Detecting Intrusions in Cloud-Based Ensembles: Evaluating Voting and Stacking Methods with Machine Learning Classifiers

Sharaf Alhomdy¹Khawla Ali Maodah^1,2,3*FURSAN THABIT⁴

• ¹Department of information technology ,Faculty of computer and information technology, sanaa, Yemen
• ²Sana'a University, Sana'a, Yemen
• ³Sana`a University, sanaa, Yemen
• ⁴Department of Computer Engineering, Faculty of Engineering, Ege University, Turkey;, Ege, Türkiye

Cloud computing has revolutionized how organizations manage their infrastructure by providing scalable, ondemand services. However, the dispersed and open nature of cloud systems exposes them to a wide spectrum of cyberattacks. Machine learning provides dynamic options for detecting known and unknown assaults, whereas typical intrusion detection systems that depend on signature or rule-based techniques find it difficult to adjust to complex cyber threats. This study compares the efficacy of an ensemble approach (Voting Hard and Stacking) for intrusion detection in cloud environments with individual machine learning classifiers, such as Random Forest, Decision Tree, Gradient Boosting, XGBoost, Naive Bayes, Support Vector Machine, and Logistic Regression. The study uses the NSL-KDD dataset to show that while standalone models perform well, the ensemble technique offers better accuracy (almost 100%) and resilience across precision, recall, and F1-score measures. Furthermore, it is shown via feature selection methods (Random Forest, Gain Information, and Manual Selection) that the ensemble model performs consistently even when feature sets are smaller. These findings highlight how both individual and group Machine learning approaches may be used to improve Intrusion detection systems for cloud infrastructures, providing implementation flexibility according to threat landscapes and computing limitations.