Citation
Deshpande, Sudhindra B. and Balachandra, P. and Desai, Priyank and Goh, Kah Ong Michael and Chowdappa, M. R. and Ajawan, Pratijnya (2026) Using WCS-GNB for intrusion detection: improving Gaussian Naive Bayes with class-specific weights and validating against different machine learning models. Frontiers in Computer Science, 8. ISSN 2624-9898|
Text
fcomp-8-1818033.pdf - Published Version Restricted to Repository staff only Download (2MB) |
Abstract
The increasing number of cyber threats demands a robust, real-time detection system that can accurately classify attacks while maintaining computational efficiency in real-time and within reasonable resource limits. Most real-time applications in cybersecurity still rely on traditional machine learning methods with arbitrary configurations due to the difficulty in resolving the trade-off between accuracy and speed within the system. This work proposes a modification to the standard Gaussian Naive Bayes (GNB) classifier, utilizing the Weighted Classification Strategy (WCS-GNB), to enhance the real-time detection of cyberattacks evaluated under simulated streaming conditions on commodity CPU hardware. It aims to address the limitations of traditional probabilistic classifiers as applied in cybersecurity. The WCS-GNB model seeks to preserve the detection accuracy of the model while incorporating class-dependent scaling and traditional Bayesian approaches through a formally derived log-posterior extension of the standard GNB framework. The methodology is evaluated on NSL-KDD and CICIDS2017, which consists of class-specific variance scaling and symmetric Bayesian inference on streaming network data with adaptive feature weighting systems. The proposed WCS-GNB model achieved a detection accuracy of 94.3% with a processing time of 2.9 ms, significantly outperforming the traditional GNB (85.2% accuracy) and competing with complex methods like Random Forest (91.7%), while maintaining a superior processing speed. The WCS-GNB model demonstrated robust performance across various attack types, including DDoS (96.2%), DoS (97.3%), Port Scanning (92.8%), Web Attacks (94.1%), and Botnet activities (89.5%). Throughput reaches ≈8.5 k records/s on commodity hardware. All performance improvements are confirmed statistically significant via paired t-tests (p < 0.05, Bonferroni-corrected) with large effect sizes (Cohen’s d ≥ 0.52). These results indicate WCS-GNB offers a practical, interpretable, and deployment-ready IDS core for high-throughput environments. The WCS-GNB approach successfully connects the gap between accuracy and efficiency in real-time cybersecurity apps. The integration of weighted features and class-specific scaling provides a practical solution for high-throughput network monitoring, while also maintaining the interpretability advantages of Bayesian methods.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | Cyberattack, cybersecurity |
| Subjects: | Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science |
| Divisions: | Faculty of Computing and Informatics (FCI) |
| Depositing User: | Ms Rosnani Abd Wahab |
| Date Deposited: | 07 Jul 2026 06:37 |
| Last Modified: | 07 Jul 2026 06:37 |
| URII: | http://shdl.mmu.edu.my/id/eprint/16217 |
Downloads
Downloads per month over past year
Edit (login required) |
