Machine Learning-Based Intrusion Detection Systems for Enterprise Security Architectures

Abstract

The rapid expansion of enterprise networks, coupled with the increasing sophistication of cyber threats, has rendered traditional signature-based intrusion detection systems (IDS) largely inadequate for modern security architectures. This paper explores the integration of machine learning (ML) techniques into intrusion detection frameworks specifically designed for large-scale enterprise environments. We examine supervised, unsupervised, and semi-supervised learning models—including random forests, support vector machines, autoencoders, and deep neural networks—and evaluate their efficacy in detecting zero-day attacks, polymorphic malware, and insider threats. A comparative analysis of ML-based IDS against conventional systems is presented, focusing on key performance metrics such as detection rate, false positive rate, computational overhead, and adaptability to evolving attack vectors. Furthermore, the paper addresses architectural challenges unique to enterprises, including data imbalance, real-time processing constraints, and integration with existing security information and event management (SIEM) systems. Findings indicate that hybrid ML models, particularly those combining anomaly detection with ensemble learning, significantly enhance detection accuracy while maintaining acceptable latency for high-throughput enterprise networks. We conclude with a set of best practices for deploying ML-based IDS within defense-in-depth strategies and propose future research directions in adversarial machine learning and federated learning for distributed enterprise architectures.