Transfer Learning in Network Intrusion Detection Systems: a Review of Methods and Approaches

This article provides an overview of modern transfer learning methods in network intrusion detection systems (IDS), focusing on the problem of model stability in conditions of network data drift, traffic variability, and the emergence of new types of attacks. The main transfer paradigms – parametric, feature-based, and relationship-based – and their adaptation to the task of anomaly detection and network intrusion classification are considered. Particular attention is paid to the differences between methods based on the analysis of statistical properties of network flows and methods based on packet analysis. Based on an analysis of existing work, it is demonstrated that the use of transfer learning can significantly improve the robustness of network IDSs to changes in infrastructure and data distributions, but faces problems of negative transfer, lack of representative domain sources, and architectural complexity. Finally, key directions for further research are formulated, including adaptive models that account for drift, transfer under limited data conditions, and integration with streaming machine learning methods.

1. Liao H. J. et al. Intrusion detection system: A comprehensive review //Journal of network and computer applications. – 2013. – Т. 36. – №. 1. – С. 16-24.

2. Zhuang F. et al. A comprehensive survey on transfer learning //Proceedings of the IEEE. – 2020. – Т. 109. – №. 1. – С. 43-76.

3. Pan S. J., Yang Q. A survey on transfer learning //IEEE Transactions on knowledge and data engineering. – 2009. – Т. 22. – №. 10. – С. 1345-1359.

4. Nguyen C. T. et al. Transfer learning for wireless networks: A comprehensive survey //Proceedings of the IEEE. – 2022. – Т. 110. – №. 8. – С. 1073-1115.

5. Yosinski J. et al. How transferable are features in deep neural networks? //arXiv preprint arXiv:1411.1792. – 2014.

6. Ring M. et al. A survey of network-based intrusion detection data sets //Computers & security. – 2019. – Т. 86. – С. 147-167.

7. Wang M. et al. On the robustness of ML-based network intrusion detection systems: An adversarial and distribution shift perspective //Computers. – 2023. – Т. 12. – №. 10. – С. 209.

8. Wu P., Guo H., Buckland R. A transfer learning approach for network intrusion detection //arXiv preprint arXiv:1909.02352. – 2019.

9. Ma W. et al. Abnormal traffic detection based on generative adversarial network and feature optimization selection //International Journal of Computational Intelligence Systems. – 2021. – Т. 14. – №. 1. – С. 1170-1188.

10. Gretton A. et al. A kernel two-sample test //The journal of machine learning research. – 2012. – Т. 13. – №. 1. – С. 723-773.

11. Zhao J. et al. Transfer learning for detecting unknown network attacks //EURASIP Journal on Information Security. – 2019. – Т. 2019. – №. 1. – С. 1-13.

12. Zhao J., Shetty S., Pan J. W. Feature-based transfer learning for network security //MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM). – IEEE, 2017. – С. 17-22.

13. Lin Y. D. et al. Evolving ML-based Intrusion Detection: Cyber Threat Intelligence for Dynamic Model Updates //IEEE Transactions on Machine Learning in Communications and Networking. – 2025.

14. Dhillon H., Haque A. Towards network traffic monitoring using deep transfer learning //2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). – IEEE, 2020. – С. 1089-1096.

15. Idrissi I., Azizi M., Moussaoui O. Accelerating the update of a DL-based IDS for IoT using deep transfer learning //Indones. J. Electr. Eng. Comput. Sci. – 2021. – Т. 23. – №. 2. – С. 1059-1067.

16. Tariq S., Lee S., Woo S. S. CANTransfer: Transfer learning based intrusion detection on a controller area network using convolutional LSTM network //Proceedings of the 35th annual ACM symposium on applied computing. – 2020. – С. 1048-1055.

17. Rodríguez E. et al. Transfer-learning-based intrusion detection framework in IoT networks //Sensors. – 2022. – Т. 22. – №. 15. – С. 5621.

18. BoT IoT Dataset, Available at: https://research.unsw.edu.au/projects/bot-iot-dataset, accessed 20.11.2025.

19. Moustafa N., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) //2015 military communications and information systems conference (MilCIS). – IEEE, 2015. – С. 1-6.

20. Hu X. et al. CBD: A deep-learning-based scheme for encrypted traffic classification with a general pre-training method //Sensors. – 2021. – Т. 21. – №. 24. – С. 8231.

21. Wang Z. et al. Characterizing and avoiding negative transfer //Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. – 2019. – С. 11293-11302.