Our paper “The Missing Link in Network Intrusion Detection: Taking AI/ML Research Efforts to Users” was published in IEEE Access. The paper focuses on the challenges faced in adopting Artificial Intelligence (AI) and Machine Learning (ML) within Intrusion Detection Systems (IDS). It identifies barriers to implementation, such as the lack of explainability, usability, and privacy considerations that hinder trust among non-expert users. The authors employ a user-centric approach by examining IDS research through the lens of various stakeholders, deriving realistic personas, and proposing design guidelines and hypotheses to enhance practical adoption of AI/ML-based IDS solutions.

Abstract:

Intrusion Detection Systems (IDS) tackle the challenging task of detecting network attacks as fast as possible. As this is getting more complex in modern enterprise networks, Artificial Intelligence (AI) and Machine Learning (ML) have gained substantial popularity in research. However, their adoption into real-world IDS solutions remains poor. Academic research often overlooks the interconnection of users and technical aspects. This leads to less explainable AI/ML models that hinder trust among AI/ML non-experts. Additionally, research often neglects secondary concerns such as usability and privacy. If IDS approaches conflict with current regulations or if administrators cannot deal with attacks more effectively, enterprises will not adopt the IDS in practice. To identify those problems systematically, our literature survey takes a user-centric approach; we examine IDS research from the perspective of stakeholders by applying the concept of personas. Further, we investigate multiple factors limiting the adoption of AI/ML in security and suggest technical, non-technical, and user-related considerations to enhance the adoption in practice. Our key contributions are threefold. (i) We derive personas from realistic enterprise scenarios, (ii) we provide a set of relevant hypotheses in the form of a review template, and (iii), based on our reviews, we derive design guidelines for practical implementations. To the best of our knowledge, this is the first paper that analyzes practical adoption barriers of AI/ML-based intrusion detection solutions concerning appropriateness of data, reproducibility, explainability, practicability, usability, and privacy. Our guidelines may help researchers to holistically evaluate their AI/ML-based IDS approaches to increase practical adoption.

The workflow of our literature review. Each step also corresponds to a specific (sub)section, where the components are described in-depth.