TL;DR
This paper introduces XeNIDS, a framework for cross-evaluating machine learning-based network intrusion detection systems using existing labeled datasets, revealing their broader capabilities and potential risks.
Contribution
It presents the first cross-evaluation model and framework for ML-NIDS, enabling comprehensive assessment across multiple datasets and uncovering new insights into their performance.
Findings
Cross-evaluation reveals hidden strengths of ML-NIDS.
Potential to extend detection surface without additional labeling.
Risks and limitations of cross-evaluation identified.
Abstract
Enhancing Network Intrusion Detection Systems (NIDS) with supervised Machine Learning (ML) is tough. ML-NIDS must be trained and evaluated, operations requiring data where benign and malicious samples are clearly labelled. Such labels demand costly expert knowledge, resulting in a lack of real deployments, as well as on papers always relying on the same outdated data. The situation improved recently, as some efforts disclosed their labelled datasets. However, most past works used such datasets just as a 'yet another' testbed, overlooking the added potential provided by such availability. In contrast, we promote using such existing labelled data to cross-evaluate ML-NIDS. Such approach received only limited attention and, due to its complexity, requires a dedicated treatment. We hence propose the first cross-evaluation model. Our model highlights the broader range of realistic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
