AMoE-IDS: An Adaptive Mixture-of-Experts Framework for Cross-Dataset Intrusion Detection
DOI:
https://doi.org/10.15837/ijccc.2026.4.7480Keywords:
Intrusion Detection Systems, Deep Learning, Mixture-of-Experts, Cross-Dataset Generalization, cybersecurityAbstract
Intrusion Detection Systems (IDS) are essential for securing modern network infrastructures against increasingly sophisticated cyber threats. While deep learning-based IDS have shown promising performance, most existing approaches rely on static and monolithic architectures that struggle to adapt to heterogeneous environments such as Internet of Things (IoT) systems, enterprise networks, and mixed traffic scenarios. Moreover, conventional ensemble and hybrid methods typically employ fixed fusion strategies, limiting their ability to exploit input-dependent specialization. To address these limitations, this paper proposes an Adaptive Mixture-of-Experts Intrusion Detection System (AMoE-IDS), a hybrid deep learning framework that integrates a shared feature encoder, multiple specialized expert networks, and an adaptive gating mechanism. The shared encoder learns a unified latent representation from heterogeneous feature spaces, while the gating network dynamically routes each input to the most relevant experts, enabling conditional computation and improved detection performance. Extensive experiments conducted on three recent benchmark datasets, CICIoT2023, CSE-CICIDS 2018, and TII-SSRC-23, demonstrate that AMoE-IDS consistently outperforms conventional deep learning and hybrid IDS models. The proposed framework achieves F1-scores of 99.19%, 99.67%, and 99.68% and AUC values of 0.992, 0.991, and 0.990 on CICIoT2023, CSE-CICIDS 2018, and TII-SSRC-23, respectively. Despite its multi-expert architecture, the model maintains low inference latency ranging from 1.28 to 1.56 ms per network flow, supporting real-time deployment. Cross-dataset evaluation confirms the robustness of AMoE-IDS under distribution shifts, while ablation studies highlight the critical role of feature harmonization and adaptive expert selection. Statistical significance analysis further validates the reliability of the observed improvements. Overall, the proposed framework demonstrates competitive performance, good scalability, and improved cross-dataset generalization.
References
Buczak A.L. and Guven E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection, IEEE Communications Surveys & Tutorials, 18(2): 1153- 1176. https://doi.org/10.1109/COMST.2015.2494502
Ferrag M.A., Maglaras L., Moschoyiannis S., Janicke H. (2019). Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study. Journal of Information Security and Applications. 2019, 50. https://doi.org/10.1016/j.jisa.2019.102419
Liu H. (2019). Lang B. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 9(20):4396. https://doi.org/10.3390/app9204396
Ullah F., Ullah S., Srivastava G., Lin J. (2024). IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic, Digital Communications and Networks, 10(1): 190-204. https://doi.org/10.1016/j.dcan.2023.03.008
Bouguessa A., Mostefaoui S.A.M., Daoud M.A. et al. (2025). TBAC-IDS: enhancing intrusion detection with transformer-based alerts correlation. Cluster Computing, 28, 1012. https://doi.org/10.1007/s10586-025-05716-z
Ring M., Wunderlich S., Scheuring D., Landes D., Hotho A. (2019). A survey of network-based intrusion detection data sets, Computers & Security, 86: 147-167. https://doi.org/10.1016/j.cose.2019.06.005
Mjahed O., El Hadaj S., El Guarmah E., Mjahed S. (2023). Improved Supervised and Unsupervised Metaheuristic-Based Approaches to Detect Intrusion in Various Datasets, Computer Modeling in Engineering & Sciences, 137(1): 265-298. https://doi.org/10.32604/cmes.2023.027581
Mjahed O., El Hadaj S., Guarmah E. and Mjahed S. (2023). New Denial of Service Attacks Detection Approach Using Hybridized Deep Neural Networks and Balanced Datasets, Computer Systems Science and Engineering, 47: 757-775. https://doi.org/10.32604/csse.2023.039111
Giap Thi N.-B., Nguyen V.-N., Pham A.-T., Hoang T.-M. (2026). Cosine Distance-Based FuzzyCMeans Clustering for Local Classification in Imbalanced Network Intrusion Detection, InternationalJournal of Computers Communications & Control, 21(3), 7305. https://doi.org/10.15837/ijccc.2026.3.7305
Li Y., Li Z., Li M. (2025). A comprehensive survey on intrusion detection algorithms, Computers and Electrical Engineering, 121, 109863. https://doi.org/10.1016/j.compeleceng.2024.109863
Hinton G., Shazeer N., Mirhoseini A., Maziarz K., Davis A., Le Quoc, Rachmad Y., Dean J. (2017). Outrageously Large Neural Networks: The Sparsely-Gated Mixture-of-Experts Layer. 10.48550/arXiv.1701.06538.
