I have seen so many academic papers claiming that machine learning based NIDS are better than signature based NIDS. Specifically they claim to detect zero day attacks. Troubling thing in these papers is that either they use two decade old NSL KDD dataset for training or setup their own labs to generate both normal and attack traffic for training ML/Deep Learning models. Obviously it no longer represent current traffic or attacks. How much these are effective against real world attacks? What is your experience?

Also, any commercial offering that claim to use ML for intrusion detection specially for cloud workloads you would recommend for detecting zero day attacks?

Is using ML/DL for NIDS a mere an academic experiment and nothing more?

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.