alladi, T., Chamola, V., Sikdar, B., & Choo, K.-K. R. (2020). Consumer IoT: Security Vulnerability Case Studies and Solutions. IEEE Consumer Electronics Magazine, 9(2), 17–25. doi:10.1109/MCE.2019.2953740

Hussain, A., Sharif, H., Rehman, F., Kirn, H., Sadiq, A., & Khan, M. S. (2023). A Systematic Review of Intrusion Detection Systems in Internet of Things Using ML and DL. 2023 4th International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). doi:10.1109/iCoMET57998.2023.10099142

Kilincer, I. F., Ertam, F., & Sengur, A. (2021). Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks, 188, article 107840. doi:10.1016/j.comnet.2021.107840

Li, G., & Jung, J. J. (2023). Deep learning for anomaly detection in multivariate time series: Approaches, applications, and challenges. Information Fusion, 91, 93–102. doi:10.1016/j.inffus.2022.10.008

Sheikh, M. S., & Peng, Y. (2022). Procedures, Criteria, and Machine Learning Techniques for Network Traffic Classification: A Survey. IEEE Access, 10, 64806–64829. doi:10.1109/access.2022.3181135

Mari, A.-G., Zinca, D., & Dobrota, V. (2023). Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network. Sensors, 23(3), 1315. doi:10.3390/s23031315

Ahmad, Z., Khan, A. S., Shiang, C. W., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Emerging Telecommunications Technologies, 32(1), e4150. doi:10.1002/ett.4150

Mijalkovic, J., & Spognardi, A. (2022). Reducing the False Negative Rate in Deep Learning Based Network Intrusion Detection Systems. Algorithms, 15(8), 258. doi:10.3390/a15080258

Shahriar, M. H., Haque, N. I., Rahman, M. A., & Alonso, M. (2020). G-IDS: Generative Adversarial Networks Assisted Intrusion Detection System. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). doi:10.1109/compsac48688.2020.0-218

Cai, Z., Du, H., Wang, H., Zhang, J., Si, Y., & Li, P. (2023). One-Dimensional Convolutional Wasserstein Generative Adversarial Network Based Intrusion Detection Method for Industrial Control Systems. Electronics, 12(22), 4653. doi:10.3390/electronics12224653

Baich, M., & Sael, N. (2025). Enhancing Machine Learning Model Prediction with Feature Selection for Botnet Intrusion Detection. Engineering Proceedings, 112(1), 55. doi:10.3390/engproc2025112055

Hassannataj Joloudari, J., Marefat, A., Nematollahi, M. A., Oyelere, S. S., & Hussain, S. (2023). Effective Class-Imbalance Learning Based on SMOTE and Convolutional Neural Networks. Applied Sciences, 13(6), 4006. doi:10.3390/app13064006

Yang, Z., Liu, X., Li, T., Wu, D., Wang, J., Zhao, Y., & Han, H. (2022). A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Computers & Security, 116, 102675. doi:10.1016/j.cose.2022.102675

Maniriho, P., Niyigaba, E., Bizimana, Z., Twiringiyimana, V., Mahoro, L. J., & Ahmad, T. (2020). Anomaly-based Intrusion Detection Approach for IoT Networks Using Machine Learning. 2020 International Conference on Computer Engineering, Network, and Intelligent Multimedia (CENIM). doi:10.1109/CENIM51130.2020.9297958

Sheibani, M., Konur, S., Awan, I., & Qureshi, A. (2024). A Multi-Layered Defence Strategy against DDoS Attacks in SDN/NFV-Based 5G Mobile Networks. Electronics, 13(8), 1515. doi:10.3390/electronics13081515

Sathaporn, P., Krungseanmuang, W., Chaowalittawin, V., Benjangkaprasert, C., & Purahong, B. (2025). DDoS Detection Using a Hybrid CNN–RNN Model Enhanced with Multi-Head Attention for Cloud Infrastructure. Applied Sciences, 15(21), 11567. doi:10.3390/app152111567

Downloads

Published

2026-03-31

Issue

Vol. 2 No. 163 (2026): System technologies

Section

Статьи

License

Copyright (c) 2026 System technologies

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.