Cross-Datasets Evaluation of Machine Learning Models for Intrusion Detection Systems

Said Al-Riyami*, Alexei Lisitsa, Frans Coenen

*المؤلف المقابل لهذا العمل

نتاج البحث: Chapter

1 اقتباس (Scopus)

ملخص

The conventional way to evaluate the performance of machine learning models intrusion detection systems (IDS) is by using the same dataset to train and test. This method might lead to the bias from the computer network where the traffic is generated. Because of that, the applicability of the learned models might not be adequately evaluated. We argued in Al-Riyami et al. (ACM, pp 2195-2197 [1]) that a better way is to use cross-datasets evaluation, where we use two different datasets for training and testing. Both datasets should be generated from various networks. Using this method as it was shown in Al-Riyami et al. (ACM, pp 2195-2197 [1]) may lead to a significant drop in the performance of the learned model. This indicates that the models learn very little knowledge about the intrusion, which would be transferable from one setting to another. The reasons for such behaviour were not fully understood in Al-Riyami et al. (ACM, pp 2195-2197 [1]). In this paper, we investigate the problem and show that the main reason is the different definitions of the same feature in both models. We propose the correction and further empirically investigate cross-datasets evaluation for various machine learning methods. Further, we explored cross-dataset evaluation in the multiclass classification of attacks, and we show for most models that learning traffic normality is more robust than learning intrusions.

اللغة الأصليةEnglish
عنوان منشور المضيفProceedings of 6th International Congress on Information and Communication Technology, ICICT 2021
المحررونXin-She Yang, Simon Sherratt, Nilanjan Dey, Amit Joshi
ناشرSpringer Science and Business Media Deutschland GmbH
الصفحات815-828
عدد الصفحات14
رقم المعيار الدولي للكتب (المطبوع)9789811621017
المعرِّفات الرقمية للأشياء
حالة النشرPublished - أكتوبر 27 2021
الحدث6th International Congress on Information and Communication Technology, ICICT 2021 - Virtual, Online
المدة: فبراير ٢٥ ٢٠٢١فبراير ٢٦ ٢٠٢١

سلسلة المنشورات

الاسمLecture Notes in Networks and Systems
مستوى الصوت217
رقم المعيار الدولي للدوريات (المطبوع)2367-3370
رقم المعيار الدولي للدوريات (الإلكتروني)2367-3389

Conference

Conference6th International Congress on Information and Communication Technology, ICICT 2021
المدينةVirtual, Online
المدة٢/٢٥/٢١٢/٢٦/٢١

ASJC Scopus subject areas

  • ???subjectarea.asjc.2200.2207???
  • ???subjectarea.asjc.1700.1711???
  • ???subjectarea.asjc.1700.1705???

بصمة

أدرس بدقة موضوعات البحث “Cross-Datasets Evaluation of Machine Learning Models for Intrusion Detection Systems'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا