Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection Article Swipe
Kahraman Kostas
,
Mike Just
,
Michael A. Lones
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2406.07578
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2406.07578
Machine learning is increasingly used for intrusion detection in IoT networks. This paper explores the effectiveness of using individual packet features (IPF), which are attributes extracted from a single network packet, such as timing, size, and source-destination information. Through literature review and experiments, we identify the limitations of IPF, showing they can produce misleadingly high detection rates. Our findings emphasize the need for approaches that consider packet interactions for robust intrusion detection. Additionally, we demonstrate that models based on IPF often fail to generalize across datasets, compromising their reliability in diverse IoT environments.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2406.07578
- https://arxiv.org/pdf/2406.07578
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4399694431
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4399694431Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2406.07578Digital Object Identifier
- Title
-
Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion DetectionWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-06-07Full publication date if available
- Authors
-
Kahraman Kostas, Mike Just, Michael A. LonesList of authors in order
- Landing page
-
https://arxiv.org/abs/2406.07578Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2406.07578Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2406.07578Direct OA link when available
- Concepts
-
Intrusion detection system, Network packet, Computer science, Artificial intelligence, Data mining, Pattern recognition (psychology), Computer networkTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4399694431 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2406.07578 |
| ids.doi | https://doi.org/10.48550/arxiv.2406.07578 |
| ids.openalex | https://openalex.org/W4399694431 |
| fwci | |
| type | preprint |
| title | Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10400 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.982200026512146 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1705 |
| topics[0].subfield.display_name | Computer Networks and Communications |
| topics[0].display_name | Network Security and Intrusion Detection |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C35525427 |
| concepts[0].level | 2 |
| concepts[0].score | 0.7490181922912598 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q745881 |
| concepts[0].display_name | Intrusion detection system |
| concepts[1].id | https://openalex.org/C158379750 |
| concepts[1].level | 2 |
| concepts[1].score | 0.6057612299919128 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q214111 |
| concepts[1].display_name | Network packet |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.5871293544769287 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C154945302 |
| concepts[3].level | 1 |
| concepts[3].score | 0.39256083965301514 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[3].display_name | Artificial intelligence |
| concepts[4].id | https://openalex.org/C124101348 |
| concepts[4].level | 1 |
| concepts[4].score | 0.3549344837665558 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q172491 |
| concepts[4].display_name | Data mining |
| concepts[5].id | https://openalex.org/C153180895 |
| concepts[5].level | 2 |
| concepts[5].score | 0.3285056948661804 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q7148389 |
| concepts[5].display_name | Pattern recognition (psychology) |
| concepts[6].id | https://openalex.org/C31258907 |
| concepts[6].level | 1 |
| concepts[6].score | 0.25874078273773193 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q1301371 |
| concepts[6].display_name | Computer network |
| keywords[0].id | https://openalex.org/keywords/intrusion-detection-system |
| keywords[0].score | 0.7490181922912598 |
| keywords[0].display_name | Intrusion detection system |
| keywords[1].id | https://openalex.org/keywords/network-packet |
| keywords[1].score | 0.6057612299919128 |
| keywords[1].display_name | Network packet |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.5871293544769287 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[3].score | 0.39256083965301514 |
| keywords[3].display_name | Artificial intelligence |
| keywords[4].id | https://openalex.org/keywords/data-mining |
| keywords[4].score | 0.3549344837665558 |
| keywords[4].display_name | Data mining |
| keywords[5].id | https://openalex.org/keywords/pattern-recognition |
| keywords[5].score | 0.3285056948661804 |
| keywords[5].display_name | Pattern recognition (psychology) |
| keywords[6].id | https://openalex.org/keywords/computer-network |
| keywords[6].score | 0.25874078273773193 |
| keywords[6].display_name | Computer network |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2406.07578 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | cc-by |
| locations[0].pdf_url | https://arxiv.org/pdf/2406.07578 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | https://openalex.org/licenses/cc-by |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2406.07578 |
| locations[1].id | doi:10.48550/arxiv.2406.07578 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2406.07578 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5058691307 |
| authorships[0].author.orcid | https://orcid.org/0000-0002-4696-1857 |
