Network Intrusion Detection Systems (NIDS) deal with class imbalance in network traffic data, where minority attack classes are underestimated. FCM-Cosine, a modified Fuzzy C-Means clustering algorithm, replaces Euclidean distance in the objective function with Cosine distance to better capture directional similarity in high-dimensional feature spaces. The cluster-then-classify framework decomposes the global intrusion detection problem into localized classification sub-problems to detect minority attack classes. Five classifiers have been examined on the CICIoT2023 dataset at two scales (16,100 and 465,000 samples). FCM-Cosine had an average F1-Macro of 69.36%, while Decision Tree had 86.79%, resulting in a 37.97% improvement over direct training. The framework is ten times faster than SMOTE (19.18s vs. 189.73s average training time) and scales nearly linearly with dataset size. Results demonstrate that FCM-Cosine offers competitive classification performance with computational efficiency for large-scale NIDS deployments.