<p>The unprecedented growth of big data in modern networked infrastructures has intensified the complexity of cyberattacks, making intrusion detection increasingly challenging in heterogeneous, high-volume, and rapidly evolving environments. Traditional intrusion detection systems (IDS) often suffer from scalability limitations, rigid rule-based structures, and high false-positive rates, which restrict their adaptability to emerging threats and zero-day exploits. Recent advancements in Artificial Intelligence (AI) offer promising capabilities for automated intrusion detection; however, the performance of these models remains highly sensitive to optimal architectural and hyperparameter configurations. To address these gaps, this study proposes a scalable and context-aware hybrid IDS framework that integrates a Long Short-Range Transformer (LSRT) for hierarchical sequential modeling with a Deep Gradient Boosting Classifier (DGBC) for structured traffic analysis. The entire pipeline is optimized using the Tree-Structured Parzen Estimator (TPE), a state-of-the-art probabilistic optimization method known for efficient exploration of complex hyperparameter spaces and superior performance in large-scale learning systems. The proposed LSRT–DGBC–TPE framework is comprehensively evaluated across six benchmark intrusion detection datasets—CICIDS2017, CICIDS2018, UNSW-NB15, BoT-IoT, NSL-KDD, and TON_IoT—covering a wide spectrum of modern cyberattack vectors, including DDoS, botnet, brute force, reconnaissance, infiltration, system compromise, and IoT-centric anomalies. The proposed LSRT–DGBC–TPE hybrid IDS achieved a maximum cross-dataset accuracy of 99.18%, an F1-score of 99.07%, an AUC of 99.68%, and a remarkably low false-positive rate of 0.72%, representing an average accuracy improvement of approximately 2.4–3.4% and a false-positive reduction of nearly 65–75% compared to conventional CNN, LSTM, and ensemble-based state-of-the-art IDS models across six large-scale benchmark datasets. The findings highlight the robustness and cross-dataset generalizability of the TPE-driven hybrid architecture, positioning it as a strong and scalable candidate for real-world big-data security deployments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Hybrid Optimization Intelligence-Based Intrusion Detection Framework for Big Data Security in Complex and Heterogeneous Network Traffic

  • Majid Altuwairiqi

摘要

The unprecedented growth of big data in modern networked infrastructures has intensified the complexity of cyberattacks, making intrusion detection increasingly challenging in heterogeneous, high-volume, and rapidly evolving environments. Traditional intrusion detection systems (IDS) often suffer from scalability limitations, rigid rule-based structures, and high false-positive rates, which restrict their adaptability to emerging threats and zero-day exploits. Recent advancements in Artificial Intelligence (AI) offer promising capabilities for automated intrusion detection; however, the performance of these models remains highly sensitive to optimal architectural and hyperparameter configurations. To address these gaps, this study proposes a scalable and context-aware hybrid IDS framework that integrates a Long Short-Range Transformer (LSRT) for hierarchical sequential modeling with a Deep Gradient Boosting Classifier (DGBC) for structured traffic analysis. The entire pipeline is optimized using the Tree-Structured Parzen Estimator (TPE), a state-of-the-art probabilistic optimization method known for efficient exploration of complex hyperparameter spaces and superior performance in large-scale learning systems. The proposed LSRT–DGBC–TPE framework is comprehensively evaluated across six benchmark intrusion detection datasets—CICIDS2017, CICIDS2018, UNSW-NB15, BoT-IoT, NSL-KDD, and TON_IoT—covering a wide spectrum of modern cyberattack vectors, including DDoS, botnet, brute force, reconnaissance, infiltration, system compromise, and IoT-centric anomalies. The proposed LSRT–DGBC–TPE hybrid IDS achieved a maximum cross-dataset accuracy of 99.18%, an F1-score of 99.07%, an AUC of 99.68%, and a remarkably low false-positive rate of 0.72%, representing an average accuracy improvement of approximately 2.4–3.4% and a false-positive reduction of nearly 65–75% compared to conventional CNN, LSTM, and ensemble-based state-of-the-art IDS models across six large-scale benchmark datasets. The findings highlight the robustness and cross-dataset generalizability of the TPE-driven hybrid architecture, positioning it as a strong and scalable candidate for real-world big-data security deployments.