Factory floors in 2026 look nothing like they did a decade ago. Robots collaborate with humans, sensors talk to cloud systems, and every machine is a node on the network. This is Industry 5.0 — and it's a massive attack surface.
I spent the last year building Aegis-5, a hybrid ensemble framework for intrusion detection in these environments. The work was published in ACM Transactions on Autonomous and Adaptive Systems, and I've open-sourced the full implementation. Here's how it works and why existing approaches fall short.
The Problem
Industrial IoT networks generate diverse traffic — normal SCADA commands, sensor telemetry, actuator signals — alongside attack patterns that look increasingly like legitimate traffic. Traditional IDSs struggle here because:
- Single classifiers can't generalize across the wide variety of IIoT attack types (DDoS, reconnaissance, spoofing, botnet C2, etc.)
- Static models degrade as traffic patterns shift during production cycles
- Zero-day attacks bypass signature-based and even some ML-based systems
- Class imbalance — in real IIoT traffic, some attack types are extremely rare
The Idea Behind Aegis-5
Instead of betting on one classifier, Aegis-5 combines five fundamentally different learners and lets them vote — but the voting isn't equal. Each classifier's vote is weighted dynamically based on how well it's been performing on each specific attack class in recent predictions.
The five classifiers:
- Random Forest — handles high-dimensional feature spaces well
- Gradient Boosting — strong on structured/tabular data
- XGBoost — efficient gradient boosting with regularization
- SVM — effective decision boundaries in transformed feature space
- KNN — captures local neighborhood patterns
Each brings a different inductive bias. That diversity is the whole point.
Dynamic Weighting: The Core Innovation
Here's where Aegis-5 diverges from standard ensembles. Instead of fixed weights or simple majority voting, we maintain a sliding window of the last K=1000 predictions for each classifier and compute per-class F1 scores in real time.
The weight for classifier i on class c is:
w_i,c = exp(beta * F1_i,c) / sum_j(exp(beta * F1_j,c))
This is just softmax with a temperature parameter (beta=2.0). When a classifier is nailing a specific attack type, its weight for that class goes up. When it's struggling, the ensemble naturally shifts trust to the classifiers that are performing better.
In Python:
class DynamicWeightManager:
def __init__(self, n_classifiers, n_classes, window_size=1000, beta=2.0):
self.windows = [deque(maxlen=window_size) for _ in range(n_classifiers)]
self.weights = np.ones((n_classifiers, n_classes)) / n_classifiers
self.beta = beta
def _recompute_weights(self):
f1_scores = np.ones((self.n_classifiers, self.n_classes)) * 0.5
for i in range(self.n_classifiers):
if len(self.windows[i]) == 0:
continue
records = list(self.windows[i])
y_true = [r[0] for r in records]
y_pred = [r[1] for r in records]
per_class_f1 = f1_score(
y_true, y_pred, average=None,
labels=list(range(self.n_classes)), zero_division=0.0
)
f1_scores[i, :len(per_class_f1)] = per_class_f1
for c in range(self.n_classes):
scores = self.beta * f1_scores[:, c]
exp_scores = np.exp(scores - np.max(scores))
self.weights[:, c] = exp_scores / exp_scores.sum()
The Meta-Learner Layer
On top of the dynamically-weighted base predictions, a Logistic Regression meta-learner synthesizes the final output. It takes the weighted probability vectors from all five classifiers as input features and learns the optimal combination.
But here's the twist — we don't blindly trust the meta-learner either.
Hybrid Voting Protocol
The final prediction uses a confidence threshold (tau=0.95):
- High confidence (meta-learner probability >= tau): use soft voting with the meta-learner's output
- Low confidence: fall back to hard voting (weighted majority) across all five classifiers
This hybrid approach means the system is aggressive when it's confident and conservative when it's uncertain — exactly what you want in a security-critical environment.
def _hybrid_predict(self, X):
meta_proba = self.meta_learner.predict_proba(meta_features)
max_confidence = meta_proba.max(axis=1)
predictions = np.empty(n_samples, dtype=int)
high_conf = max_confidence >= self.confidence_threshold
predictions[high_conf] = meta_proba[high_conf].argmax(axis=1)
# Hard voting fallback for low-confidence samples
for idx in np.where(~high_conf)[0]:
votes = {}
for i, clf in enumerate(self.classifiers):
pred = clf.predict(X[idx:idx+1])[0]
weight = self.weight_manager.get_weights()[i, pred]
votes[pred] = votes.get(pred, 0) + weight
predictions[idx] = max(votes, key=votes.get)
return predictions
Preprocessing Pipeline
IIoT data is messy. Our pipeline:
- Median imputation for missing values (robust to outliers from sensor noise)
- StandardScaler normalization
- ANOVA F-test + Recursive Feature Elimination with Cross-Validation (RFECV) — keeps only statistically significant features
- PCA for dimensionality reduction
- SMOTE to handle class imbalance (rare attack types)
Results
We evaluated on two benchmark IIoT datasets:
| Dataset | Accuracy | Precision | Recall | F1-Score |
|---|---|---|---|---|
| IoT-23 | 99.98% | 99.97% | 99.96% | 99.96% |
| CIC-IoT 2023 | 99.95% | 99.93% | 99.92% | 99.93% |
These numbers beat prior state-of-the-art approaches on both datasets. More importantly, the per-class metrics show strong performance even on rare attack types — which is where most single-classifier systems fail.
Try It Yourself
The full implementation is open-source:
git clone https://github.com/vijaygovindaraja/Aegis5.git
cd Aegis5
pip install -r requirements.txt
python demo.py
Or use it in your own project:
from aegis5 import Aegis5
model = Aegis5(
confidence_threshold=0.95,
beta=2.0,
use_feature_selection=True,
use_pca=True,
use_smote=True
)
model.fit(X_train, y_train)
results = model.evaluate(X_test, y_test)
print(f"Accuracy: {results['accuracy']:.4f}")
What I Learned
Building Aegis-5 reinforced a few things for me:
Diversity beats complexity. Five relatively simple classifiers with smart weighting outperformed deeper, more complex individual models. The key is that each classifier fails differently — and the ensemble exploits that.
Adaptive systems matter in production. Static models decay. The sliding window approach means Aegis-5 adapts as traffic patterns change without retraining from scratch.
Hybrid strategies beat pure strategies. The soft/hard voting hybrid outperformed both pure soft voting and pure hard voting. Knowing when to be confident and when to be cautious is underrated in ML system design.
Paper
The full paper is published in ACM Transactions on Autonomous and Adaptive Systems:
Govindarajan, V., Ahmed, F., Faheem, Z.B., Bilal, M., Ayadi, M., & Ali, J. (2026). Aegis-5: A Hybrid Ensemble Framework for Intrusion Detection in Industry 5.0 Driven Smart Manufacturing Environment. ACM TAAS. DOI: 10.1145/3787224
If you're working on IIoT security or ensemble methods, I'd love to hear your thoughts. Drop a comment or open an issue on the GitHub repo.
Top comments (0)