To address the degraded detection accuracy in network intrusion detection caused by class imbalance—particularly severe false negatives for rare attacks such as U2R—this paper proposes a collaborative “specialized-model + ensemble meta-classifier” framework. Methodologically, it constructs dedicated deep neural network branches for each attack class to enable fine-grained feature learning; outputs from these branches are then fused via a random forest meta-classifier to jointly optimize class-specific modeling and global decision-making. Experiments on the NSL-KDD dataset demonstrate substantial improvements: recall and F1-score for rare classes (e.g., U2R) reach 98.7% F1, overall detection rate achieves 99.9%, and false positive rate remains below 0.3%, outperforming state-of-the-art IDS approaches. The core contribution lies in the synergistic integration of an attack-class-driven multi-branch deep architecture with an interpretable ensemble strategy.

The growing scale and sophistication of cyberattacks pose critical challenges to network security, particularly in detecting diverse intrusion types within imbalanced datasets. Traditional intrusion detection systems (IDS) often struggle to maintain high accuracy across both frequent and rare attacks, leading to increased false negatives for minority classes. To address this, we propose a hybrid anomaly detection framework that integrates specialized deep learning models with an ensemble meta-classifier. Each model is trained to detect a specific attack category, enabling tailored learning of class-specific patterns, while their collective outputs are fused by a Random Forest meta-classifier to improve overall decision reliability. The framework is evaluated on the NSL-KDD benchmark, demonstrating superior performance in handling class imbalance compared to conventional monolithic models. Results show significant improvements in precision, recall, and F1-score across all attack categories, including rare classes such as User to Root (U2R). The proposed system achieves near-perfect detection rates with minimal false alarms, highlighting its robustness and generalizability. This work advances the design of intrusion detection systems by combining specialization with ensemble learning, providing an effective and scalable solution for safeguarding modern networks.