Adaptive-Delta ADWIN for Balancing Sensitivity and Stability in Streaming IDS
Abstract
In dynamic traffic networks, intrusion detection systems (IDS) must handle dynamic data stream where traffic changes occur, and concept drift is customary. Traditional concept drift detection approaches often experience a challenge between sensitivity and stability, resulting in delayed adaptation and uncontrolled false alarms. This paper proposes an AdaptiveDelta ADWIN framework that tunes sensitivity detectors using online lightweight controllers: Volatility (VC), that tune a delta based on error volatility, and AlertRate Controller (ARC), which modulates the drift alarms frequency. The framework is implemented using Bagging ensemble of Hoeffding Adaptive Trees and evaluated on a network preprocessed traffic dataset. Comparative experiments opposed to a fixed, ultrasensitive delta detector illustrate that adaptive tuning authorizes timely drift detection while maintaining stability, decreasing false alarms by more than 25%, and enhancing predictive overall performance. AdaptiveDelta baseline maintains a stable accuracy approximately 80% 82% accentuating the importance of balancing detection sensitivity with operational stability in streaming IDS implementation. These results highlight the practical value of the proposed framework, which is lightweight, computationally efficient, and suitable for real-time deployment in streaming IDS environments.
Downloads
References
S. Neupane, M. A. Ferrag, S. Shu, and L. Maglaras, “Explainable intrusion detection systems (x-ids): A survey of current methods, challenges, and opportunities,” IEEE Access, vol. 10, pp. 112392–112415, 2022, doi: 10.1109/ACCESS.2022.3216617.
O. H. Abdulganiyu, T. A. Tchakoucht, and Y. K. Saheed, “A systematic literature review for network intrusion detection system (IDS),” Int. J. Inf. Secur., vol. 22, no. 5, pp. 1125–1162, 2023, doi: 10.1007/s10207-023-00682-2.
O. Arreche, T. Guntur, and M. Abdallah, “Xai-ids: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems,” Appl. Sci., vol. 14, no. 10, p. 4170, 2024, doi: 10.3390/app14104170.
S. Arora, R. Rani, and N. Saxena, “A systematic review on detection and adaptation of concept drift in streaming data using machine learning techniques,” Wiley Interdiscip. Rev. Data Min. Knowl. Discov., vol. 14, no. 4, p. e1536, 2024, doi: 10.1002/widm.1536.
D. Lukats et al., “A benchmark and survey of fully unsupervised concept drift detectors on real-world data streams,” Int. J. Data Sci. Anal., vol. 19, no. 1, pp. 1–31, 2025, doi: 10.1007/s41060-024-00620-y.
F. Jemili, K. Jouini, and O. Korbaa, “Intrusion detection based on concept drift detection and online incremental learning,” Int. J. Pervasive Comput. Commun., vol. 21, no. 1, pp. 81–115, 2025, doi: 10.1108/IJPCC-12-2023-0358.
J. Weng, “Optimizing operational efficiency in business: Effective strategies for big data security,” unpublished, 2024.
S. Seth, K. K. Chahal, and G. Singh, “Concept drift–based intrusion detection for evolving data stream classification in IDS: approaches and comparative study,” Comput. J., vol. 67, no. 7, pp. 2529–2547, 2024, doi: 10.1093/comjnl/bxae023.
W. Xing and J. Shen, “Security control of cyber–physical systems under cyber attacks: A survey,” Sensors, vol. 24, no. 12, p. 3815, 2024, doi: 10.3390/s24123815.
N. Malathy et al., “Real-time intrusion detection in IIoT stream data using window-based weighted ensemble techniques,” SN Comput. Sci., vol. 6, no. 1, p. 66, 2025, doi: 10.1007/s42979-024-03597-4.
A. Khanan et al., “From bytes to insights: A systematic literature review on unraveling IDS datasets for enhanced cybersecurity understanding,” IEEE Access, vol. 12, pp. 59289–59317, 2024, doi: 10.1109/ACCESS.2024.3392338.
