Open Access

ARTICLE

Differential Privacy for Security Telemetry: An Empirical Study of Utility Loss in Intrusion Detection Systems

Sajad Homayoun^*

Cyber Security Group, Department of Electronic Systems, Aalborg University, Copenhagen, Denmark

* Corresponding Author: Sajad Homayoun. Email:

Computers, Materials & Continua 2026, 88(2), 88 https://doi.org/10.32604/cmc.2026.082332

Received 16 March 2026; Accepted 09 May 2026; Issue published 15 June 2026

Abstract

Intrusion detection systems depend on detailed security telemetry, yet such telemetry is often too sensitive to share or reuse outside controlled environments. Differential Privacy (DP) offers formal protection by injecting randomness, but its practical impact on detection utility is not well understood, especially under class imbalance and for rare attacks. This paper presents a controlled empirical study of feature-level DP applied to security telemetry for intrusion detection. Using a fixed model and a fixed train–test split, we vary only the privacy budget and quantify how performance changes across standard metrics, including macro-averaged scores and per-class recall. While aggregate metrics such as accuracy and Micro-F1 remain comparatively high, class-balanced metrics degrade substantially under stronger privacy constraints. In particular, the detection of rare and low-volume attacks is severely affected, with some classes becoming undetectable under feature-level DP perturbation. These results indicate that privacy–utility trade-offs in intrusion detection are highly class-dependent and that aggregate performance measures may hide operationally relevant degradation.

---

Keywords

---