SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection

Conference 8th IEEE European Symposium on Security and Privacy

Delft, Netherlands

Oneliner: Revisiting ML in Network Intrusion Detection

It was nice to attend EuroS&P for the second year in a row. Compared to the previous edition, in Genoa, which was held in a 5-star Hotel and whose social dinner was in an historical building, this edition was much more “sober”: it was held at TU Delft (the room was amazing, it looked like a Cinema!), and the social dinner was at a restaurant with a much more “normal” vibe (albeit the picture with me in a Dutch attire was quite funny!). Yet, from a purely “research” perspective, I felt that the conference to be slightly better than the previous edition. Particularly, the quality of the talks was outstanding: I chaired the “Machine Learning Security” session and the three talks were extremely interesting—so much that the audience kept asking questions and it was “hard” to stop them!

As for my talk, I will simply state that it was one of the presentations that I liked the most giving. In a sense, this talk—and the corresponding paper—encapsulated all the expertise I matured throughout my PhD and my first 2 years as a PostDoc. Indeed, it almost feels like the state-of-practice of ML in the NIDS context had barely progressed since when I first approached this domain—despite thousands of papers revolving around these subjects. Hopefully, our paper will change this.

Slides Paper Artifact (Code) Venue Video (Presentation)