МЕТОД ПІДВИЩЕННЯ ТОЧНОСТІ СИСТЕМИ ВИЯВЛЕННЯ АТАК У ЗОНАХ НЕВИЗНАЧЕНОСТІ НА ОСНОВІ АНАЛІЗУ ПОМИЛОК ТА СЕЛЕКТИВНОГО ПЕРЕВИЗНАЧЕННЯ РІШЕНЬ, A method for improving the accuracy of an intrusion detection system in uncertainty zones based on error analysis and selective decision revision

<jats:p>The paper proposes a method for improving the accuracy of an intrusion detection sys-tem (IDS) in the task of binary classification of network traffic under class imbalance and the presence of borderline predictions. The approach is based on a two-stage decision scheme that combines error-driven data adaptation and selective decision revision within a prede-fined uncertainty zone. At the first stage, a baseline convolutional neural network (CNN) model is trained using spectrogram-based representations of network connections obtained via Short-Time Fourier Transform (STFT). After training, classification errors on the training and validation subsets are analyzed at the level of attack subclasses. Subclasses that contrib-ute the largest number of false decisions are identified and used to form an extended training set through targeted synthetic oversampling (ErrorBoost). A secondary IDS model with the same architecture is then trained from scratch on the extended dataset.To handle borderline predictions, an uncertainty zone is introduced as an interval of posterior probabilities close to the decision threshold. For samples whose predicted probabil-ity falls within this interval, the decision of the baseline model is selectively re-evaluated us-ing the auxiliary model. Final classification is determined according to confidence thresholds defined exclusively on the validation subset, without using test data during parameter tuning. Such a mechanism enables controlled adjustment of the trade-off between false positive and false negative rates, which is critical in practical IDS deployment.Experimental evaluation was conducted on the NSL-KDD dataset using a fixed protocol with separate training, validation, and test subsets. The ErrorBoost strategy alone did not provide stable improvements when applied as an independent solution. However, the com-bined approach integrating error-based oversampling and selective decision revision achieved improved performance. In the best experimental run, the overall accuracy reached 0.8522 on the test subset, while maintaining balanced precision and recall for the attack class. The results confirm that incorporating model-specific error analysis and selective re-evaluation of uncertain predictions can enhance IDS performance without increasing archi-tectural complexity or violating experimental validity.</jats:p>