TY - GEN
T1 - Expectations Versus Reality
T2 - 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2025
AU - Huynh, Larry
AU - Hesford, Jake
AU - Cheng, Daniel
AU - Wan, Alan
AU - Kim, Seungho
AU - Kim, Hyoungshick
AU - Hong, Jin
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Intrusion Detection Systems (IDSs) play a critical role in safeguarding networks against malicious activities. However, selecting a suitable IDS remains challenging due to variability in performance across different network environments, datasets, and detection methodologies. This paper presents a systematic evaluation of recent machine learning-based Network IDS (NIDS). Our initial curation of numerous ML-based IDS solutions revealed significant practical challenges related to dataset preprocessing, code availability, and reproducibility that complicated performance assessments. From the systems that could be successfully implemented, we thoroughly evaluated four IDSs - HELAD, AOC-IDS, NEGSC, and SLIPS - across five benchmark datasets: CICIDS2017, UNSW-NB15, Mirai, CTU13, and BoT-IoT. Our empirical analysis highlights significant performance variations, demonstrating that no single IDS universally outperforms others across all tested datasets. NEGSC exhibited the most consistent performance, achieving the highest average F1 score (0.8147), while other IDSs such as HELAD showed notable dataset-specific effectiveness (e.g., CTU13, F1=0.9902). We discuss these issues in-depth, emphasizing the critical importance of aligning IDS selection with specific network characteristics and operational needs. Our findings underline the necessity for standardized benchmarking practices and highlight practical deployment considerations, guiding users toward more informed IDS choices in real-world scenarios.
AB - Intrusion Detection Systems (IDSs) play a critical role in safeguarding networks against malicious activities. However, selecting a suitable IDS remains challenging due to variability in performance across different network environments, datasets, and detection methodologies. This paper presents a systematic evaluation of recent machine learning-based Network IDS (NIDS). Our initial curation of numerous ML-based IDS solutions revealed significant practical challenges related to dataset preprocessing, code availability, and reproducibility that complicated performance assessments. From the systems that could be successfully implemented, we thoroughly evaluated four IDSs - HELAD, AOC-IDS, NEGSC, and SLIPS - across five benchmark datasets: CICIDS2017, UNSW-NB15, Mirai, CTU13, and BoT-IoT. Our empirical analysis highlights significant performance variations, demonstrating that no single IDS universally outperforms others across all tested datasets. NEGSC exhibited the most consistent performance, achieving the highest average F1 score (0.8147), while other IDSs such as HELAD showed notable dataset-specific effectiveness (e.g., CTU13, F1=0.9902). We discuss these issues in-depth, emphasizing the critical importance of aligning IDS selection with specific network characteristics and operational needs. Our findings underline the necessity for standardized benchmarking practices and highlight practical deployment considerations, guiding users toward more informed IDS choices in real-world scenarios.
KW - Comparative Analysis
KW - Intrusion Detection System
KW - Machine Learning
UR - https://www.scopus.com/pages/publications/105011414757
U2 - 10.1109/DSN-S65789.2025.00042
DO - 10.1109/DSN-S65789.2025.00042
M3 - Conference contribution
AN - SCOPUS:105011414757
T3 - Proceedings - 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2025
SP - 56
EP - 62
BT - Proceedings - 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2025
A2 - Cinque, Marcello
A2 - Cotroneo, Domenico
A2 - De Simone, Luigi
A2 - Eckhart, Matthias
A2 - Lee, Patrick P. C.
A2 - Zonouz, Saman
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 23 June 2025 through 26 June 2025
ER -