Ensemble-IDS: An Ensemble Learning Framework for Enhancing AI-Based Network Intrusion Detection Tasks

Modern cybersecurity threats continue to evolve in both complexity and prevalence, demanding advanced solutions for intrusion detection. Traditional AI-based detection systems face significant challenges in model selection, as performance varies considerably across different network environments and attack scenarios. To overcome these limitations, we propose a comprehensive ensemble learning approach that systematically integrates feature selection, model optimization, and rigorous evaluation components. Our framework evaluates fourteen distinct machine learning approaches, ranging from individual classifiers to sophisticated ensemble methods including bagging, boosting, and hybrid stacking/blending architectures. These techniques are applied to multiple base algorithms such as neural networks and tree-based models. Extensive testing was conducted on two complementary benchmark datasets (RoEduNet-SIMARGL2021 and CICIDS-2017) to assess detection capabilities across varied threat landscapes. Our experimental results revealed several key findings. Ensemble techniques universally surpass standalone models in detection accuracy, with random forest achieving the best performance on RoEduNet-SIMARGL2021, while the blending and bagging methods approach yielded perfect scores (F1 > 0.996) on CICIDS-2017. Feature selection via information gain demonstrated particular value, reducing model training times by 94% while maintaining detection accuracy. Among ensemble methods, XGBoost showed exceptional computational efficiency, whereas stacking and blending architectures delivered maximum accuracy at the expense of greater resource requirements. This research provides practical guidance for security professionals in model selection based on specific operational constraints and threat profiles. To support community advancement, we have made our complete framework publicly available, facilitating reproducibility and future innovation in intrusion detection systems.