N. Kalpani et al., “Cutting-edge approaches in intrusion detection systems: A systematic review of deep learning, reinforcement learning, and ensemble techniques,” Iran J. Comput. Sci., pp. 1–31, 2025, doi: 10.1007/s42044-025-00246-8.
D. N. Assis and V. M. A. Souza, “ADWIN-U: Adaptive windowing for unsupervised drift detection on data streams,” Knowl. Inf. Syst., pp. 1–30, 2025, doi: 10.1007/s10115-025-02523-1.
A. H. Alqahtani, “An incremental hybrid adaptive network-based IDS in software defined networks to detect stealth attacks,” arXiv preprint arXiv:2404.01109, 2024, doi: 10.48550/arXiv.2404.01109.
R. Rigo-Mariani and A. Yakub, “Decision tree variations and online tuning for real-time control of a building in a two-stage management strategy,” Energies, vol. 17, no. 11, p. 2730, 2024, doi: 10.3390/en17112730.
J. Zhu et al., “Machine learning-enhanced lightweight rule-based control strategy for building energy demand response,” Build. Simul., Beijing: Tsinghua Univ. Press, 2025, doi: 10.1007/s12273-025-1275-1.
K. Roshan and A. Zafar, “Ensemble adaptive online machine learning in data stream: A case study in cyber intrusion detection system,” Int. J. Inf. Technol., vol. 16, no. 8, pp. 5099–5112, 2024, doi: 10.1007/s41870-024-01727-y.
C. Surianarayanan, S. Kunasekaran, and P. R. Chelliah, “A high-throughput architecture for anomaly detection in streaming data using machine learning algorithms,” Int. J. Inf. Technol., vol. 16, no. 1, pp. 493–506, 2024, doi: 10.1007/s41870-023-01585-0.
K. A. Mohamed Junaid, D. Paulraj, and T. Sethukarasi, “A comprehensive ensemble classification techniques detecting and managing concept drift in dynamic imbalanced data streams,” Wireless Netw., vol. 31, no. 1, pp. 19–30, 2025, doi: 10.1007/s11276-024-03742-0.
S. Yang et al., “Self-supervised adaptation method to concept drift for network intrusion detection,” IEEE Trans. Dependable Secure Comput., 2025, doi: 10.1109/TDSC.2025.3599321.
L. Zhao et al., “The future of artificial intelligence in intrusion detection: Review and research agenda,” Big Data Cogn. Comput., vol. 8, no. 3, p. 42, 2024, doi: 10.3390/bdcc8030042.
S. Ouchani and Y. Belghith, “Adversarial attacks and defense methods for intrusion detection systems: A survey,” Appl. Sci., vol. 13, no. 6, p. 3815, 2023, doi: 10.3390/app13063815.
A. M. Torky, M. R. Hussein, A. E. Hassanien, and A. E. Torkey, “Explainable artificial intelligence (XAI) for cybersecurity: A comprehensive review and research directions,” Comput. Sci. Rev., vol. 50, p. 100580, 2023, doi: 10.1016/j.cosrev.2023.100580.
K. T. Ghaffar, M. A. Ferrag, L. Shu, A. Derhab, and L. Maglaras, “Explainable artificial intelligence for intrusion detection systems: A survey,” Comput. Secur., vol. 130, p. 103564, 2023, doi: 10.1016/j.cose.2023.103564.
P. Brás and J. Murai, “A survey of intrusion detection systems in cloud computing,” J. Cloud Comput., vol. 12, no. 1, p. 69, 2023, doi: 10.1186/s13677-023-00462-y.
R. F. de Mello, A. A. de Carvalho, and J. Gama, “Advances in data stream learning,” Wiley Interdiscip. Rev. Data Min. Knowl. Discov., vol. 13, no. 2, p. e1481, 2023, doi: 10.1002/widm.1481.
J. Lu et al., “Learning under concept drift: A review,” IEEE Trans. Knowl. Data Eng., vol. 31, no. 12, pp. 2346–2363, 2019, doi: 10.1109/TKDE.2018.2876857.