Fedus W., Zoph B., and Shazeer N. (2022). Switch Transformers: Scaling to Trillion Parameter Models with Simple and Efficient Sparsity, Journal of Machine Learning Research, 23(120): 1-39.
Long Z., Yan H., Shen G. et al. (2024). A Transformer-based network intrusion detection approach for cloud security. Journal of Cloud Computing 13, 5. https://doi.org/10.1186/s13677-023-00574-9
Kumar H., Konatham S., Rohit M. (2025). DeepTransIDS: Transformer-Based Deep learning Model for Detecting DDoS Attacks on 5G NIDD, Results in Engineering, 26, 104826. https://doi.org/10.1016/j.rineng.2025.104826
Doost, P.A., Moghadam, S.S., Khezri, E. et al. (2025). A new intrusion detection method using ensemble classification and feature selection. Scientific Reports 15, 13642. https://doi.org/10.1038/s41598-025-98604-w
Shin Y., Kim M., Kim H. et al. (2024). Towards unbalanced multiclass intrusion detection with hybrid sampling methods and ensemble classification. Applied Soft Computing, 157:111517. https://doi.org/10.1016/j.asoc.2024.111517
Kumar C. and Ansari, M. S. A. (2024). An explainable nature-inspired cyber attack detection system in software-defined IoT applications, Expert Systems with Applications, 250, 123853. https://doi.org/10.1016/j.eswa.2024.123853
Mjahed S., Mjahed 0. (2026). NFRT-IDS: A Unified Neuro-Fuzzy ReinforcementTransformer Architecture for Adaptive and Explainable Intrusion Detection. International Journal of Computers Communications & Control, 21(2), 7405. https://doi.org/10.15837/ijccc.2026.2.7405
Alharthi M., Medjek F., Djenouri D. (2025). Ensemble Learning Approaches for Multi-Class Intrusion Detection Systems for the Internet of Vehicles (IoV): A Comprehensive Survey. Future Internet. 17(7):317. https://doi.org/10.3390/fi17070317
Jony A.I. and Arnob A.K.B. (2024). A long short-term memory based approach for detecting cyber attacks in IoT using CIC-IoT2023 dataset. Journal of Edge Computing, 3(1): 28-42. https://doi.org/10.55056/jec.648
Kim J., Shin Y., Choi E. (2019). An intrusion detection model based on a convolutional neural network. Journal of Multimedia Information System, 6(4), 165-172. https://doi.org/10.33851/JMIS.2019.6.4.165
Khan M. A. (2021). HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes, 9(5), 834. https://doi.org/10.3390/pr9050834
Zhang Y., Zhang H., Zhang B. (2022). An effective ensemble automatic feature selection method for network intrusion detection. Information, 13(7), 314. https://doi.org/10.3390/info13070314
Herzalla D., Lunardi W.T. and Andreoni M. (2023). TII-SSRC-23 Dataset: Typological Exploration of Diverse Traffic Patterns for Intrusion Detection, IEEE Access, 11: 118577-118594. https://doi.org/10.1109/ACCESS.2023.3319213
Rani R., Barve A., Malviya A., Ranjan V., Jeet R., Bhosle N. (2025). Enhancing detection rates in intrusion detection systems using fuzzy integration and computational intelligence, Computers & Security, 157, 104577. https://doi.org/10.1016/j.cose.2025.104577
Jacobs R., Jordan M., Nowlan S., Hinton G. (1991). Adaptive Mixtures of Local Experts. Neural Computation. 3. 79-87. https://doi.org/10.1162/neco.1991.3.1.79
Goodfellow I., Bengio Y., and Courville A. (2016). Deep Learning, MIT Press, Cambridge, 2016.
