Treffer: HEA-NIDS: A Hybrid-Ensemble Anomaly Detection System for Mitigating Network Intrusions and DDoS Precursors in Cloud Storage Environments.

Cloud infrastructures are becoming more vulnerable to complex attacks, such as the precursors of Distributed Denial of Service (DDoS) and misuse of insider privileges, which are hard to detect using traditional signature-based intrusion detection systems (IDS). This work presents HEA-NIDS, a Hybrid Ensemble-based Anomaly Detection System designed for dynamic cloud environments. A heap-ranking strategy was employed to select candidate classifiers, retaining the four most consistent models which were integrated into a dual-engine ensemble comprising stacking with a Random Forest meta-learner and soft voting for probability aggregation. The experiments with the NF-UQ-NIDS-v2 dataset, which consists of 76 million NetFlow records and 21 attack types, and stratified 10-fold cross-validation showed a high predictive performance of above 99 percent accuracy, false positive rate 0.0055, true positive rate 0.9898, and an AUC-ROC of approximately 1.0. The temporal drift will be addressed in future work, and adaptive retraining and multi-dataset validation will be used to make the model even stronger and bring it a step closer to the practical implementation. [ABSTRACT FROM AUTHOR]