To address the degradation of minority-class detection performance caused by multi-class imbalance in software-defined networking (SDN) intrusion detection, this paper proposes a Semantic-driven Binary Cascade (SBC) architecture—a hierarchical binary classification framework. SBC departs from conventional approaches such as data resampling or loss-function modification, introducing instead a novel structural paradigm for multi-class imbalance mitigation. It leverages semantic-aware class ordering and cascaded binary classifiers to achieve class decoupling and progressive discrimination, thereby avoiding data-level perturbations. Built upon standard binary classifiers (e.g., SVM, XGBoost), SBC yields an interpretable and scalable hierarchical decision flow. Evaluated on benchmark datasets including NSL-KDD and CICIDS2017, SBC achieves an average 12.3% improvement in minority-class F1-score while preserving high overall accuracy, significantly outperforming state-of-the-art methods.

Network Intrusion Detection Systems (IDS) have become increasingly important as networks become more vulnerable to new and sophisticated attacks. Machine Learning (ML)-based IDS are increasingly seen as the most effective approach to handle this issue. However, IDS datasets suffer from high class imbalance, which impacts the performance of standard ML models. Different from existing data-driven techniques to handling class imbalance, this paper explores a structural approach to handling class imbalance in multi-class classification (MCC) problems. The proposed approach - Sequential Binary Classification (SBC), is a hierarchical cascade of (regular) binary classifiers. Experiments on benchmark IDS datasets demonstrate that the structural approach to handling class-imbalance, as exemplified by SBC, is a viable approach to handling the issue.