Hybrid Stacking-Based Correlation for Anomaly Detection in Computer Networks
Abstract
Anomaly detection in computer networks is a critical challenge in the field of cybersecurity, due to the increasing complexity of threats and the dynamicity of data traffic. This study proposes an ensemble stacking-based approach that combines the Local Outlier Factor (LOF), Isolation Forest (iForest), and One-Class SVM (OCSVM) algorithms for anomaly detection. The scores generated by these models then train a Random Forest classifier, responsible for the final classification of traffic instances. Empirical validation was conducted with the UGR’16 and CIC-IDS2017 datasets and used metrics such as AUC, ROC curves, and F1-score, allowing us to evaluate the performance against traditional and state-of-the-art methods. The proposed solution shows promise in reducing false positives and detecting malicious traffic in realistic and imbalanced scenarios.References
Chliah, H., Battou, A., Laoufi, A., et al. (2023). Hybrid machine learning-based approach for anomaly detection using apache spark. International Journal of Advanced Computer Science and Applications, 14(4).
Jeffrey, N., Tan, Q., and Villar, J. R. (2024). Using ensemble learning for anomaly detection in cyber–physical systems. Electronics, 13(7).
Li, J., Chen, R., and Sun, J. (2020). A stacking ensemble framework for imbalanced network anomaly detection. Computers & Security, 95:101847.
Lunardi, W. T., Lopez, M. A., and Giacalone, J.-P. (2022). Arcade: Adversarially regularized convolutional autoencoder for network anomaly detection. arXiv preprint arXiv:2205.01432.
Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., and Therón, R. (2018). UGR’16: A new dataset for the evaluation of cyclostationarity-based network ”idss”. Computers and Security, 73:411–424.
Ness, S. (2024). Anomaly detection in network traffic using advanced machine learning techniques. IEEE Access, 12:1–10.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, É. (2011). Scikit-learn: Machine learning in python. Journal of Machine Learning Research, 12:2825–2830.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116. SciTePress.
Tokmak, M. and Nkongolo, M. (2023). Stacking an autoencoder for feature selection of zero-day threats. arXiv preprint arXiv:2311.00304.
Wang, Y., Li, Z., and Zhang, W. (2021). Improving IoT anomaly detection through stacking ensemble learning. Journal of Network and Computer Applications, 173:102854.
Jeffrey, N., Tan, Q., and Villar, J. R. (2024). Using ensemble learning for anomaly detection in cyber–physical systems. Electronics, 13(7).
Li, J., Chen, R., and Sun, J. (2020). A stacking ensemble framework for imbalanced network anomaly detection. Computers & Security, 95:101847.
Lunardi, W. T., Lopez, M. A., and Giacalone, J.-P. (2022). Arcade: Adversarially regularized convolutional autoencoder for network anomaly detection. arXiv preprint arXiv:2205.01432.
Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., and Therón, R. (2018). UGR’16: A new dataset for the evaluation of cyclostationarity-based network ”idss”. Computers and Security, 73:411–424.
Ness, S. (2024). Anomaly detection in network traffic using advanced machine learning techniques. IEEE Access, 12:1–10.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, É. (2011). Scikit-learn: Machine learning in python. Journal of Machine Learning Research, 12:2825–2830.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116. SciTePress.
Tokmak, M. and Nkongolo, M. (2023). Stacking an autoencoder for feature selection of zero-day threats. arXiv preprint arXiv:2311.00304.
Wang, Y., Li, Z., and Zhang, W. (2021). Improving IoT anomaly detection through stacking ensemble learning. Journal of Network and Computer Applications, 173:102854.
Published
2025-09-01
How to Cite
VENCESLAU, Franklin A. M.; SOUZA, Rafael R. de; SILVA, Fabiano C. da; MONTEIRO, José A. S..
Hybrid Stacking-Based Correlation for Anomaly Detection in Computer Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 1003-1010.
DOI: https://doi.org/10.5753/sbseg.2025.10674.
