Abstract
Owing to incomplete and inaccurate data, intrusion detection in networks is uncertain. The out-of-order packet arrival uncertainty was not analyzed in the existing works, thereby causing false positives in intrusion detection. So, in this paper, a novel Algebraic Average-based Neutrosophic Logic System (AA-NLS)-based out-of-order uncertainty analysis is proposed. Firstly, the nodes are initialized, and the data is sensed. Then, for intrusion detection, the Network Intrusion Detection System (NIDS) is trained. Here, the data is collected and pre-processed. At the time of pre-processing, Weighted Distance Error Function-based K-Nearest Neighbour (WDEFKNN) is utilized to impute the uncertainty caused by missing values. Further, utilizing the Density-Based Beta Distribution Soergel Spatial Clustering of Applications with Noise (DBBDSSCAN), the behavioural patterns are grouped. Then, the features are extracted, and by utilizing AA-NLS, the epistemic uncertainty caused by out-of-order packet arrival is analyzed. In the meantime, by utilizing the Hidden Laplace Witten Bell Markov Model (HLWBMM), the temporal patterns are assessed. Then, the intrusion is detected by the Generalized Riccati Uniform Scaling Orthogonal-based Gated Recurrent Unit (GRUSO-GRU). Here, utilizing the Pareto Entropy-based SHapley Additive exPlanation (PESHAP) model, the explainability of the intrusion detection is carried out. If there is no intrusion, then data transmission is continued. And, if there is intrusion, then the gathered alerts are prioritized and transmitted utilizing the multi-criteria-based Log-Cosh Fennec Fox Optimization Algorithm (LCFFOA). Hence, the intrusion is detected by the proposed framework with an accuracy of 99.299% under the full multi-class setting, demonstrating effective performance compared to prevailing Deep Learning (DL)-based NIDS approaches.
Similar content being viewed by others
Data availability
The datasets used in this study are publicly available intrusion detection datasets. The primary dataset used is the CSE-CIC-IDS2018 dataset, and additional validation was conducted using the Network Intrusion Detection Dataset and CIC-IDS-2017 dataset. These datasets are available through public repositories such as Kaggle. CSE-CIC-IDS2018 dataset: https://www.kaggle.com/datasets/solarmainframe/ids-intrusion-csv Network Intrusion Detection Dataset : [https://www.kaggle.com/datasets/chethuhn/network-intrusion-dataset] CIC-IDS-2017 dataset: [https://www.kaggle.com/datasets/sampadab17/network-intrusion-detection?resource=download].
References
Akhtar, M. A. et al. Robust genetic machine learning ensemble model for intrusion detection in network traffic. Sci. Rep. 13, 1–22. https://doi.org/10.1038/s41598-023-43816-1 (2023).
Zhang, Y. & Malacaria, P. Dealing with uncertainty in cybersecurity decision support. Comput. Secur. 148, 1–11. https://doi.org/10.1016/j.cose.2024.104153 (2025).
Abdel-Basset, M. et al. An optimization model for appraising intrusion-detection systems for network security communications: Applications, challenges, and solutions. Sensors 22(11), 1–26. https://doi.org/10.3390/s22114123 (2022).
Ahmed, U. et al. Explainable AI-based innovative hybrid ensemble model for intrusion detection. J. Cloud Comput. 13(1), 1–34. https://doi.org/10.1186/s13677-024-00712-x (2024) (Springer Berlin Heidelberg.).
Haghighat, M. H. & Li, J. Intrusion detection system using voting-based neural network. Tsinghua Sci. Technol. 26(4), 484–495. https://doi.org/10.26599/TST.2020.9010022 (2021).
Sayadi, H., He, Z., Miari, T., & Aliasgari, M. (2024). Redefining Trust: Assessing Reliability of Machine Learning Algorithms in Intrusion Detection Systems. In Proceedings—IEEE International Symposium on Circuits and Systems, 1–5. https://doi.org/10.1109/ISCAS58744.2024.10558202
Alharbi, A. et al. Analyzing the impact of cyber security related attributes for intrusion detection systems. Sustainability 13(22), 1–19. https://doi.org/10.3390/su132212337 (2021).
Kandhro, I. A. et al. Detection of real-time malicious intrusions and attacks in IoT empowered cybersecurity infrastructures. IEEE Access 11, 9136–9148. https://doi.org/10.1109/ACCESS.2023.3238664 (2023).
Albalwy, F. & Almohaimeed, M. Advancing artificial intelligence of things security: Integrating feature selection and deep learning for real-time intrusion detection. Systems 13(4), 1–17. https://doi.org/10.3390/systems13040231 (2025).
