An FPA-Optimized XGBoost Stacking for Multi-Class Imbalanced Network Attack Detection

Network anomaly detection systems face challenges with imbalanced datasets, particularly in classifying underrepresented attack types. This study proposes a novel framework for improving F1-scores in multi-class imbalanced network attack detection using the UNSW-NB15 dataset, without resorting to resampling techniques. Our approach integrates Flower Pollination Algorithm-based hyperparameter tuning with an ensemble of XGBoost classifiers in a stacking configuration. Experimental results show that our FPA-XGBoost-Stacking model significantly outperforms individual XGBoost classifiers and existing ensemble models. The model achieved a higher overall weighted F1-score compare to the individual XGBoost classifier and Thockchom et al.’s heterogeneous stacking ensemble. Our approach demonstrated remarkable effectiveness across various levels of class imbalance, for example Analysis and Backdoor which is highly underrepresented classes, and DoS which is moderately underrepresented class. This research contributes to more effective network security systems by offering a solution for imbalanced classification without resampling techniques’ drawbacks. It demonstrates that homogeneous stacking with XGBoost can outperform heterogeneous approaches for skewed class distributions. Future work will extend this approach to other cybersecurity datasets and explore its applicability in real-time network environments.