Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework

Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved....

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Ayoubi, Solayman, Blanc, Gregory, Jmila, Houda, Silverston, Thomas, Tixeuil, Sébastien
Format:	Buchkapitel
Sprache:	eng
Schlagworte:	Computer Science Data-driven Evaluation Evaluation Framework Intrusion Detection System Machine learning
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	157
container_issue
container_start_page	142
container_title
container_volume	13877
creator	Ayoubi, Solayman Blanc, Gregory Jmila, Houda Silverston, Thomas Tixeuil, Sébastien
description	Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved. In this paper, we design a comprehensive evaluation framework for Machine Learning (ML)-based intrusion detection systems (IDS) and take into account the unique aspects of ML algorithms, their strengths and weaknesses. The framework design is inspired by both i) traditional IDS evaluation methods and ii) recommendations for evaluating ML algorithms in diverse application areas. Data quality being the key to machine learning, we focus on data-driven evaluation by exploring data-related issues. Our approach goes beyond evaluating intrusion detection performance (also known as effectiveness) and aims at proposing standard data manipulation methods to tackle robustness and stability. Finally, we evaluate our framework through a qualitative comparison with other IDS evaluation approaches from the state of the art.
doi_str_mv	10.1007/978-3-031-30122-3_9
format	Book Chapter
fullrecord	<record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_04055085v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EBC7232018_133_153</sourcerecordid><originalsourceid>FETCH-LOGICAL-b397t-89abf0e619116a95f5e21713c01729bad5ba80feabb0aa76c98d376ba4e734643</originalsourceid><addsrcrecordid>eNpVkD1zEzEQhgUJDE7wL6C5lkJk9_ZOH3SeOCGeMUMDtWbvrIuPXCwjyWb498gxDdVqH73vFo8QHxA-IYC-sdpIkkAoCbCuJTn7SswLpcJeEL0WM1RYAtTYi__-UF2KGRDU0uqG3oorJN0YrdDYd2Ke0k8AqA2hBTUTqyVnlss4Hv2uujvydOA8hl0Vhmq1y_GQTsvSZ9_nENPnalF99XkbNmEKj2PPU3Uf-dn_DvHpvXgz8JT8_N-8Fj_u777fPsj1ty-r28VadmR1lsZyN4BXaBEV23ZofY0aqQfUte1403ZsYPDcdcCsVW_NhrTquPGaGtXQtfh4vrvlye3j-Mzxjws8uofF2p0YNNC2YNojliyes6kEd48-ui6Ep-QQ3MmzK9YcueLNvUgtb1s6zbmzj-HXwafs_KnU-6KDp37L--xjcrqmGtA4JHLYEv0FbJ55zw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype><pqid>EBC7232018_133_153</pqid></control><display><type>book_chapter</type><title>Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework</title><source>Springer Books</source><creator>Ayoubi, Solayman ; Blanc, Gregory ; Jmila, Houda ; Silverston, Thomas ; Tixeuil, Sébastien</creator><contributor>Garcia-Alfaro, Joaquin ; Adams, Carlisle ; Mounier, Laurent ; Sèdes, Florence ; Jourdan, Guy-Vincent ; Adams, Carlisle ; Sèdes, Florence ; Jourdan, Guy-Vincent ; Mounier, Laurent ; Garcia-Alfaro, Joaquin</contributor><creatorcontrib>Ayoubi, Solayman ; Blanc, Gregory ; Jmila, Houda ; Silverston, Thomas ; Tixeuil, Sébastien ; Garcia-Alfaro, Joaquin ; Adams, Carlisle ; Mounier, Laurent ; Sèdes, Florence ; Jourdan, Guy-Vincent ; Adams, Carlisle ; Sèdes, Florence ; Jourdan, Guy-Vincent ; Mounier, Laurent ; Garcia-Alfaro, Joaquin</creatorcontrib><description>Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved. In this paper, we design a comprehensive evaluation framework for Machine Learning (ML)-based intrusion detection systems (IDS) and take into account the unique aspects of ML algorithms, their strengths and weaknesses. The framework design is inspired by both i) traditional IDS evaluation methods and ii) recommendations for evaluating ML algorithms in diverse application areas. Data quality being the key to machine learning, we focus on data-driven evaluation by exploring data-related issues. Our approach goes beyond evaluating intrusion detection performance (also known as effectiveness) and aims at proposing standard data manipulation methods to tackle robustness and stability. Finally, we evaluate our framework through a qualitative comparison with other IDS evaluation approaches from the state of the art.