Call for Paper - Upcoming Issues

Real-Time Intrusion Detection Using Adaptive Sliding Windows for Concept Drift

International Journal of Electronics and Communication Engineering
© 2025 by SSRG - IJECE Journal
Volume 12 Issue 8
Year of Publication : 2025
Authors : S. Meganathan, A. Sumathi, S. Sheik Mohideen Shah, R. Rajakumar
10.14445/23488549/IJECE-V12I8P111
pdf
How to Cite?

S. Meganathan, A. Sumathi, S. Sheik Mohideen Shah, R. Rajakumar, "Real-Time Intrusion Detection Using Adaptive Sliding Windows for Concept Drift," SSRG International Journal of Electronics and Communication Engineering, vol. 12,  no. 8, pp. 123-137, 2025. Crossref, https://doi.org/10.14445/23488549/IJECE-V12I8P111

Abstract:

Real-time intrusion detection has become crucial as a result of the rapid development of networks. This is because the distribution of the data and behaviors changes over time, a phenomenon known as concept drift. In order to address the data drift, this study suggests that an online adaptive sliding windowing method is used to tackle the concept drift, which gives a timely response for incoming data packets. Initially, collected different Intrusion Detection System (IDS) datasets like NSL KDD from the concerned repository and dataset evaluated by conventional machine learning models such as Logistic Regression(LR), Random Forest (RF), Decision Tree(DT), K-Nearest Neighbor (KNN), Gradient Boosting classifiers (GBT), and Light(GBM) and the results showed low detection rate 70.24%, 76.77%, 76.83%,77.20%,78.02% and 79.35% due to training and testing datasets consists of unequal class distribution and concept drift. Applying the oversampling, Undersampling, and SMOTE approaches, the accuracy was somewhat improved to 79.77% and 81.21% while using Synthetic Minority oversampling techniques (SMOTE) to address the majority and minority issues known as data imbalance. To further enhance the detection rate, developed a proposed model called Adaptive Drift-aware Windowing Intrusion Detection System with Optimization (ADWISE) was developed, combining adaptive sliding windows with random search hyperparameter tuning optimization. The proposed ADWISE framework achieves a top accuracy of 98.27% while effectively managing both class imbalance and concept drift.

Keywords:

Concept Drift, Class Imbalance, Adaptive Machine Learning, Drift Detection, Streaming Data Analytics. Real-Time Learning.

References:

[1] S. Priya, and R. Annie Uthra, “Ensemble Framework for Concept Drift Detection and Class Imbalance in Data Streams,” Multimedia Tools and Applications, vol. 84, pp. 8823-8837, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Shuo Wang et al., “Concept Drift Detection for Online Class Imbalance Learning,” The 2013 International Joint Conference on Neural Networks (IJCNN), Dallas, TX, USA, pp. 1-10, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[3] S. Priya, and R. Annie Uthra, “Deep Learning Framework for Handling Concept Drift and Class Imbalanced Complex Decision-Making on Streaming Data,” Complex & Intelligent Systems, vol. 9, pp. 3499-3515, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Mustafa Sabah Noori et al., “Feature Drift Aware for Intrusion Detection System Using Developed Variable Length Particle Swarm Optimization in Data Stream,” IEEE Access, vol. 11, pp. 128596-128617, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Stefan Axelsson, “The Base-Rate Fallacy and the Difficulty of Intrusion Detection,” ACM Transactions on Information and System Security, vol. 3, no. 3, pp. 186-205, 2000.
[CrossRef] [Google Scholar] [Publisher Link]
[6] R.P. Lippmann et al., “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation,” Proceedings DARPA Information Survivability Conference and Exposition, DISCEX'00, Hilton Head, SC, USA, pp. 12-26, 2000.
[CrossRef] [Google Scholar] [Publisher Link]
[7] K. Ashok Kumar, “Optimized Bayesian Regularization-Back Propagation Neural Network using Data-Driven Intrusion Detection System in Internet of Things,” IEEE Access, vol. 13, no. 2, 249-263.
[CrossRef] [Publisher Link]
[8] P. García-Teodoro et al., “Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges,” Computers & Security, vol. 28, no. 1-2, pp. 18-28, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Tarid Wongvorachan, Surina He, and Okan Bulut, “A Comparison of Undersampling, Oversampling, and SMOTE Methods for Dealing with Imbalanced Classification in Educational Data Mining,” Information, vol. 14, no. 1, pp. 1-15, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Albert Bifet, and Ricard Gavaldà, “Learning from Time-Changing Data with Adaptive Windowing,” Proceedings of the 2007 SIAM International Conference on Data Mining, pp. 443-448, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Souad Atbib, Chaimae Saadi, and Habiba Chaoui, “Design of A Distributed Intrusion Detection System for Streaming Data in IoT Environments,” 2023 9th International Conference on Optimization and Applications (ICOA), AbuDhabi, United Arab Emirates, pp. 1-6, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Methaq A. Shyaa et al., “Enhanced Intrusion Detection with Data Stream Classification and Concept Drift Guided by the Incremental Learning Genetic Programming Combiner,” Sensors, vol. 23, no. 7, pp. 1-34, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Mingyuan Zang, and Ying Yan, “Machine Learning-Based Intrusion Detection System for Big Data Analytics in VANET,” 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), Helsinki, Finland, pp. 1-5, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Mozamel M. Saeed, “A Real-Time Adaptive Network Intrusion Detection for Streaming Data: A Hybrid Approach,” Neural Computing and Applications, vol. 34, pp. 6227-6240, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Jing Chen et al., “Multi-type Concept Drift Detection under a Dual-Layer Variable Sliding Window in Frequent Pattern Mining with Cloud Computing,” Journal of Cloud Computing, vol. 13, pp. 1-19, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Haolan Zhang et al., “Multilayer Concept Drift Detection Method Based on Model Explainability,” IEEE Access, vol. 12, pp. 190791-190808, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[17] João Gama et al., “A Survey on Concept Drift Adaptation,” ACM Computing Surveys, vol. 46, no. 4, pp. 1-37, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Guolin Ke et al., “LightGBM: A Highly Efficient Gradient Boosting Decision Tree,” Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach California, USA, pp. 3149-3157, 2017.
[Google Scholar] [Publisher Link]
[19] Mahbod Tavallaee et al., “A Detailed Analysis of the KDD CUP 99 Data Set,” 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, pp. 1-6, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Bobak Shahriari et al., “Taking the Human Out of the Loop: A Review of Bayesian Optimization,” Proceedings of the IEEE, vol. 104, no. 1, pp. 148-175, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Nitesh V. Chawla et al., “SMOTE: Synthetic Minority Over-sampling Technique,” Journal of Artificial Intelligence Research, vol. 16, pp. 321-357, 2002.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Firas Bayram, Bestoun S. Ahmed, and Andreas Kassler, “From Concept Drift to Model Degradation: An Overview on Performance-Aware Drift Detectors,” Knowledge-Based Systems, vol. 245, pp. 1-19, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Franklin Oliveira et al., “Internet of Intelligent Things: A Convergence of Embedded Systems, Edge Computing and Machine Learning,” Internet of Things, vol. 26, pp. 1-20, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Methaq A. Shyaa et al., “Evolving Cybersecurity Frontiers: A Comprehensive Survey on Concept Drift and Feature Dynamics Aware Machine and Deep Learning in Intrusion Detection Systems,” Engineering Applications of Artificial Intelligence, vol. 137, pp. 1-34, 2024.
[CrossRef] [Google Scholar] [Publisher Link]