Flow Exporter Impact on Intelligent Intrusion Detection Systems
Daniela Pinto, João Vitorino, Eva Maia, Ivone Amorim, Isabel Praça
2025
Abstract
High-quality datasets are critical for training machine learning models, as inconsistencies in feature generation can hinder the accuracy and reliability of threat detection. For this reason, ensuring the quality of the data in network intrusion detection datasets is important. A key component of this is using reliable tools to generate the flows and features present in the datasets. This paper investigates the impact of flow exporters on the performance and reliability of machine learning models for intrusion detection. Using HERA, a tool designed to export flows and extract features, the raw network packets of two widely used datasets, UNSW-NB15 and CIC-IDS2017, were processed from PCAP files to generate new versions of these datasets. These were compared to the original ones in terms of their influence on the performance of several models, including Random Forest, XGBoost, LightGBM, and Explainable Boosting Machine. The results obtained were significant. Models trained on the HERA version of the datasets consistently outperformed those trained on the original dataset, showing improvements in accuracy and indicating a better generalisation. This highlighted the importance of flow generation in the model’s ability to differentiate between benign and malicious traffic.
DownloadPaper Citation
in Harvard Style
Pinto D., Vitorino J., Maia E., Amorim I. and Praça I. (2025). Flow Exporter Impact on Intelligent Intrusion Detection Systems. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 289-298. DOI: 10.5220/0013131900003899
in Bibtex Style
@conference{icissp25,
author={Daniela Pinto and João Vitorino and Eva Maia and Ivone Amorim and Isabel Praça},
title={Flow Exporter Impact on Intelligent Intrusion Detection Systems},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={289-298},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013131900003899},
isbn={978-989-758-735-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Flow Exporter Impact on Intelligent Intrusion Detection Systems
SN - 978-989-758-735-1
AU - Pinto D.
AU - Vitorino J.
AU - Maia E.
AU - Amorim I.
AU - Praça I.
PY - 2025
SP - 289
EP - 298
DO - 10.5220/0013131900003899
PB - SciTePress