Kingma D. and Ba J. (2015). Adam: A Method for Stochastic Optimization, Proceedings of the 3rd International Conference on Learning Representations (ICLR), San Diego, CA, USA, 7-9 May 2015.
Neto ECP, Dadkhah S, Ferreira R, Zohourian A, Lu R, Ghorbani AA. (2023). CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors. 23(13):5941. https://doi.org/10.3390/s23135941
Sharafaldin I., Lashkari A.H., and Ghorbani A.A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization, Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pp. 108-116 https://doi.org/10.5220/0006639801080116
Chawla N.V., Bowyer K.W., Hall L. Kegelmeyer W.P. (2002). SMOTE: Synthetic Minority Oversampling Technique, Journal of Artificial Intelligence Research, 16, 321-357. https://doi.org/10.1613/jair.953
Bilal M.A., Ul Islam I., Idrees S. et al. (2026). Dataset-centric evaluation of federated intrusion detection models in IoT networks. Scientific Reports, 16, 2683. https://doi.org/10.1038/s41598-025-32567-w
Jaradat A.S., Nasayreh A., Al-Na'amneh Q., Gharaibeh H., Al Mamlook R.E. (2023). Genetic optimization techniques for enhancing web attacks classification in machine learning. Proceedings of the IEEE International Conference on Dependable, Autonomic & Secure Computing, Abu Dhabi, UAE, 2023, pp. 130-136. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361399
Adewole K.S., Jacobsson A., Davidsson P. (2025). Intrusion Detection Framework for Internet of Things with Rule Induction for Model Explanation. Sensors, 25, 1845. https://doi.org/10.3390/s25061845
Elahi M., Songram R., Zaman M. (2025). Network-Shield: Exploring the Efficacy of GRU Model in Intrusion Detection Using CIC-IDS 2018 Dataset. 1058-1065. 10.1145/3723178.3723318. https://doi.org/10.1145/3723178.3723318
Lin P., Ye K., and Xu C.-Z. (2019). Dynamic Network AnomalyDetection System by Using Deep Learning Techniques. In Cloud Computing- CLOUD 2019, Dilma Da Silva, Qingyang Wang, and Liang-Jie Zhang (Eds.). Springer International Publishing, Cham, 161-176 https://doi.org/10.1007/978-3-030-23502-4_12
Wang Y.-C. , Houng Y.-C., Chen H.-X., and Tseng S.-M. (2023). Network anomaly intrusion detection based on deep learning approach, Sensors, 23(4), 2171. https://doi.org/10.3390/s23042171
Mondragon J.C., Branco P., Jourdan GV. et al. (2025). Advanced IDS: a comparative study of datasets and machine learning algorithms for network flow-based intrusion detection systems. Applied Intelligence, 55, 608. https://doi.org/10.1007/s10489-025-06422-4
Bilal M.A, Ul Islam I., Iltaf N., and Khan M.J. (2025). Federated Learning With Explainable AI for Malicious Traffic Detection in IoT Networks, IEEE Access, 13: 173368-173383. https://doi.org/10.1109/ACCESS.2025.3613459
Chekuri V. (2025). Cyber Threat Intelligence: Malware, Targets, and Emerging Attack Trends, Proceedings of 2025 Global Conference on Information Technology and Communication Networks (GITCON), Belagavi, India, 2025, pp. 1-8. https://doi.org/10.1109/GITCON65266.2025.11377094
Additional Files
Published
Issue
Section
License
Copyright (c) 2026 Ouail MJAHED, Soukaina MJAHED

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.






