Examining traffic microstructures to improve model development

Henry Clausen, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We demonstrate how machine-learning-based network intrusion detection models can be validated and developed by probing models using traffic with specifically controlled microstructures. We show our methodology by probing two published state-of-the-art models to find classification flaws and and understand misbehaviour. These models fail for input traffic with particular characteristics such as retransmissions or overly dispersed flow interarrival times. After we make simple corresponding model corrections, detection rates already improve between 2 -4%. We believe this shows promise for using tailored data with controllable and labelled characteristics to effectively improve model development in NID, a practice that helped model development significantly in several other areas of machinelearning.
Original languageEnglish
Title of host publication2021 IEEE Security and Privacy Workshops (SPW)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages6
ISBN (Electronic)978-1-6654-3732-5
ISBN (Print)978-1-6654-3733-2
Publication statusPublished - 8 Jul 2021
Event42nd IEEE Symposium on Security and Privacy - Online, San Francisco, United States
Duration: 24 May 202127 May 2021


Symposium42nd IEEE Symposium on Security and Privacy
Abbreviated titleSP 2021
Country/TerritoryUnited States
CitySan Francisco
Internet address


  • Machine learning
  • traffic microstructures
  • network intrusion detection


Dive into the research topics of 'Examining traffic microstructures to improve model development'. Together they form a unique fingerprint.

Cite this