Open Access

ARTICLE

An Auto Encoder-Enhanced Stacked Ensemble for Intrusion Detection in Healthcare Networks

Fatma S. Alrayes¹, Mohammed Zakariah^2,*, Mohammed K. Alzaylaee³, Syed Umar Amin⁴, Zafar Iqbal Khan⁴

1 Information Systems Department, College of Computer and Information Sciences, Princess Nourah bint Adulrahman University, Riyadh, 11671, Saudi Arabia
2 Department of Computer Science and Engineering, College of Applied Studies and Community Service, King Saud University, P.O. Box 22459, Riyadh, 11495, Saudi Arabia
3 Department of Computing, College of Engineering and Computing, Umm AL-Qura University, Al-Qunfudhah, 28821, Saudi Arabia
4 Computer Science Department, College of Computer & Information Science, Prince Sultan University, Riyadh, 11586, Saudi Arabia

* Corresponding Author: Mohammed Zakariah. Email:

(This article belongs to the Special Issue: Advances in Machine Learning and Artificial Intelligence for Intrusion Detection Systems)

Computers, Materials & Continua 2025, 85(2), 3457-3484. https://doi.org/10.32604/cmc.2025.068599

Received 02 June 2025; Accepted 18 July 2025; Issue published 23 September 2025

Abstract

Healthcare networks prove to be an urgent issue in terms of intrusion detection due to the critical consequences of cyber threats and the extreme sensitivity of medical information. The proposed Auto-Stack ID in the study is a stacked ensemble of encoder-enhanced auctions that can be used to improve intrusion detection in healthcare networks. The WUSTL-EHMS 2020 dataset trains and evaluates the model, constituting an imbalanced class distribution (87.46% normal traffic and 12.53% intrusion attacks). To address this imbalance, the study balances the effect of training Bias through Stratified K-fold cross-validation (K = 5), so that each class is represented similarly on training and validation splits. Second, the Auto-Stack ID method combines many base classifiers such as TabNet, LightGBM, Gaussian Naive Bayes, Histogram-Based Gradient Boosting (HGB), and Logistic Regression. We apply a two-stage training process based on the first stage, where we have base classifiers that predict out-of-fold (OOF) predictions, which we use as inputs for the second-stage meta-learner XGBoost. The meta-learner learns to refine predictions to capture complicated interactions between base models, thus improving detection accuracy without introducing bias, overfitting, or requiring domain knowledge of the meta-data. In addition, the auto-stack ID model got 98.41% accuracy and 93.45% F1 score, better than individual classifiers. It can identify intrusions due to its 90.55% recall and 96.53% precision with minimal false positives. These findings identify its suitability in ensuring healthcare networks’ security through ensemble learning. Ongoing efforts will be deployed in real time to improve response to evolving threats.

---

Keywords

---