Evaluation of Inter-Dataset Generalisability of Autoencoders for Network Intrusion Detection

Abstract

With the improving sophistication of computer network intrusions and the rising rate of number of novel attacks, the research focus in network intrusion detection has shifted to unsupervised and semi-supervised methods that have better zero-day detection ability and their ability to generalize across different network environments. Recently published datasets that have the same flow features but different network environments and attacks have eased the research on generalisability and improved method comparison abilities. This paper aims to continue the strive towards generalisability by examining the performance of, primarily autoencoder, and PCA, in an inter-dataset network intrusion detection tasks as these methods have not yet been evaluated across different network environments. The results indicate that while the performance of the traditionally used methods does not fully transfer on different network environments, they do perform better than a random classifier.