Using WCS-GNB for intrusion detection: improving Gaussian Naive Bayes with class-specific weights and validating against different machine learning models

Citation

Deshpande, Sudhindra B. and Balachandra, P. and Desai, Priyank and Goh, Kah Ong Michael and Chowdappa, M. R. and Ajawan, Pratijnya (2026) Using WCS-GNB for intrusion detection: improving Gaussian Naive Bayes with class-specific weights and validating against different machine learning models. Frontiers in Computer Science, 8. ISSN 2624-9898

[img] Text
fcomp-8-1818033.pdf - Published Version
Restricted to Repository staff only

Download (2MB)

Abstract

The increasing number of cyber threats demands a robust, real-time detection system that can accurately classify attacks while maintaining computational efficiency in real-time and within reasonable resource limits. Most real-time applications in cybersecurity still rely on traditional machine learning methods with arbitrary configurations due to the difficulty in resolving the trade-off between accuracy and speed within the system. This work proposes a modification to the standard Gaussian Naive Bayes (GNB) classifier, utilizing the Weighted Classification Strategy (WCS-GNB), to enhance the real-time detection of cyberattacks evaluated under simulated streaming conditions on commodity CPU hardware. It aims to address the limitations of traditional probabilistic classifiers as applied in cybersecurity. The WCS-GNB model seeks to preserve the detection accuracy of the model while incorporating class-dependent scaling and traditional Bayesian approaches through a formally derived log-posterior extension of the standard GNB framework. The methodology is evaluated on NSL-KDD and CICIDS2017, which consists of class-specific variance scaling and symmetric Bayesian inference on streaming network data with adaptive feature weighting systems. The proposed WCS-GNB model achieved a detection accuracy of 94.3% with a processing time of 2.9 ms, significantly outperforming the traditional GNB (85.2% accuracy) and competing with complex methods like Random Forest (91.7%), while maintaining a superior processing speed. The WCS-GNB model demonstrated robust performance across various attack types, including DDoS (96.2%), DoS (97.3%), Port Scanning (92.8%), Web Attacks (94.1%), and Botnet activities (89.5%). Throughput reaches ≈8.5 k records/s on commodity hardware. All performance improvements are confirmed statistically significant via paired t-tests (p < 0.05, Bonferroni-corrected) with large effect sizes (Cohen’s d ≥ 0.52). These results indicate WCS-GNB offers a practical, interpretable, and deployment-ready IDS core for high-throughput environments. The WCS-GNB approach successfully connects the gap between accuracy and efficiency in real-time cybersecurity apps. The integration of weighted features and class-specific scaling provides a practical solution for high-throughput network monitoring, while also maintaining the interpretability advantages of Bayesian methods.

Item Type: Article
Uncontrolled Keywords: Cyberattack, cybersecurity
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science
Divisions: Faculty of Computing and Informatics (FCI)
Depositing User: Ms Rosnani Abd Wahab
Date Deposited: 07 Jul 2026 06:37
Last Modified: 07 Jul 2026 06:37
URII: http://shdl.mmu.edu.my/id/eprint/16217

Downloads

Downloads per month over past year

View ItemEdit (login required)