Supervision : Sébastien TIXEUIL
Co-supervision : BLANC Gregory

Data-driven Evaluation of Network Intrusion Detection Systems

Intrusion Detection Systems (IDS) are critical for securing modern communication networks, especially as cyber threats become increasingly complex. However, existing evaluation methodologies for machine learning-based IDS lack standardisation, often overlook best practices, and primarily focus on performance within specific datasets without addressing broader issues. This thesis addresses these limitations by first defining a comprehensive theoretical framework for evaluating ML-based IDS. Building on this theoretical foundation, we introduce FREIDA, a tool that implements the framework, emphasising completeness, reliability, and reproducibility. FREIDA integrates both traditional IDS evaluation methods and machine learning best practices, with a particular focus on the critical relationship between data selection and evaluation choices. Our approach also extends the evaluation process to include assessments of robustness against adversarial attacks and privacy considerations, providing a more holistic evaluation of IDS resilience. Through the formalisation and implementation of our evaluation framework, we aim to standardise IDS evaluation methods and promote the development of resilient and adaptive intrusion detection systems for next-generation networks.

Phd defence : 05/26/2025

Jury members :

Patrick Sondi, CERI IMT Nord Europe [Rapporteur]
Romain Laborde, IRIT Université Paul Sabatier [Rapporteur]
Sébastien Tixeuil, LIP6 Sorbonne Université
Gregory Blanc, SAMOVAR Télécom SudParis
Maria Potop-Butucaru, LIP6 Sorbonne Université
Gilles Guette, IRISA IMT Atlantique
Houda Jmila, List CEA

2023-2025 Publications

• 2025
  • S. Ayoubi : “Évaluation orientée données des systèmes de détection d’intrusion dans les réseaux”, thesis, phd defence 05/26/2025, supervision Tixeuil, Sébastien, co-supervision : Blanc, Gregory (2025)
  • S. Ayoubi, G. Blanc, H. Jmila, S. Tixeuil : “Privacy benchmarking of intrusion detection sytems”, AINA-2025 : 39^th International Conference on Advanced Information Networking and Applications, vol. 248, Lecture Notes on Data Engineering and Communications Technologies, Barcelone, Spain, pp. 406-417, (Springer Nature Switzerland), (ISBN: 978-3-031-87772-8) (2025)
  • S. Ayoubi, S. Tixeuil, G. Blanc, H. Jmila : “FREIDA: a concrete tool for reproducible evaluation of IDS using a data-driven approach”, CRiSIS 2024: Risks and Security of Internet and Systems: 19^th International Conference, vol. 15456, Aix-en-Provence, France, pp. 40-55, (Springer Nature Switzerland), (ISBN: 978-3-031-89350-6) (2025)
• 2024
  • S. Ayoubi, S. Tixeuil, G. Blanc, H. Jmila : “Demo: towards reproducible evaluations of ML-based IDS using data-driven approaches”, CCS '24: ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, United States, pp. 5081-5083, (Association for Computing Machinery) (2024)
• 2023
  • S. Ayoubi, G. Blanc, H. Jmila, S. Tixeuil, Th. Silverston : “Evaluation Framework for ML-based IDS”, RESSI 2023 : Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, Neuvy-sur-Barangeon, France (2023)
  • S. Ayoubi, G. Blanc, H. Jmila, Th. Silverston, S. Tixeuil : “Data-driven evaluation of intrusion detectors: a methodological framework”, Foundations and Practice of Security, vol. LNCS-13877, Lecture Notes in Computer Science, Ottawa, ON, Canada, pp. 142-157, (Springer), (ISBN: 978-3-031-30122-3) (2023)