https://doi.org/10.1140/epjp/s13360-025-07155-6
Regular Article
Hybrid machine learning for AI-driven cyber threat intelligence and proactive intrusion detection
1
Department of CSE, Balaji Institute of Technology and Science, Warangal, India
2
Department of CSE (Data Science), Sumathi Reddy Institute of Technology for Women, 506371, Warangal, Telangana, India
3
Dept of CSE-AIML, Malla Reddy Engineering College for Women, Hyderabad, India
a
This email address is being protected from spambots. You need JavaScript enabled to view it.
Received:
13
September
2025
Accepted:
2
December
2025
Published online:
16
December
2025
Abstract
With the rise of complex digital infrastructure in the modern era and the multifaceted nature of threats moving across networks, no single intrusion detection system can effectively defend against them. Any of the tools available today are making false positive rates seem like a problem that cannot be solved because they are only tested against a limited subset of the attack scenarios they claim to detect, or they are not tested against dynamic attacks. Not only can they respond in real time and have low false alarms (readily accepted as legit), but these techniques also generalize poorly due to their dependence on humans to step in for gaps in knowledge about threat capabilities, and so are similarly limited to traditional human-based systems. To address these problems, this work introduces SentinelAI-IDS. This original deep learning-based hybrid intrusion detection architecture leverages enhanced Bayesian optimization to optimize a random forest and XGBoost ensemble classifier, thereby addressing the robustness and generalization problems in IDS research. SentinelAI-IDS is capable of multi-dataset training on CICIDS_2017, UNSW_NB15, and NSL-KDD; thus, it is intended to offer a broad defense approach across datasets. We show that MI-based feature selection + PCA is a strong learning pipeline and can significantly reduce dimensionality. The hybrid model accumulates and then qualitatively analyzes a set of traffic data streams using simple majority voting for efficient classification and automated responses. Currently, SentinelAI-IDS surpasses all existing state-of-the-art methods available in the literature, achieving 97.10% accuracy, 95.50% F1-score, and significantly lower false positives in fundamental performance metrics. Both qualitative and statistical significance tests demonstrate the effectiveness and robustness of our model. Our framework enables robust, real-time, and scalable intrusion detection in complex network environments. These results address some of the gaps in the research: adaptive, explainable, and high-performance cybersecurity methods. This lays the groundwork for the following trend: AI-powered cyber defense systems.
Copyright comment Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
© The Author(s), under exclusive licence to Società Italiana di Fisica and Springer-Verlag GmbH Germany, part of Springer Nature 2025
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