D. K. Ienco, R. G. Pensa, and R. Meo, “From context to concept drift: Detecting changes in learning data,” IEEE Trans. Knowl. Data Eng., vol. 25, no. 5, pp. 1146–1159, 2013, doi: 10.1109/TKDE.2012.103.
H. M. Gomes et al., “A survey on ensemble learning for data stream classification,” ACM Comput. Surv., vol. 50, no. 2, pp. 1–36, 2017, doi: 10.1145/3054925.
J. Montiel, J. Read, A. Bifet, and T. Abdessalem, “Scikit-multiflow: A multi-output streaming framework,” J. Mach. Learn. Res., vol. 19, no. 72, pp. 1–5, 2018.
J. Montiel et al., “River: Machine learning for streaming data in Python,” J. Mach. Learn. Res., vol. 21, no. 110, pp. 1–6, 2020.
A. Bifet and R. Gavaldà, “Learning from time-changing data with adaptive windowing,” in Proc. SIAM Int. Conf. Data Mining, 2007, pp. 443–448, doi: 10.1137/1.9781611972771.42.
J. Gama, I. Žliobaitė, A. Bifet, M. Pechenizkiy, and A. Bouchachia, “A survey on concept drift adaptation,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–37, 2014, doi: 10.1145/2523813.
I. Žliobaitė, M. Pechenizkiy, and J. Gama, “An overview of concept drift applications,” in Big Data Analysis: New Algorithms for a New Society, Berlin, Germany: Springer, 2016, pp. 91–114, doi: 10.1007/978-4-431-56426-0_4.
M. Baena-García et al., “Early drift detection method,” in Proc. 4th Int. Workshop on Knowledge Discovery from Data Streams, 2006, pp. 77–86.
J. B. Gama, P. Medas, G. Castillo, and P. Rodrigues, “Learning with drift detection,” in Proc. Brazilian Symp. Artificial Intelligence, 2004, pp. 286–295, doi: 10.1007/978-3-540-28645-5_29.
G. Ditzler and R. Polikar, “Incremental learning of concept drift from streaming imbalanced data,” IEEE Trans. Knowl. Data Eng., vol. 25, no. 10, pp. 2283–2301, 2013, doi: 10.1109/TKDE.2012.136.
I. Katakis, G. Tsoumakas, and I. Vlahavas, “Tracking recurring contexts using ensemble classifiers: An application to email filtering,” Knowl. Inf. Syst., vol. 22, pp. 371–391, 2010, doi: 10.1007/s10115-009-0191-3.
S. Ramírez-Gallego et al., “Survey on data preprocessing for data stream mining: Current status and future directions,” Neurocomputing, vol. 239, pp. 39–57, 2017, doi: 10.1016/j.neucom.2017.01.078.
A. Bifet, G. Holmes, B. Pfahringer, and R. Kirkby, “MOA: Massive online analysis,” J. Mach. Learn. Res., vol. 11, pp. 1601–1604, 2010.
D. Dua and C. Graff, “UCI machine learning repository,” Univ. California, Irvine, School of Information and Computer Sciences, 2017. [Online]. Available: http://archive.ics.uci.edu/ml
A. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Proc. IEEE Symp. Comput. Intell. Secur. Defense Appl., 2009, pp. 1–6, doi: 10.1109/CIDSA.2009.5356528.
M. Tavallaee, N. Stakhanova, and A. A. Ghorbani, “Toward credible evaluation of anomaly-based intrusion-detection methods,” IEEE Trans. Syst. Man Cybern. C, vol. 40, no. 5, pp. 516–524, 2010, doi: 10.1109/TSMCC.2010.2048428.
M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of network-based intrusion detection data sets,” Comput. Secur., vol. 86, pp. 147–167, 2019, doi: 10.1016/j.cose.2019.06.005.
I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in Proc. ICISSP, 2018, pp. 108–116, doi: 10.5220/0006639801080116.
I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” in Proc. ICISSP, 2019, pp. 1–9, doi: 10.5220/000736450001009.
