Enhancing Network Intrusion Detection Systems through Cost-Sensitive Ensemble Learning with the CS-Forest Approach for Accurate Detection of Minority-Class Attacks

The growing complexity and number of cyberattacks make it necessary to have sophisticated security mechanisms to defend computer networks. Intrusion Detection Systems (IDS) play a crucial role in observing network traffic and detecting malicious behavior. However, conventional IDS tend to perform poorly in the detection of minority-class attacks like User-to-Root (U2R) and Remote-to-Local (R2L) because datasets like NSL-KDD are class-imbalanced. This imbalance results in high false-positive and false-negative rates, weakening the performance of the IDS. To meet these challenges, this research presents a new Cost-Sensitive Forest (CS-Forest) model that combines cost-sensitive learning and ensemble decision tree approaches. The CS-Forest model gives higher misclassification costs to minority classes to increase the identification of underrepresented attacks. It is tested on the NSL-KDD dataset, where the CS-Forest model achieved 87.41% accuracy, higher than standard classifiers like Average One Dependency Estimator (A1DE), K-Nearest Neighbor (KNN), Naïve Bayes (NB), Random Forest (RF), and Support Vector Machine (SVM). The design of the model lowers false positives and negatives very efficiently, showing its strength and effectiveness in strengthening network security by identifying infrequent intrusion attacks more efficiently.