| authorships[0].author.display_name | Kahraman Kostas |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Kostas, Kahraman |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5037048837 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-9669-5067 |
| authorships[1].author.display_name | Mike Just |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Just, Mike |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5049325379 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-2745-9896 |
| authorships[2].author.display_name | Michael A. Lones |
| authorships[2].author_position | last |
| authorships[2].raw_author_name | Lones, Michael A. |
| authorships[2].is_corresponding | False |
| has_content.pdf | True |
| has_content.grobid_xml | True |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2406.07578 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection |
| has_fulltext | True |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10400 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.982200026512146 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1705 |
| primary_topic.subfield.display_name | Computer Networks and Communications |
| primary_topic.display_name | Network Security and Intrusion Detection |
| related_works | https://openalex.org/W2357468538, https://openalex.org/W1577110157, https://openalex.org/W2355007334, https://openalex.org/W2390009783, https://openalex.org/W2033914206, https://openalex.org/W2364419519, https://openalex.org/W2042327336, https://openalex.org/W2360767377, https://openalex.org/W2017948608, https://openalex.org/W2360951146 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2406.07578 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | cc-by |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2406.07578 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | https://openalex.org/licenses/cc-by |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2406.07578 |
| primary_location.id | pmh:oai:arXiv.org:2406.07578 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | cc-by |
| primary_location.pdf_url | https://arxiv.org/pdf/2406.07578 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | https://openalex.org/licenses/cc-by |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2406.07578 |
| publication_date | 2024-06-07 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 27 |
| abstract_inverted_index.as | 32 |
| abstract_inverted_index.in | 8, 89 |
| abstract_inverted_index.is | 2 |
| abstract_inverted_index.of | 16, 47 |
| abstract_inverted_index.on | 78 |
| abstract_inverted_index.to | 82 |
| abstract_inverted_index.we | 43, 73 |
| abstract_inverted_index.IPF | 79 |
| abstract_inverted_index.IoT | 9, 91 |
| abstract_inverted_index.Our | 57 |
| abstract_inverted_index.and | 35, 41 |
| abstract_inverted_index.are | 23 |
| abstract_inverted_index.can | 51 |
| abstract_inverted_index.for | 5, 62, 68 |
| abstract_inverted_index.the | 14, 45, 60 |
| abstract_inverted_index.IPF, | 48 |
| abstract_inverted_index.This | 11 |
| abstract_inverted_index.fail | 81 |
| abstract_inverted_index.from | 26 |
| abstract_inverted_index.high | 54 |
| abstract_inverted_index.need | 61 |
| abstract_inverted_index.such | 31 |
| abstract_inverted_index.that | 64, 75 |
| abstract_inverted_index.they | 50 |
| abstract_inverted_index.used | 4 |
| abstract_inverted_index.based | 77 |
| abstract_inverted_index.often | 80 |
| abstract_inverted_index.paper | 12 |
| abstract_inverted_index.size, | 34 |
| abstract_inverted_index.their | 87 |
| abstract_inverted_index.using | 17 |
| abstract_inverted_index.which | 22 |
| abstract_inverted_index.(IPF), | 21 |
| abstract_inverted_index.across | 84 |
| abstract_inverted_index.models | 76 |
| abstract_inverted_index.packet | 19, 66 |
| abstract_inverted_index.rates. | 56 |
| abstract_inverted_index.review | 40 |
| abstract_inverted_index.robust | 69 |
| abstract_inverted_index.single | 28 |
| abstract_inverted_index.Machine | 0 |
| abstract_inverted_index.Through | 38 |
| abstract_inverted_index.diverse | 90 |
| abstract_inverted_index.network | 29 |
| abstract_inverted_index.packet, | 30 |
| abstract_inverted_index.produce | 52 |
| abstract_inverted_index.showing | 49 |
| abstract_inverted_index.timing, | 33 |
| abstract_inverted_index.consider | 65 |
| abstract_inverted_index.explores | 13 |
| abstract_inverted_index.features | 20 |
| abstract_inverted_index.findings | 58 |
| abstract_inverted_index.identify | 44 |
| abstract_inverted_index.learning | 1 |
| abstract_inverted_index.datasets, | 85 |
| abstract_inverted_index.detection | 7, 55 |
| abstract_inverted_index.emphasize | 59 |
| abstract_inverted_index.extracted | 25 |
| abstract_inverted_index.intrusion | 6, 70 |
| abstract_inverted_index.networks. | 10 |
| abstract_inverted_index.approaches | 63 |
| abstract_inverted_index.attributes | 24 |
| abstract_inverted_index.detection. | 71 |
| abstract_inverted_index.generalize | 83 |
| abstract_inverted_index.individual | 18 |
| abstract_inverted_index.literature | 39 |
| abstract_inverted_index.demonstrate | 74 |
| abstract_inverted_index.limitations | 46 |
| abstract_inverted_index.reliability | 88 |
| abstract_inverted_index.compromising | 86 |
| abstract_inverted_index.experiments, | 42 |
| abstract_inverted_index.increasingly | 3 |
| abstract_inverted_index.information. | 37 |
| abstract_inverted_index.interactions | 67 |
| abstract_inverted_index.misleadingly | 53 |
| abstract_inverted_index.Additionally, | 72 |
| abstract_inverted_index.effectiveness | 15 |
| abstract_inverted_index.environments. | 92 |
| abstract_inverted_index.source-destination | 36 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 3 |
| citation_normalized_percentile |