A Hybrid Optimization Intelligence-Based Intrusion Detection Framework for Big Data Security in Complex and Heterogeneous Network Traffic
摘要
The unprecedented growth of big data in modern networked infrastructures has intensified the complexity of cyberattacks, making intrusion detection increasingly challenging in heterogeneous, high-volume, and rapidly evolving environments. Traditional intrusion detection systems (IDS) often suffer from scalability limitations, rigid rule-based structures, and high false-positive rates, which restrict their adaptability to emerging threats and zero-day exploits. Recent advancements in Artificial Intelligence (AI) offer promising capabilities for automated intrusion detection; however, the performance of these models remains highly sensitive to optimal architectural and hyperparameter configurations. To address these gaps, this study proposes a scalable and context-aware hybrid IDS framework that integrates a Long Short-Range Transformer (LSRT) for hierarchical sequential modeling with a Deep Gradient Boosting Classifier (DGBC) for structured traffic analysis. The entire pipeline is optimized using the Tree-Structured Parzen Estimator (TPE), a state-of-the-art probabilistic optimization method known for efficient exploration of complex hyperparameter spaces and superior performance in large-scale learning systems. The proposed LSRT–DGBC–TPE framework is comprehensively evaluated across six benchmark intrusion detection datasets—CICIDS2017, CICIDS2018, UNSW-NB15, BoT-IoT, NSL-KDD, and TON_IoT—covering a wide spectrum of modern cyberattack vectors, including DDoS, botnet, brute force, reconnaissance, infiltration, system compromise, and IoT-centric anomalies. The proposed LSRT–DGBC–TPE hybrid IDS achieved a maximum cross-dataset accuracy of 99.18%, an F1-score of 99.07%, an AUC of 99.68%, and a remarkably low false-positive rate of 0.72%, representing an average accuracy improvement of approximately 2.4–3.4% and a false-positive reduction of nearly 65–75% compared to conventional CNN, LSTM, and ensemble-based state-of-the-art IDS models across six large-scale benchmark datasets. The findings highlight the robustness and cross-dataset generalizability of the TPE-driven hybrid architecture, positioning it as a strong and scalable candidate for real-world big-data security deployments.