TY - GEN
T1 - Evaluating the Generalization of Machine Learning and Deep Learning Models for Intrusion Detection Systems
AU - Berjawi, Omran
AU - Khatoun, Rida
AU - Fenza, Giuseppe
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - Intrusion Detection Systems (IDS) play a crucial role in safeguarding digital networks against evolving cyber threats. Traditional IDS approaches, such as signature-based and anomaly-based detection, face challenges in adapting to novel attack patterns. This study evaluates the generalization capability of Machine Learning (ML) and Deep Learning (DL) models in detecting cyber-attacks across different datasets. Using CIC-IDS2017 and CIC-IDS2018 datasets, we implement and assess multiple classification models, including Decision Trees, Random Forest, Multilayer Perceptron, and Convolutional Neural Networks. Experimental results demonstrate that while models perform well when trained and tested on the same dataset, their effectiveness significantly declines when applied to unseen datasets. The MLP model outper-forms traditional ML classifiers in cross-dataset generalization, highlighting the need for robust model adaptation strategies. These findings emphasize the importance of enhancing IDS models for real-world deployment by improving their ability to generalize across diverse cyber-attack patterns.
AB - Intrusion Detection Systems (IDS) play a crucial role in safeguarding digital networks against evolving cyber threats. Traditional IDS approaches, such as signature-based and anomaly-based detection, face challenges in adapting to novel attack patterns. This study evaluates the generalization capability of Machine Learning (ML) and Deep Learning (DL) models in detecting cyber-attacks across different datasets. Using CIC-IDS2017 and CIC-IDS2018 datasets, we implement and assess multiple classification models, including Decision Trees, Random Forest, Multilayer Perceptron, and Convolutional Neural Networks. Experimental results demonstrate that while models perform well when trained and tested on the same dataset, their effectiveness significantly declines when applied to unseen datasets. The MLP model outper-forms traditional ML classifiers in cross-dataset generalization, highlighting the need for robust model adaptation strategies. These findings emphasize the importance of enhancing IDS models for real-world deployment by improving their ability to generalize across diverse cyber-attack patterns.
KW - Cross Dataset
KW - Cyber Security
KW - Deep Learning
KW - Intrusion Detection System
KW - Machine Learning
KW - Network Security
UR - https://www.scopus.com/pages/publications/105030469466
U2 - 10.1109/INISTA68122.2025.11249659
DO - 10.1109/INISTA68122.2025.11249659
M3 - Conference contribution
AN - SCOPUS:105030469466
T3 - 19th International Conference on Innovations in Intelligent Systems and Applications, INISTA 2025 - Proceedings
BT - 19th International Conference on Innovations in Intelligent Systems and Applications, INISTA 2025 - Proceedings
A2 - Dustdar, Schahram
A2 - Yildirim, Tulay
A2 - Barhamgi, Mahmoud
A2 - Masciari, Elio
A2 - Manolopoulos, Yannis
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 19th International Conference on Innovations in Intelligent Systems and Applications, INISTA 2025
Y2 - 29 October 2025 through 31 October 2025
ER -