Almotiri, S. H. Improving network resilience against DDoS attacks: A fuzzy TOPSIS-based quantitative assessment approach. Heliyon 10(22), 1–15. https://doi.org/10.1016/j.heliyon.2024.e40413 (2024).
Muneer, S. et al. A critical review of artificial intelligence based approaches in intrusion detection: A comprehensive analysis. J. Eng. 2024, 1–16. https://doi.org/10.1155/2024/3909173 (2024).
Al-masri, E. (2025). Deciding When Not to Decide : Indeterminacy-Aware Intrusion Detection with NeutroSENSE. In 2025 IEEE World AI IoT Congress, 1–7. https://arxiv.org/pdf/2507.00003.
Bouramdane, A. A. Cyberattacks in smart grids: Challenges and solving the multi-criteria decision-making for cybersecurity options, including ones that incorporate artificial intelligence, using an analytical hierarchy process. J. Cybersecur. Privacy 3(4), 662–705. https://doi.org/10.3390/jcp3040031 (2023).
Li, X. et al. Open set recognition for malware traffic via predictive uncertainty. Electronics 12(2), 1–16. https://doi.org/10.3390/electronics12020323 (2023).
Zheng, X., Yang, S., & Wang, X. (2023). SF-IDS: An Imbalanced Semi-Supervised Learning Framework for Fine-Grained Intrusion Detection. In IEEE International Conference on Communications, 1–6. https://doi.org/10.1109/ICC45041.2023.10279032
Talpini, J., Sartori, F. & Savi, M. Enhancing trustworthiness in ML-based network intrusion detection with uncertainty quantification. J. Reliab. Intell. Environ. 10(4), 501–520. https://doi.org/10.1007/s40860-024-00238-8 (2024).
Yang, T., Qiao, Y. & Lee, B. Explaining probabilistic Bayesian neural networks for cybersecurity intrusion detection. IEEE Access 12, 97004–97016. https://doi.org/10.1109/ACCESS.2024.3421330 (2024).
Dong, C., Feng, Y. & Shang, W. A new method of dynamic network security analysis based on dynamic uncertain causality graph. J. Cloud Comput. 13(1), 1–17. https://doi.org/10.1186/s13677-023-00568-7 (2024).
Alsaadi, H. I. H., ALmuttari, R. M., Ucan, O. N. & Bayat, O. An adapting soft computing model for intrusion detection system. Comput. Intell. 38(3), 1–21. https://doi.org/10.1111/coin.12433 (2021).
Atitallah, S. B., Driss, M., Boulila, W. & Koubaa, A. Securing industrial IoT environments: A fuzzy graph attention network for robust intrusion detection. IEEE Open J. Comput. Soc. 6, 1065–1076. https://doi.org/10.1109/OJCS.2025.3587486 (2025).
Leiva, M. A., García, A. J., Shakarian, P. & Simari, G. I. Argumentation-based query answering under uncertainty with application to cybersecurity. Big Data Cogn. Comput. 6(3), 1–17. https://doi.org/10.3390/bdcc6030091 (2022).
Kukliansky, A., Orescanin, M., Bollmann, C. & Huffmire, T. Network anomaly detection using quantum neural networks on noisy quantum computers. IEEE Trans. Quantum Eng. 5, 1–11. https://doi.org/10.1109/TQE.2024.3359574 (2024).
Masakuna, J. F. et al. Streamlined and resource-efficient estimation of epistemic uncertainty in deep ensemble classification decision via regression. IEEE Trans. Emerg. Top. Comput. Intell. https://doi.org/10.1109/TETCI.2024.3508846 (2025).
Yadav, N., Pande, S., Khamparia, A. & Gupta, D. Intrusion detection system on IoT with 5G network using deep learning. Wirel. Commun. Mob. Comput. 2022, 1–13. https://doi.org/10.1155/2022/9304689 (2022).
Remya, S., Pillai, M. J., Arjun, C., Ramasubbareddy, S. & Cho, Y. Enhancing security in LLNs using a hybrid trust-based intrusion detection system for RPL. IEEE Access 12, 58836–58850. https://doi.org/10.1109/ACCESS.2024.3391918 (2024).
Ghosh, S., Goyal, R. K. & Chowdhury, K. Explainable AI-driven intrusion detection system for DoS attack classification using deep learning and optimization techniques. IEEE Access 14, 5618–5642. https://doi.org/10.1109/ACCESS.2026.3651187 (2026).
Wu, Y. & Wan, L. SGMT-IDS: A dual-branch semi-supervised intrusion detection model based on graphs and transformers. Electronics 15(2), 1–19. https://doi.org/10.3390/electronics15020348 (2026).
