Transfer learning in network intrusion detection systems: a review of methods and approaches

A. Yu. Pokidko^a, I. A. Stepanov^ab, A. I. Get'man<sup>abcd

a</sup> Ivannikov Institute for System Programming of the RAS
^b Moscow Institute of Physics and Technology (State University)
^c National Research University Higher School of Economics
^d Lomonosov Moscow State University

Abstract: This article provides an overview of modern transfer learning methods in network intrusion detection systems (IDS), focusing on the problem of model stability in conditions of network data drift, traffic variability, and the emergence of new types of attacks. The main transfer paradigms – parametric, feature-based, and relationship-based – and their adaptation to the task of anomaly detection and network intrusion classification are considered. Particular attention is paid to the differences between methods based on the analysis of statistical properties of network flows and methods based on packet analysis. Based on an analysis of existing work, it is demonstrated that the use of transfer learning can significantly improve the robustness of network IDSs to changes in infrastructure and data distributions, but faces problems of negative transfer, lack of representative domain sources, and architectural complexity. Finally, key directions for further research are formulated, including adaptive models that account for drift, transfer under limited data conditions, and integration with streaming machine learning methods.

Keywords: network intrusion detection system (NIDS), transfer learning

DOI: 10.15514/ISPRAS-2025-37(6)-37