High-Accuracy Intrusion Detection System using Deep Learning Ensembles and Reinforcement Learning on the NF-UNSW-NB15 Dataset

Modern networks face fast-evolving attacks and strict false-alarm budgets, making accurate, adaptive intrusion detection essential. This work targets that gap with a deep-learning–driven IDS tailored to flow data, focusing on the NF-UNSW-NB15 dataset. We first motivate the problem: single classifiers or static thresholds often miss minority attacks or trigger excessive alerts under shift and imbalance. Our method couples a deep learning ensemble with a reinforcement learning (RL) controller. Tabular flows are preprocessed via scaling and one-hot encoding, then fed to diverse base learners (ANN, CNN, BiLSTM). Their calibrated probabilities are stacked by a lightweight meta-network to form a robust DL ensemble. An RL policy operates on batch-level traffic context (class priors, score dispersion, recent errors) to select the operating threshold and, when useful, down-weight a weak base model—directly optimizing a cost-sensitive reward that prioritizes recall while controlling false positives. We add drift checks and early-stopping to ensure stable, efficient inference. Using NF-UNSW-NB15 with stratified splits and cross-validation, the proposed system achieves 99.8% accuracy, 0.998 F1, a 99.7% detection rate (attack recall), and a 1.05% false positive rate, with 0.54 s batch-level runtime on CPU. Compared to the MSIDS baseline (97.8% accuracy, 2.5% FPR, 94.8% detection, 0.85 s), this yields +2.0 percentage points accuracy, a 58% FPR reduction, +4.9 points detection-rate gain (~5.2% relative), and 36% faster execution. These results indicate a practical, high-accuracy IDS that is both fast and resilient to evolving traffic.