Alsubai, S., Ayari, M., Kryvinska, N., Almadhor, A., Baili, J., Al Hejaili, A., & Abbas, S. Quantum transfer learning for cross-domain cybersecurity threat detection and categorization. Sci. Rep.1–29. (2026). https://www.nature.com/articles/s41598-026-40634-z_reference.pdf.
Jablaoui, R., Cheikhrouhou, O., Hamdi, M. & Liouane, N. Deep learning enabled intrusion detection system for IoT security: R. Jablaoui et al.. EURASIP J. Wirel. Commun. Netw. 2025(1), 1–21 (2025).
Martins, G. E., Guimaraes Marques, T., Souza da Silva, W. & Celestino, J. Edge‐oriented DoS/DDoS intrusion detection and supervision platform. Secur. Priv. 9(2), 1–19. https://doi.org/10.1002/spy2.70193 (2026).
Guarascio, M., Cassavia, N., Pisani, F. S. & Manco, G. Boosting cyber-threat intelligence via collaborative intrusion detection. Future Gener. Comput. Syst. 135, 30–43. https://doi.org/10.1016/j.future.2022.04.028 (2022).
Williams, B. & Qian, L. Semi-supervised learning for intrusion detection in large computer networks. Appl. Sci. 15(11), 1–28. https://doi.org/10.3390/app15115930 (2025).
Yousefnezhad, M., Hamidzadeh, J. & Aliannejadi, M. Ensemble classification for intrusion detection via feature extraction based on deep learning. Soft Comput. 25(20), 12667–12683. https://doi.org/10.1007/s00500-021-06067-8 (2021).
Gazzan, M. & Sheldon, F. T. Novel ransomware detection exploiting uncertainty and calibration quality measures using deep learning. Information 15(5), 1–20. https://doi.org/10.3390/info15050262 (2024).
Ishaque, M., Johar, M. G. M., Khatibi, A. & Yamin, M. A novel hybrid technique using fuzzy logic, neural networks and genetic algorithm for intrusion detection system. Meas. Sens. 30, 1–12. https://doi.org/10.1016/j.measen.2023.100933 (2023).
Qazi, E. U. H., Faheem, M. H. & Zia, T. HDLNIDS: Hybrid deep-learning-based network intrusion detection system. Appl. Sci. 13(8), 1–16. https://doi.org/10.3390/app13084921 (2023).
Du, J., Yang, K., Hu, Y. & Jiang, L. NIDS-CNNLSTM: Network intrusion detection classification model based on deep learning. IEEE Access 11, 24808–24821. https://doi.org/10.1109/ACCESS.2023.3254915 (2023).
Rameshkumar, S., Ganesan, R. & Merline, A. Progressive transfer learning-based deep Q network for DDOS defence in WSN. Comput. Syst. Sci. Eng. 44(3), 1–16. https://doi.org/10.32604/csse.2023.027910 (2023).
Miyamoto, K., Han, C., Ban, T., Takahashi, T., & Takeuchi, J. I. (2024). Intrusion Detection Simplified: A Feature-free Approach to Traffic Classification Using Transformers. In 2024 Annual Computer Security Applications Conference Workshops (ACSAC Workshops), 20–29. https://www.researchgate.net/profile/Chansu-Han-2/publication/389970359_Intrusion_Detection_Simplified_A_Feature-free_Approach_to_Traffic_Classification_Using_Transformers/links/68400eb3d1054b0207f98270/Intrusion-Detection-Simplified-A-Feature-free-Approach-to-Traffic-Classification-Using-Transformers.pdf
Xu, H., Sun, L., Fan, G., Li, W. & Kuang, G. A hierarchical intrusion detection model combining multiple deep learning models with attention mechanism. IEEE Access 11, 66212–66226. https://doi.org/10.1109/ACCESS.2023.3290613 (2023).
Funding
Open access funding provided by Manipal Academy of Higher Education, Manipal. No funding was received for conducting this study.
Author information
Authors and Affiliations
Contributions
KK: Writing-original draft, Data collection, model development and evaluation. KM: model development and evaluation, and manuscript writing. THS: manuscript review and data analysis review. SKM: model evaluation, data analysis, and manuscript review.
Corresponding authors
Ethics declarations
Competing interests
The authors declare no competing interests.
Consent for Publication
The authors consent for the publication of this manuscript.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Kiruthika, K., Karpagam, M., Sardar, T.H. et al. Epistemic uncertain computing for intrusion detection with explainability & multi-criteria optimization using AA-NLS and GRUSO-GRU. Sci Rep (2026). https://doi.org/10.1038/s41598-026-44214-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-44214-z
