CD-AHAL: A Concept Drift-Aware Hybrid Active Learning Framework for Network Intrusion Detection
Author affiliations
DOI:
https://doi.org/10.15625/1813-9663/24229Keywords:
Network intrusion detection, IoT security, CD-AHAL, CNN–GRU–Attention, Class imbalance, Concept drift, Active learningAbstract
This paper proposes a solution to the challenges posed by the proliferation of IoT devices, which has expanded cyber attack surfaces characterized by continuous changes over time (Concept Drift). Traditional Network Intrusion Detection Systems (NIDS) often suffer from severe performance degradation when facing novel attacks due to a lack of adaptability. This paper introduces CD-AHAL, a hybrid security framework that integrates a CNN–BiGRU–Attention deep learning architecture with an Uncertainty-aware Active Learning strategy, employing an automatic labeling mechanism via a simulated Oracle. The system is evaluated through a two-stage process: (1) Offline training to establish a foundational knowledge base; and (2) Online evaluation on a synthetic data stream exhibiting concept drift. To demonstrate comprehensive effectiveness, we compare CD-AHAL against three baseline architectural variants—CNN-GRU, CNN-Attention, and GRU-Attention—operating in a static (non-updating) mode. Experimental results demonstrate that while static models suffer from accuracy degradation in changing environments, CD-AHAL is capable of autonomously detecting drift and rapidly recovering performance, thereby maintaining superior average Accuracy and F1-Score.
Downloads
Published
How to Cite
Issue
Section
License
1. We hereby assign copyright of our article (the Work) in all forms of media, whether now known or hereafter developed, to the Journal of Computer Science and Cybernetics. We understand that the Journal of Computer Science and Cybernetics will act on my/our behalf to publish, reproduce, distribute and transmit the Work.2. This assignment of copyright to the Journal of Computer Science and Cybernetics is done so on the understanding that permission from the Journal of Computer Science and Cybernetics is not required for me/us to reproduce, republish or distribute copies of the Work in whole or in part. We will ensure that all such copies carry a notice of copyright ownership and reference to the original journal publication.
3. We warrant that the Work is our results and has not been published before in its current or a substantially similar form and is not under consideration for another publication, does not contain any unlawful statements and does not infringe any existing copyright.
4. We also warrant that We have obtained the necessary permission from the copyright holder/s to reproduce in the article any materials including tables, diagrams or photographs not owned by me/us.

