DOI: 10.3390/app16136565 ISSN: 2076-3417

Fusing Localized Network Expertise via Global Meta-Learning

Małgorzata Przybyła-Kasperek, Kornel Chromiński

Detecting anomalies in network traffic is a critical challenge due to the increasing risk and potential consequences of cyberattacks. Building accurate intrusion detection systems is complicated by the massive volume of operations, significant class imbalance, and the highly contextual nature of legitimate traffic baselines across different network locations. Consequently, centralizing raw network logs to build a single universal model is often suboptimal and raises severe privacy concerns. To address these limitations, this paper proposes a novel, two-level hierarchical classification architecture tailored for dispersed network environments. At the first level, autonomous, local classifiers act as localized domain experts trained on specific node data. At the second level, a global classifier learns patterns and makes final decisions exclusively by fusing the abstract prediction vectors (probability distributions) generated by the local models. This structural framework circumvents the need for both raw data centralization and the heavy communication overhead typical of iterative approaches. Extensive hyperparameter tuning and experimental validations were conducted using Multilayer Perceptron (MLP) and Random Forest (RF) algorithms on two real-world cybersecurity datasets: CIC-DDoS2019 and CTU-13. The results confirm that the proposed hierarchical architecture achieves high classification quality, matching or surpassing the performance of classical centralized models. This approach ensures robust fusion of localized expertise and optimizes operational efficiency while significantly mitigating privacy risks.

More from our Archive