TY  - EJOU
AU  - Homayoun, Sajad 

TI  - Differential Privacy for Security Telemetry: An Empirical Study of Utility Loss in Intrusion Detection Systems
T2  - Computers, Materials \& Continua

PY  - 
VL  - 
IS  - 
SN  - 1546-2226

AB  - Intrusion detection systems depend on detailed security telemetry, yet such telemetry is often too sensitive to share or reuse outside controlled environments. Differential Privacy (DP) offers formal protection by injecting randomness, but its practical impact on detection utility is not well understood, especially under class imbalance and for rare attacks. This paper presents a controlled empirical study of feature-level DP applied to security telemetry for intrusion detection. Using a fixed model and a fixed train–test split, we vary only the privacy budget and quantify how performance changes across standard metrics, including macro-averaged scores and per-class recall. While aggregate metrics such as accuracy and Micro-F1 remain comparatively high, class-balanced metrics degrade substantially under stronger privacy constraints. In particular, the detection of rare and low-volume attacks is severely affected, with some classes becoming undetectable under feature-level DP perturbation. These results indicate that privacy–utility trade-offs in intrusion detection are highly class-dependent and that aggregate performance measures may hide operationally relevant degradation.
KW  - Differential privacy; security telemetry; privacy–utility trade-off; rare attack detection; class imbalance

DO  - 10.32604/cmc.2026.082332