English

Assessing Generalisation Capability of Machine Learning Models for Intrusion Detection

Cryptography and Security 2026-05-07 v1

Abstract

The growth of networked and IoT systems has intensified cyber-security threats and exposed the limits of traditional signature-based intrusion detection. Although machine-learning-based intrusion detection systems often report strong benchmark performance, high ac- curacy within a single dataset does not necessarily guarantee reliable performance in unseen network environments. This study investigates the generalisation capability of supervised machine learning models for intrusion detection using UNSW-NB15 and TON_IoT. Random Forest, Logistic Regression, and Naive Bayes were evaluated under same-dataset and cross-dataset settings. Random Forest achieved the strongest same dataset performance, with 95.08% accuracy on UNSW-NB15 and 99.79% on TON_IoT, but performance dropped sharply in cross-dataset testing. When trained on UNSW-NB15 and tested on TON_IoT or vice versa, below 40% accuracy. These results reveal a significant generalisation gap in intrusion detection. We connect this challenge to affective computing and human-centric AI, where behavioural signal analysis, anomaly detection, domain shift, and context-sensitive modelling are also central. This framing highlights the need for adaptive, generalisable cyber-security models that can operate across changing network and IoT environments.

Keywords

Cite

@article{arxiv.2605.04407,
  title  = {Assessing Generalisation Capability of Machine Learning Models for Intrusion Detection},
  author = {Md Zakir Hossain and Md Ayshik Rahman Khan and Md Rafiqul Islam and Syed Mohammed Shamsul Islam and Tom Gedeon},
  journal= {arXiv preprint arXiv:2605.04407},
  year   = {2026}
}

Comments

13 Pages, 3 Figures, 5 Tables, Conference

R2 v1 2026-07-01T12:52:01.500Z