ORIGINAL RESEARCH article

Front. Comput. Sci.

Sec. Computer Security

Volume 7 - 2025 | doi: 10.3389/fcomp.2025.1623375

This article is part of the Research TopicCyber Resilience in IoE: Integrating Artificial Intelligence for Robust SecurityView all articles

Detecting Intrusions in Cloud-Based Ensembles: Evaluating Voting and Stacking Methods with Machine Learning Classifiers

Provisionally accepted
  • 1Department of information technology ,Faculty of computer and information technology, sanaa, Yemen
  • 2Sana'a University, Sana'a, Yemen
  • 3Sana`a University, sanaa, Yemen
  • 4Department of Computer Engineering, Faculty of Engineering, Ege University, Turkey;, Ege, Türkiye

The final, formatted version of the article will be published soon.

Cloud computing has revolutionized how organizations manage their infrastructure by providing scalable, ondemand services. However, the dispersed and open nature of cloud systems exposes them to a wide spectrum of cyberattacks. Machine learning provides dynamic options for detecting known and unknown assaults, whereas typical intrusion detection systems that depend on signature or rule-based techniques find it difficult to adjust to complex cyber threats. This study compares the efficacy of an ensemble approach (Voting Hard and Stacking) for intrusion detection in cloud environments with individual machine learning classifiers, such as Random Forest, Decision Tree, Gradient Boosting, XGBoost, Naive Bayes, Support Vector Machine, and Logistic Regression. The study uses the NSL-KDD dataset to show that while standalone models perform well, the ensemble technique offers better accuracy (almost 100%) and resilience across precision, recall, and F1-score measures. Furthermore, it is shown via feature selection methods (Random Forest, Gain Information, and Manual Selection) that the ensemble model performs consistently even when feature sets are smaller. These findings highlight how both individual and group Machine learning approaches may be used to improve Intrusion detection systems for cloud infrastructures, providing implementation flexibility according to threat landscapes and computing limitations.

Keywords: Cloud computing, Machine Learning Voting, stacking, Intrusion detection system, NSL-KDD

Received: 05 May 2025; Accepted: 08 Jul 2025.

Copyright: © 2025 Alhomdy, Maodah and THABIT. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

* Correspondence: Khawla Ali Maodah, Sana'a University, Sana'a, Yemen

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.