On the Evaluation and Deployment of Machine Learning Approaches for Intrusion Detection

Machine learning for intrusion detection is an active research field. However, instances of real-world application of methods proposed in the literature are still rare. Although a plethora of papers applying machine learning methods to benchmark data sets report excellent results, these methods seem to be hard to deploy in practice. In this paper, we investigate this gap between research and practical application by focusing on two questions: Firstly, we ask whether the current evaluation methodology is able to adequately forecast the performance of machine learning methods in practice. Secondly, we ask what needs to be done to facilitate the deployment of these methods. As a consequence to our findings, we formulate requirements for future evaluation methodologies and data sets, aiming to help evaluations better reflect actual performance in the field. Additionally, we identify a research road map with respect to the application of machine learning models in network intrusion detection systems, in order to further close the gap.