Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success

Itay Meiri; Ran Dubin; Amit Dvir; Chen Hajaj

doi:10.15439/2025F5708

Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success

Itay Meiri
, Ran Dubin
, Amit Dvir
, Chen Hajaj

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Recent advancements in Internet protocols, including DNS over HTTPS (DoH) and Encrypted Service Name Indicators (ESNI), are making traditional Deep Packet Inspection (DPI) engines obsolete. Consequently, there is a growing need for next-generation traffic classification using artificial intelligence (AI). While DPI automatically categorizes unknown traffic as 'other,' AI-based models cannot automatically handle unknown or Out-of-Distribution (OOD) traffic. AI models must effectively detect and classify OOD traffic to ensure robustness, reliability, and accuracy in real-world applications; however, current research often fails to address the challenges of OOD detection.In this paper, we evaluate various state-of-the-art OOD detection techniques for internet traffic classification and explore the drawbacks and advantages of using different threshold levels for the model's tolerance for OOD. Our findings reveal that varying rejection rates have distinct effects on OOD techniques, leading to a change in the optimal strategy for achieving dependable and precise detection across diverse OOD scenarios. We demonstrate that adjusting rejection rates from 10% to 30% can significantly improve the True Detection Rate (TDR) by up to 50%, while the False Detection Rate (FDR) may increase by less than 10%. Moreover, we emphasize that rejection-rate-based evaluation is pivotal for next-generation flow classification, promising a substantial reduction in FDR through rigorous methodological assessment.

Original language	English
Title of host publication	Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025
Editors	Marek Bolanowski, Maria Ganzha, Leszek A. Maciaszek, Leszek A. Maciaszek, Marcin Paprzycki, Dominik Slezak
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	345-350
Number of pages	6
Edition	2025
ISBN (Electronic)	9788397329164
DOIs	https://doi.org/10.15439/2025F5708
State	Published - 2025
Event	20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 - Krakow, Poland Duration: 14 Sep 2025 → 17 Sep 2025

Conference

Conference	20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025
Country/Territory	Poland
City	Krakow
Period	14/09/25 → 17/09/25

Keywords

Malware Detection
Out of Distribution
Traffic Classification

Access to Document

10.15439/2025F5708

Cite this

Meiri, I., Dubin, R., Dvir, A., & Hajaj, C. (2025). Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success. In M. Bolanowski, M. Ganzha, L. A. Maciaszek, L. A. Maciaszek, M. Paprzycki, & D. Slezak (Eds.), Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 (2025 ed., pp. 345-350). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.15439/2025F5708

Meiri, Itay ; Dubin, Ran ; Dvir, Amit et al. / Out-Of-Distribution Is Not Magic : The Clash Between Rejection Rate and Model Success. Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025. editor / Marek Bolanowski ; Maria Ganzha ; Leszek A. Maciaszek ; Leszek A. Maciaszek ; Marcin Paprzycki ; Dominik Slezak. 2025. ed. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 345-350

@inproceedings{304ab065ce4542178ee6d3c586aa500b,

title = "Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success",

abstract = "Recent advancements in Internet protocols, including DNS over HTTPS (DoH) and Encrypted Service Name Indicators (ESNI), are making traditional Deep Packet Inspection (DPI) engines obsolete. Consequently, there is a growing need for next-generation traffic classification using artificial intelligence (AI). While DPI automatically categorizes unknown traffic as 'other,' AI-based models cannot automatically handle unknown or Out-of-Distribution (OOD) traffic. AI models must effectively detect and classify OOD traffic to ensure robustness, reliability, and accuracy in real-world applications; however, current research often fails to address the challenges of OOD detection.In this paper, we evaluate various state-of-the-art OOD detection techniques for internet traffic classification and explore the drawbacks and advantages of using different threshold levels for the model's tolerance for OOD. Our findings reveal that varying rejection rates have distinct effects on OOD techniques, leading to a change in the optimal strategy for achieving dependable and precise detection across diverse OOD scenarios. We demonstrate that adjusting rejection rates from 10\% to 30\% can significantly improve the True Detection Rate (TDR) by up to 50\%, while the False Detection Rate (FDR) may increase by less than 10\%. Moreover, we emphasize that rejection-rate-based evaluation is pivotal for next-generation flow classification, promising a substantial reduction in FDR through rigorous methodological assessment.",

keywords = "Malware Detection, Out of Distribution, Traffic Classification",

author = "Itay Meiri and Ran Dubin and Amit Dvir and Chen Hajaj",

note = "Publisher Copyright: {\textcopyright} 2025 Polish Information Processing Society.; 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025 ; Conference date: 14-09-2025 Through 17-09-2025",

