Automated machineMachine learning learningAutomated machine learning (AutoML) has emerged as a promising paradigm for automating machine learningMachine learning (ML) pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML frameworks across 11 publicly available cybersecurity datasetsDataset, spanning intrusion detection, malware classification, phishing, fraud detection, and spam filtering. Results show substantial performancePerformance variability across tools and datasetsDataset, with no single solution consistently superior. A paradigm shift is observed: the challenge has moved from selecting individual ML models to identifying the most suitable AutoML framework, complicated by differences in runtime efficiency, automation capabilities, and supported features. AutoML tools frequently favor tree-based models, which perform well but risk overfitting and limit interpretability. Key challenges identified include adversarial vulnerability, model drift, and inadequate feature engineering. We conclude with best practices and research directions to strengthen robustness, interpretability, and trust in AutoML for high-stakes cybersecurity applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

AutoML in Cybersecurity: An Empirical Study

  • Sherif Saad,
  • Kevin Shi,
  • Mohammed Mamun,
  • Hythem Elmiligi

摘要

Automated machineMachine learning learningAutomated machine learning (AutoML) has emerged as a promising paradigm for automating machine learningMachine learning (ML) pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML frameworks across 11 publicly available cybersecurity datasetsDataset, spanning intrusion detection, malware classification, phishing, fraud detection, and spam filtering. Results show substantial performancePerformance variability across tools and datasetsDataset, with no single solution consistently superior. A paradigm shift is observed: the challenge has moved from selecting individual ML models to identifying the most suitable AutoML framework, complicated by differences in runtime efficiency, automation capabilities, and supported features. AutoML tools frequently favor tree-based models, which perform well but risk overfitting and limit interpretability. Key challenges identified include adversarial vulnerability, model drift, and inadequate feature engineering. We conclude with best practices and research directions to strengthen robustness, interpretability, and trust in AutoML for high-stakes cybersecurity applications.