Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection
This work highlights a critical limitation for IoT security practitioners, as it shows that widely used IPF-based methods are unreliable for real-world deployment.
The paper investigated the use of individual packet features (IPF) for machine learning-based intrusion detection in IoT networks, finding that these features can produce misleadingly high detection rates and often fail to generalize across datasets, compromising reliability in diverse environments.
Machine learning is increasingly used for intrusion detection in IoT networks. This paper explores the effectiveness of using individual packet features (IPF), which are attributes extracted from a single network packet, such as timing, size, and source-destination information. Through literature review and experiments, we identify the limitations of IPF, showing they can produce misleadingly high detection rates. Our findings emphasize the need for approaches that consider packet interactions for robust intrusion detection. Additionally, we demonstrate that models based on IPF often fail to generalize across datasets, compromising their reliability in diverse IoT environments.