Loading…

Explainable Cross-domain Evaluation of ML-based Network Intrusion Detection Systems

Many of the proposed machine learning (ML) based network intrusion detection systems (NIDSs) achieve near perfect detection performance when evaluated on synthetic benchmark datasets. However, there is no record of if and how these results generalise to other network environments. In this paper, we...

Full description

Saved in:
Bibliographic Details
Published in:Computers & electrical engineering 2023-05, Vol.108, p.108692, Article 108692
Main Authors: Layeghy, Siamak, Portmann, Marius
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many of the proposed machine learning (ML) based network intrusion detection systems (NIDSs) achieve near perfect detection performance when evaluated on synthetic benchmark datasets. However, there is no record of if and how these results generalise to other network environments. In this paper, we investigate the cross-domain performance of ML-based NIDSs by extensively evaluating eight supervised and unsupervised learning models on four recently published benchmark NIDS datasets. Our investigation indicates that none of the considered models is able to generalise over all studied datasets. Interestingly, our results also indicate that the cross-domain performance has a high degree of asymmetry, i.e., swapping the source and target domains can significantly change the classification performance. Our investigation also indicates that overall, unsupervised learning methods perform better than supervised learning models in our considered scenarios. We further used SHAP values to explain the observed cross-domain performance results. They show a high correlation between a good model performance and a correspondence between feature distributions/values and Attack/Benign classes.
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2023.108692