N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Proc. Mil. Commun. Inf. Syst. Conf. (MilCIS), 2015, pp. 1–6, doi: 10.1109/MilCIS.2015.7348942.
N. Moustafa and J. Slay, “The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J. Glob. Perspect., vol. 25, no. 1–3, pp. 18–31, 2016, doi: 10.1080/19393555.2015.1125974.
M. Habibi Lashkari, G. Draper-Gil, M. Mamun, and A. A. Ghorbani, “Characterization of Tor traffic using time based features,” in Proc. ICISSP, 2017, pp. 253–262, doi: 10.5220/0006105602530262.
A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Comput. Secur., vol. 31, no. 3, pp. 357–374, 2012, doi: 10.1016/j.cose.2011.12.012.
S. Li, W. Meng, and W. Li, “Design of intrusion detection system based on anomaly behavior,” J. Phys. Conf. Ser., vol. 1237, p. 032020, 2019, doi: 10.1088/1742-6596/1237/3/032020.
M. A. Ferrag, L. Shu, X. Yang, A. Derhab, and L. Maglaras, “Security and privacy for green IoT-based agriculture: Review, blockchain solutions, and challenges,” IEEE Access, vol. 8, pp. 32031–32053, 2020, doi: 10.1109/ACCESS.2020.2973178.
Y. Xin et al., “Machine learning and deep learning methods for cybersecurity,” IEEE Access, vol. 6, pp. 35365–35381, 2018, doi: 10.1109/ACCESS.2018.2836950.
W. Wang, Y. Sheng, J. Wang, X. Zeng, and J. Ye, “HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection,” IEEE Access, vol. 6, pp. 1792–1806, 2018, doi: 10.1109/ACCESS.2017.2779270.
N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Trans. Emerg. Topics Comput. Intell., vol. 2, no. 1, pp. 41–50, 2018, doi: 10.1109/TETCI.2017.2772792.
R. Vinayakumar, K. Soman, and P. Poornachandran, “Applying convolutional neural network for network intrusion detection,” in Proc. Int. Conf. Adv. Comput. Commun. Informatics (ICACCI), 2017, pp. 1222–1228, doi: 10.1109/ICACCI.2017.8126009.
C. Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for intrusion detection using recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2017, doi: 10.1109/ACCESS.2017.2762418.
R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, “Deep learning approach for intelligent intrusion detection system,” IEEE Access, vol. 7, pp. 41525–41550, 2019, doi: 10.1109/ACCESS.2019.2895334.
Y. Zhang, P. Chen, X. Guo, Z. Lin, and Y. Yu, “Deep learning for network intrusion detection: A survey,” in Proc. IEEE Conf. Comput. Commun. Workshops (INFOCOM WKSHPS), 2019, pp. 1–6, doi: 10.1109/INFCOMW.2019.8845074.
R. Vinayakumar, K. P. Soman, and P. Poornachandran, “A deep learning approach for intelligent network intrusion detection system,” in Proc. IEEE Int. Conf. Intell. Secur. Inform. (ISI), 2017, pp. 1–6, doi: 10.1109/ISI.2017.8004872.
Z. Wang, “Deep learning-based intrusion detection with adversaries,” IEEE Access, vol. 6, pp. 38367–38384, 2018, doi: 10.1109/ACCESS.2018.2854609.
M. Lopez-Martin, B. Carro, and A. Sanchez-Esguevillas, “Application of deep reinforcement learning to intrusion detection for supervised problems,” Expert Syst. Appl., vol. 141, p. 112963, 2020, doi: 10.1016/j.eswa.2019.112963.
Y. Liang, K. P. Chow, K. H. Pun, and H. C. Chan, “Deep reinforcement learning for network intrusion detection,” in Proc. IEEE Int. Conf. Commun. (ICC), 2020, pp. 1–6, doi: 10.1109/ICC40277.2020.9148869.
Abstract views: 237 times
Download PDF: 131 times
Copyright (c) 2025 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)
