Overview:
In an increasingly connected world, protecting networks from malicious behavior is critical. Network Intrusion Detection Systems (NIDS) are key components in this effort, identifying abnormal traffic patterns or attacks in real time. Traditionally, NIDS relied on signature-based or statistical methods, but modern systems increasingly leverage machine learning and deep learning to detect complex attack patterns.
This thesis focuses on the evaluation, benchmarking, and conceptual understanding of AI-based NIDS. The student will begin with a comprehensive literature review of both classical and modern approaches, including supervised, unsupervised, and hybrid detection strategies. The core technical work will involve benchmarking ML/DL-based intrusion detection models (e.g., MLPs, CNNs, RNNs, autoencoders, transformers, or graph-based approaches) on publicly available datasets such as NSL-KDD, UNSW-NB15, CIC-IDS2017, and others.
A major focus of this thesis is the open-set problem in network intrusion detection. Real-world traffic often contains previously unseen attacks, which standard supervised models — trained only on known classes — fail to detect or misclassify. The student will explore and discuss methods that aim to handle open-set scenarios, such as open-set recognition techniques, uncertainty estimation, anomaly detection, and hybrid pipelines.
Research Questions:
The topic spans applied machine learning, network security, and systems benchmarking:
What are the most common architectures and learning paradigms used in AI-based NIDS, and how do they compare across datasets and attack types?
How well do current models generalize to novel (unseen) attack types and benign traffic?
How can open-set recognition techniques — such as confidence-based rejection, novelty detection, or open-set classifiers — improve the robustness of NIDS?
What are the trade-offs between detection accuracy, false positives, runtime performance, and generalization?
Requirements:
Curiosity about anomaly detection, adversarial behavior, and generalization problems; good understanding of machine learning and neural networks; good programming skills in Python and ML libraries; basic familiarity with network protocols and security concepts is helpful.
Start: Immediately
Contact: Ismail Aslan (aslan@tu-berlin.de)