Algorithm 1: Integrated IDS and Honeypot with Ensemble Method using LR and KNN

Input o Accept a dataset containing network traffic records, labeled as ‘normal’ or ‘intrusion’. IDS Initialization o Split the dataset into training and testing sets. o Initialize Logistic Regression (LR) and K-Nearest Neighbor (KNN) models. Model Training o For each record in the training set, do the following: ▪ Train the LR model. ▪ Train the KNN model. Model Testing o For each record in the testing set, do the following: ▪ Make a prediction using the LR model. ▪ Make a prediction using the KNN model. ▪ Use ensemble learning to combine the predictions. ▪ Compare the ensemble prediction with the actual label to evaluate the performance. Honeypot Initialization o Set up a system to emulate network traffic. IDS Monitoring and Honeypot Deception o Process initialization: ▪ Preprocess the data to extract features. ▪ Use the trained LR and KNN models to predict (‘normal’ or ‘intrusion’). ▪ If the prediction is ‘intrusion’: Alert the system administrator. Redirect the traffic to the honeypot. The honeypot emulates the cyberattack behavioral pattern to deceive the intruder. ▪ Otherwise: Allow the traffic to continue normally. Output o Intrusion detection alerts. o Classified traffic (normal/attack).