Publication details
- Part of: ESORICS 2025 International Workshops: AutonomousCyber 2025, CPS4CIP 2025, DisA 2025, HS3 2025, MIST 2025, Toulouse, France, September 25–26, 2025, Revised Selected Papers, Part III (Springer Nature, 2025)
- Pages: 202–222
- Year: 2026
- Links:
The cyberattack surface in critical sectors is expanding due
to the rapid proliferation of Internet of Things (IoT) devices. Artificial
Intelligence (AI) models, such as Deep Neural Networks (DNNs)
and Convolutional Neural Networks (CNNs), offer promising capabilities
for detecting and classifying cyber threats. However, these models often
struggle to generalize to previously unseen attacks after deployment. This
study investigates how well different AI techniques can generalize to such
novel threats in the presence of class imbalance. We evaluate three data
balancing strategies: Generative Adversarial Networks (GAN), Synthetic
Minority Over-sampling Technique (SMOTE), and class weighting. Experimental
results indicate that DNNs outperform CNNs when provided
with identical input data. While each balancing method has distinct advantages
and trade-offs, the highest multiclass accuracy of 81.16 % was
achieved by a DNN using GAN-augmented data for the previously seen
attack types. The best performance on unseen attacks was achieved by
a DNN trained with SMOTE, yielding a multiclass accuracy of 51 %
among eight classes. The binary classification (benign vs. malicious) results
were satisfactory, with DNN using GAN-augmented data achieving
an accuracy of 99.20 %. These findings highlight the importance of not
only separating data into training and test splits, but also incorporating
a “seen vs. unseen” evaluation strategy.