Enhancing Intrusion Detection Systems with representation methods: A comparative study

This paper presents a comparative analysis of three data representation methods for improving Intrusion Detection Systems (IDS). The methods compared are autoencoders, Generative Adversarial Networks (GANs), and contrastive learning. Additionally, a baseline approach using raw input data is evaluated. The study is conducted on three well-known IDS datasets: NSL-KDD, Ton-IoT, and Bot-IoT, each with distinct characteristics. Our results demonstrate that representational methods significantly enhance classification performance, particularly when ample unlabeled data is available. Among the methods, GANs achieved the highest f1-score improvements in the Ton-IoT dataset, while contrastive learning excelled in the Bot-IoT dataset. The experiments also reveal that the choice of classifier impacts performance, with Random Forest performing best on raw data and Multi-Layer Perceptrons (MLP) excelling with transformed data. The study highlights the importance of selecting appropriate representation learning techniques and classifiers based on dataset characteristics. It emphasizes the potential of unsupervised learning methods to utilize large volumes of unlabeled data, a common scenario in real-world cybersecurity applications. The findings provide a foundation for future research in leveraging unsupervised learning for IDS and other cybersecurity challenges. (AU)