Late-Fusion Stacking of Machine Learning and Snort Signatures for Multi-Class Intrusion Detection on UNSW-NB15
DOI:
https://doi.org/10.47852/bonviewAIA62028592Keywords:
Intrusion Detection System (IDS), machine learning, Snort, hybrid fusion, XGBoostAbstract
This extended study builds on a previously published ICDSAIA 2025 paper by developing a hybrid intrusion-detection architecture that integrates machine learning (ML) classifiers with Snort-derived signature metadata. Using the UNSW-NB15 dataset and a three-class threat mapping, optimized ML baselines, including XGBoost, Random Forest, and Decision Tree models, are first evaluated to establish a consistent performance benchmark. Two hybrid approaches are then introduced: a feature-level model that appends Snort alert indicators to the ML feature set and a decision-level stacking model that combines calibrated XGBoost probability outputs with engineered Snort meta-features. Experimental results show that feature-level hybridization provides limited benefit, whereas the proposed stacking architecture delivers consistent and meaningful improvements, achieving an accuracy of 0.8346 and a macro-F1 score of 0.8347, outperforming all baseline models. The approach notably improves detection performance for Normal and Low-Threat classes by effectively combining ML generalization with the precision of signature-based detection. These findings demonstrate that late-fusion integration of ML and Snort signals offers a more robust and practical solution for multi-class intrusion detection compared to standalone or feature-level approaches.
Received: 30 November 2025 | Revised: 16 March 2026 | Accepted: 3 June 2026
Conflicts of Interest
The authors declare that they have no conflicts of interest to this work.
Data Availability Statement
The data that support the findings of this study are openly available in UNSW-NB15 at https://research.unsw.edu.au/projects/unsw-nb15-dataset.
Author Contribution Statement
Somayina C. Wen-Udeoji: Conceptualization, Methodology, Software, Formal analysis, Investigation, Data curation, Writing – original draft, Writing – review & editing, Visualization, Project administration. Maybin K. Muyeba: Conceptualization, Methodology, Validation, Investigation, Writing – review & editing, Supervision. Azadeh Mohammadi: Conceptualization, Validation, Writing – review & editing.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Authors

This work is licensed under a Creative Commons Attribution 4.0 International License.