Solayman's Ph.D defense

· 3 min read

On April 26th at 10:00, Solayman defended his Ph.D thesis entitled Data-driven Evaluation of Network Intrusion Detection Systems at Sorbonne Université, room 25-26-105.

He was then awarded the title of Doctor in Computer Science by a defense committee composed of

  • Gille Guette (Professor at IMT Atlantique, president)
  • Romain Laborde (Professor at Université de Toulouse, reviewer)
  • Patrick Sondi (Professor at IMT Nord Europe, reviewer)
  • Maria Potop-Butucaru (Professor at Sorbonne Université, examiner)
  • Sébastien Tixeuil (Professor at Sorbonne Université, advisor)
  • Gregory Blanc (Assoc. Professor at Télécom SudParis, advisor)
  • Houda Jmila (Researcher at CEA LIST, invited)

He is the first Ph.D candidate to graduate from the GRIFIN project, and we are all very proud of him. We wish to associate a tribute to his former Ph.D advisor, and our friend, Thomas Silverston, who passed away in October 2022.

Below is the abstract of Solayman’s Ph.D manuscript:

Intrusion Detection Systems (IDS) are critical components in securing modern communication networks, particularly as cyber threats grow in complexity. However, existing evaluation methodologies for machine learning (ML)–based IDS lack standardization, leading to incomplete and unreliable assessments. Prior evaluation approaches often disregard ML best practices, focusing primarily on performance within specific datasets without considering broader issues such as data quality and robustness. This thesis addresses these limitations by first defining a comprehensive theoretical framework for evaluating ML-based IDS.

Building upon this theorization, we introduce FREIDA, a tool that implements the theoretical framework, emphasizing completeness, reliability, and reproducibility. This tool integrates both traditional IDS evaluation methods and best practices from the ML domain, with a particular focus on the critical relationship between data selection and evaluation choices. With FREIDA we also introduce the formalization of each step of the evaluation process to ensure methodological rigor. By standardizing every aspect of the evaluation process, including the generation of purpose-specific datasets, FREIDA ensures robust testing conditions and systematically assesses IDS performance in various scenarios.

Our approach also extends the evaluation process to include robustness to adversarial attacks and privacy evaluation, offering a more holistic assessment of IDS resilience. FREIDA provides a practical, user-friendly platform with a graphical interface, making it accessible for comprehensive IDS evaluations. Extensive experiments conducted using established datasets demonstrate the tool’s effectiveness, especially in enhancing reproducibility and evaluating IDS performance under diverse conditions, including including threats targeting machine learning models. Through the formalization and implementation of our evaluation framework, we aim to standardize IDS evaluation methods and foster the development of resilient, adaptive intrusion detection systems for next-generation networks. The tool, source code, and experimental results are available on Gitlab, supporting further research and promoting transparency in IDS evaluation practices.