Hybrid Machine Learning Models for Intrusion Detection: Combining Supervised and Unsupervised Techniques

With the increasing complexity and frequency of cyber-attacks, conventional Intrusion Detection Systems (IDS) often fall short in identifying new and sophisticated threats. Relying solely on either signature-based (supervised) or anomaly-based (unsupervised) methods can result in high false positive rates and low detection of zero-day attacks. To overcome these limitations, this study proposes a hybrid machine learning model that combines the strengths of both supervised and unsupervised techniques to enhance intrusion detection capabilities. The hybrid approach utilizes unsupervised algorithms such as K-Means clustering, Isolation Forest, and Autoencoders to identify anomalous behavior in unlabeled network data. Concurrently, supervised learning algorithms like Random Forest, Support Vector Machine (SVM), and Neural Networks are trained on labeled datasets to detect known attack patterns. The results from both models are integrated using decision fusion strategies such as majority voting and weighted scoring to form a comprehensive detection mechanism. The model is evaluated using benchmark datasets, including NSL-KDD and CICIDS2017, which encompass a wide range of attack types and network traffic scenarios. Experimental results demonstrate that the hybrid model outperforms individual techniques in terms of accuracy, detection rate, and reduced false positives. The integration of both learning paradigms enables the system to detect both known and novel intrusions effectively. This research highlights the potential of hybrid machine learning models in building adaptive, accurate, and robust IDS for real-time applications. Future work will focus on optimizing computational performance and deploying the model in distributed and cloud-based environments for enhanced scalability.