AutoML in Cybersecurity: An Empirical Study
摘要
Automated machineMachine learning learningAutomated machine learning (AutoML) has emerged as a promising paradigm for automating machine learningMachine learning (ML) pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML frameworks across 11 publicly available cybersecurity datasetsDataset, spanning intrusion detection, malware classification, phishing, fraud detection, and spam filtering. Results show substantial performancePerformance variability across tools and datasetsDataset, with no single solution consistently superior. A paradigm shift is observed: the challenge has moved from selecting individual ML models to identifying the most suitable AutoML framework, complicated by differences in runtime efficiency, automation capabilities, and supported features. AutoML tools frequently favor tree-based models, which perform well but risk overfitting and limit interpretability. Key challenges identified include adversarial vulnerability, model drift, and inadequate feature engineering. We conclude with best practices and research directions to strengthen robustness, interpretability, and trust in AutoML for high-stakes cybersecurity applications.