Ensemble Learning-Based Network Intrusion Detection System: Engineering Practice to Boost Accuracy from 87% to Over 90%

This article introduces a network intrusion detection system project based on the UNSW-NB15 dataset. By using ensemble learning, stacking, and optimization techniques, it increased the accuracy from the 2025 research baseline of approximately 87% to over 90%. The project is an open-source initiative released by GitHub user daniyal3029 on June 1, 2026, demonstrating the practical effects of engineering improvements in machine learning.

In the digital age, cybersecurity is of utmost importance. Traditional rule-based intrusion detection systems struggle to handle complex threats. Machine learning technology provides new possibilities for intrusion detection. The UNSW-NB15 dataset is a widely used benchmark dataset in the cybersecurity field, released by the University of New South Wales (Australia) in 2015. It includes nine types of network attacks (such as fuzzing, backdoor, DoS, etc.) and provides a test platform close to real-world environments.

Relevant research in 2025 achieved an approximately 87% detection accuracy on the UNSW-NB15 dataset, but there are the following challenges: 1. Class imbalance (significant difference between the number of normal traffic and attack samples); 2. Complex feature dimensions (multi-dimensional network traffic features); 3. Diverse attack types (nine different attack modes); 4. Limited generalization ability (performance degradation for unseen attack variants).

Ensemble learning was adopted as the core technical approach, and performance was improved through stacking strategies: 1. First-layer base learners: Train heterogeneous models such as Random Forest, Gradient Boosting Tree, and SVM; 2. Second-layer meta-learner: Use the prediction results of base learners as new features, and train lightweight models like Logistic Regression for final decision-making. Optimization techniques were also applied: hyperparameter optimization (grid/Bayesian search), feature selection and dimensionality reduction, and stratified K-fold cross-validation.

Through engineering improvements, the detection accuracy increased from 87% to over 90%. The practical values include: 1. Reduced false positive rate, decreasing the handling of invalid alerts by security analysts; 2. Reduced risk of missed detection, fewer real attacks being overlooked; 3. Improved operational efficiency, reducing the load on the Security Operations Center (SOC).

The project's success demonstrates the importance of machine learning engineering. Insights for developers: 1. Fully understand the baseline and analyze the advantages and disadvantages of existing methods; 2. Establish a reproducible experimental process and record the effects of changes; 3. Integrating results from multiple models is usually better than a single model; 4. Machine learning projects require iterative optimization.

Network intrusion detection is a key link in security defense. This project achieved significant performance improvement through ensemble learning, proving the value of systematic engineering methods. In the future, new technologies such as deep learning and federated learning can be explored to address more complex network threats.