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783031301216</identifier><identifier>ISBN: 3031301218</identifier><identifier>ISBN: 9783031301223</identifier><identifier>ISBN: 3031301226</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 9783031301223</identifier><identifier>EISBN: 3031301226</identifier><identifier>DOI: 10.1007/978-3-031-30122-3_9</identifier><identifier>OCLC: 1374876189</identifier><identifier>LCCallNum: QA76.9.A25</identifier><language>eng</language><publisher>Switzerland: Springer</publisher><subject>Computer Science ; Data-driven Evaluation ; Evaluation Framework ; Intrusion Detection System ; Machine learning</subject><ispartof>Foundations and Practice of Security, 2023, Vol.13877, p.142-157</ispartof><rights>The Author(s), under exclusive license to Springer Nature Switzerland AG 2023</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><orcidid>0000-0002-0948-7172 ; 0000-0003-0451-5637 ; 0000-0001-5711-4402 ; 0000-0002-4864-5380 ; 0000-0001-8150-6617 ; 0000-0001-5179-6035</orcidid><relation>Lecture Notes in Computer Science</relation></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/7232018-l.jpg</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/978-3-031-30122-3_9$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/978-3-031-30122-3_9$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>230,309,310,779,780,784,789,790,793,885,27916,38246,41433,42502</link.rule.ids><backlink>$$Uhttps://hal.science/hal-04055085$$DView record in HAL$$Hfree_for_read</backlink></links><search><contributor>Garcia-Alfaro, Joaquin</contributor><contributor>Adams, Carlisle</contributor><contributor>Mounier, Laurent</contributor><contributor>Sèdes, Florence</contributor><contributor>Jourdan, Guy-Vincent</contributor><contributor>Adams, Carlisle</contributor><contributor>Sèdes, Florence</contributor><contributor>Jourdan, Guy-Vincent</contributor><contributor>Mounier, Laurent</contributor><contributor>Garcia-Alfaro, Joaquin</contributor><creatorcontrib>Ayoubi, Solayman</creatorcontrib><creatorcontrib>Blanc, Gregory</creatorcontrib><creatorcontrib>Jmila, Houda</creatorcontrib><creatorcontrib>Silverston, Thomas</creatorcontrib><creatorcontrib>Tixeuil, Sébastien</creatorcontrib><title>Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework</title><title>Foundations and Practice of Security</title><description>Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved. In this paper, we design a comprehensive evaluation framework for Machine Learning (ML)-based intrusion detection systems (IDS) and take into account the unique aspects of ML algorithms, their strengths and weaknesses. The framework design is inspired by both i) traditional IDS evaluation methods and ii) recommendations for evaluating ML algorithms in diverse application areas. Data quality being the key to machine learning, we focus on data-driven evaluation by exploring data-related issues. Our approach goes beyond evaluating intrusion detection performance (also known as effectiveness) and aims at proposing standard data manipulation methods to tackle robustness and stability. Finally, we evaluate our framework through a qualitative comparison with other IDS evaluation approaches from the state of the art.</description><subject>Computer Science</subject><subject>Data-driven Evaluation</subject><subject>Evaluation Framework</subject><subject>Intrusion Detection System</subject><subject>Machine learning</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783031301216</isbn><isbn>3031301218</isbn><isbn>9783031301223</isbn><isbn>3031301226</isbn><isbn>9783031301223</isbn><isbn>3031301226</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2023</creationdate><recordtype>book_chapter</recordtype><recordid>eNpVkD1zEzEQhgUJDE7wL6C5lkJk9_ZOH3SeOCGeMUMDtWbvrIuPXCwjyWb498gxDdVqH73vFo8QHxA-IYC-sdpIkkAoCbCuJTn7SswLpcJeEL0WM1RYAtTYi__-UF2KGRDU0uqG3oorJN0YrdDYd2Ke0k8AqA2hBTUTqyVnlss4Hv2uujvydOA8hl0Vhmq1y_GQTsvSZ9_nENPnalF99XkbNmEKj2PPU3Uf-dn_DvHpvXgz8JT8_N-8Fj_u777fPsj1ty-r28VadmR1lsZyN4BXaBEV23ZofY0aqQfUte1403ZsYPDcdcCsVW_NhrTquPGaGtXQtfh4vrvlye3j-Mzxjws8uofF2p0YNNC2YNojliyes6kEd48-ui6Ep-QQ3MmzK9YcueLNvUgtb1s6zbmzj-HXwafs_KnU-6KDp37L--xjcrqmGtA4JHLYEv0FbJ55zw</recordid><startdate>2023</startdate><enddate>2023</enddate><creator>Ayoubi, Solayman</creator><creator>Blanc, Gregory</creator><creator>Jmila, Houda</creator><creator>Silverston, Thomas</creator><creator>Tixeuil, Sébastien</creator><general>Springer</general><general>Springer Nature Switzerland</general><scope>FFUUA</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0002-0948-7172</orcidid><orcidid>https://orcid.org/0000-0003-0451-5637</orcidid><orcidid>https://orcid.org/0000-0001-5711-4402</orcidid><orcidid>https://orcid.org/0000-0002-4864-5380</orcidid><orcidid>https://orcid.org/0000-0001-8150-6617</orcidid><orcidid>https://orcid.org/0000-0001-5179-6035</orcidid></search><sort><creationdate>2023</creationdate><title>Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework</title><author>Ayoubi, Solayman ; Blanc, Gregory ; Jmila, Houda ; Silverston, Thomas ; Tixeuil, Sébastien</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-b397t-89abf0e619116a95f5e21713c01729bad5ba80feabb0aa76c98d376ba4e734643</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science</topic><topic>Data-driven Evaluation</topic><topic>Evaluation Framework</topic><topic>Intrusion Detection System</topic><topic>Machine learning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ayoubi, Solayman</creatorcontrib><creatorcontrib>Blanc, Gregory</creatorcontrib><creatorcontrib>Jmila, Houda</creatorcontrib><creatorcontrib>Silverston, Thomas</creatorcontrib><creatorcontrib>Tixeuil, Sébastien</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ayoubi, Solayman</au><au>Blanc, Gregory</au><au>Jmila, Houda</au><au>Silverston, Thomas</au><au>Tixeuil, Sébastien</au><au>Garcia-Alfaro, Joaquin</au><au>Adams, Carlisle</au><au>Mounier, Laurent</au><au>Sèdes, Florence</au><au>Jourdan, Guy-Vincent</au><au>Adams, Carlisle</au><au>Sèdes, Florence</au><au>Jourdan, Guy-Vincent</au><au>Mounier, Laurent</au><au>Garcia-Alfaro, Joaquin</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework</atitle><btitle>Foundations and Practice of Security</btitle><seriestitle>Lecture Notes in Computer Science</seriestitle><date>2023</date><risdate>2023</risdate><volume>13877</volume><spage>142</spage><epage>157</epage><pages>142-157</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783031301216</isbn><isbn>3031301218</isbn><isbn>9783031301223</isbn><isbn>3031301226</isbn><eisbn>9783031301223</eisbn><eisbn>3031301226</eisbn><abstract>Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved. In this paper, we design a comprehensive evaluation framework for Machine Learning (ML)-based intrusion detection systems (IDS) and take into account the unique aspects of ML algorithms, their strengths and weaknesses. The framework design is inspired by both i) traditional IDS evaluation methods and ii) recommendations for evaluating ML algorithms in diverse application areas. Data quality being the key to machine learning, we focus on data-driven evaluation by exploring data-related issues. Our approach goes beyond evaluating intrusion detection performance (also known as effectiveness) and aims at proposing standard data manipulation methods to tackle robustness and stability. Finally, we evaluate our framework through a qualitative comparison with other IDS evaluation approaches from the state of the art.</abstract><cop>Switzerland</cop><pub>Springer</pub><doi>10.1007/978-3-031-30122-3_9</doi><oclcid>1374876189</oclcid><tpages>16</tpages><orcidid>https://orcid.org/0000-0002-0948-7172</orcidid><orcidid>https://orcid.org/0000-0003-0451-5637</orcidid><orcidid>https://orcid.org/0000-0001-5711-4402</orcidid><orcidid>https://orcid.org/0000-0002-4864-5380</orcidid><orcidid>https://orcid.org/0000-0001-8150-6617</orcidid><orcidid>https://orcid.org/0000-0001-5179-6035</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 0302-9743
ispartof	Foundations and Practice of Security, 2023, Vol.13877, p.142-157
issn	0302-9743 1611-3349
language	eng
recordid	cdi_hal_primary_oai_HAL_hal_04055085v1
source	Springer Books
subjects	Computer Science Data-driven Evaluation Evaluation Framework Intrusion Detection System Machine learning
title	Data-Driven Evaluation of Intrusion Detectors: A Methodological Framework
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T23%3A44%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=Data-Driven%20Evaluation%20of%20Intrusion%20Detectors:%20A%20Methodological%20Framework&rft.btitle=Foundations%20and%20Practice%20of%20Security&rft.au=Ayoubi,%20Solayman&rft.date=2023&rft.volume=13877&rft.spage=142&rft.epage=157&rft.pages=142-157&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783031301216&rft.isbn_list=3031301218&rft.isbn_list=9783031301223&rft.isbn_list=3031301226&rft_id=info:doi/10.1007/978-3-031-30122-3_9&rft_dat=%3Cproquest_hal_p%3EEBC7232018_133_153%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&rft.eisbn=9783031301223&rft.eisbn_list=3031301226&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC7232018_133_153&rft_id=info:pmid/&rfr_iscdi=true