image: The first stage involves feature selection, where a Double Feature Selection method is applied to identify the most relevant and influential features for training the model. In the second stage, the model is developed using an ensemble machine learning stacking approach by combining K-Nearest Neighbors and Gaussian Naive Bayes classifiers with a Random Forest classifier. A final classifier is then produced by selecting the optimal features for each classifier at each stage.
Credit: THE JOURNAL OF ENGINEERING RESEARCH 2025;22:173–186
A study published in The Journal of Engineering Research (TJER) at Sultan Qaboos University presents an advanced intrusion detection system (IDS) designed to improve the accuracy and efficiency of identifying cyber-attacks. The proposed model combines a double feature selection technique with a stacked ensemble machine learning approach to enhance detection performance while reducing computational complexity.
The system applies a two-stage feature reduction process. First, the Variance Threshold method removes low-variance features. This is followed by the Select-K-Best technique to retain the most relevant attributes. As a result, datasets were reduced to as few as 13 or 19 key features, helping to lower processing time without compromising performance.
The classification framework is based on a stacking ensemble structure. K-Nearest Neighbors and Gaussian Naive Bayes are used as base learners, while a Random Forest classifier—optimized through Grid Search cross-validation—serves as the meta-classifier.
The model was evaluated using the CIC-IDS2017 and CIC-DDoS2019 benchmark datasets, which include modern cyber-attack scenarios such as DDoS, DoS, brute-force, port scans, web attacks, and bot activity. Experimental results showed accuracy rates reaching up to 99.96%, with false alarm rates as low as 0.007% and detection times under 13 seconds.
Compared with several existing intrusion detection approaches, the proposed system demonstrates competitive performance while addressing common limitations such as redundant feature processing, extended training times, and challenges in handling imbalanced datasets.
Given the increasing complexity of cyber threats associated with IoT, cloud computing, and high-speed networks, the study highlights the importance of efficient feature engineering combined with ensemble learning techniques. The authors suggest that the approach may support practical, real-time cybersecurity applications and recommend further validation in IoT environments and hybrid deep learning frameworks.
Journal
The Journal of Engineering Research [TJER]
Method of Research
Computational simulation/modeling
Subject of Research
Not applicable
Article Title
An Intrusion and Cyber-Attack Detection System Based on Ensemble Machine Learning Techniques
Article Publication Date
7-Jan-2026