year = "2025",

doi = "10.15439/2025F5708",

language = "אנגלית",

pages = "345--350",

editor = "Marek Bolanowski and Maria Ganzha and Maciaszek, \{Leszek A.\} and Maciaszek, \{Leszek A.\} and Marcin Paprzycki and Dominik Slezak",

booktitle = "Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "ארצות הברית",

edition = "2025",

}

Meiri, I, Dubin, R , Dvir, A & Hajaj, C 2025, Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success. in M Bolanowski, M Ganzha, LA Maciaszek, LA Maciaszek, M Paprzycki & D Slezak (eds), Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025. 2025 edn, Institute of Electrical and Electronics Engineers Inc., pp. 345-350, 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025, Krakow, Poland, 14/09/25. https://doi.org/10.15439/2025F5708

Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success. / Meiri, Itay; Dubin, Ran ; Dvir, Amit et al.
Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025. ed. / Marek Bolanowski; Maria Ganzha; Leszek A. Maciaszek; Leszek A. Maciaszek; Marcin Paprzycki; Dominik Slezak. 2025. ed. Institute of Electrical and Electronics Engineers Inc., 2025. p. 345-350.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Out-Of-Distribution Is Not Magic

T2 - 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025

AU - Meiri, Itay

AU - Dubin, Ran

AU - Dvir, Amit

AU - Hajaj, Chen

PY - 2025

Y1 - 2025

N2 - Recent advancements in Internet protocols, including DNS over HTTPS (DoH) and Encrypted Service Name Indicators (ESNI), are making traditional Deep Packet Inspection (DPI) engines obsolete. Consequently, there is a growing need for next-generation traffic classification using artificial intelligence (AI). While DPI automatically categorizes unknown traffic as 'other,' AI-based models cannot automatically handle unknown or Out-of-Distribution (OOD) traffic. AI models must effectively detect and classify OOD traffic to ensure robustness, reliability, and accuracy in real-world applications; however, current research often fails to address the challenges of OOD detection.In this paper, we evaluate various state-of-the-art OOD detection techniques for internet traffic classification and explore the drawbacks and advantages of using different threshold levels for the model's tolerance for OOD. Our findings reveal that varying rejection rates have distinct effects on OOD techniques, leading to a change in the optimal strategy for achieving dependable and precise detection across diverse OOD scenarios. We demonstrate that adjusting rejection rates from 10% to 30% can significantly improve the True Detection Rate (TDR) by up to 50%, while the False Detection Rate (FDR) may increase by less than 10%. Moreover, we emphasize that rejection-rate-based evaluation is pivotal for next-generation flow classification, promising a substantial reduction in FDR through rigorous methodological assessment.

AB - Recent advancements in Internet protocols, including DNS over HTTPS (DoH) and Encrypted Service Name Indicators (ESNI), are making traditional Deep Packet Inspection (DPI) engines obsolete. Consequently, there is a growing need for next-generation traffic classification using artificial intelligence (AI). While DPI automatically categorizes unknown traffic as 'other,' AI-based models cannot automatically handle unknown or Out-of-Distribution (OOD) traffic. AI models must effectively detect and classify OOD traffic to ensure robustness, reliability, and accuracy in real-world applications; however, current research often fails to address the challenges of OOD detection.In this paper, we evaluate various state-of-the-art OOD detection techniques for internet traffic classification and explore the drawbacks and advantages of using different threshold levels for the model's tolerance for OOD. Our findings reveal that varying rejection rates have distinct effects on OOD techniques, leading to a change in the optimal strategy for achieving dependable and precise detection across diverse OOD scenarios. We demonstrate that adjusting rejection rates from 10% to 30% can significantly improve the True Detection Rate (TDR) by up to 50%, while the False Detection Rate (FDR) may increase by less than 10%. Moreover, we emphasize that rejection-rate-based evaluation is pivotal for next-generation flow classification, promising a substantial reduction in FDR through rigorous methodological assessment.

KW - Malware Detection

KW - Out of Distribution

KW - Traffic Classification

UR - https://www.scopus.com/pages/publications/105022312139

U2 - 10.15439/2025F5708

DO - 10.15439/2025F5708

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105022312139

SP - 345

EP - 350

BT - Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025

A2 - Bolanowski, Marek

A2 - Ganzha, Maria

A2 - Maciaszek, Leszek A.

A2 - Paprzycki, Marcin

A2 - Slezak, Dominik

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 14 September 2025 through 17 September 2025

ER -

Meiri I, Dubin R , Dvir A , Hajaj C. Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success. In Bolanowski M, Ganzha M, Maciaszek LA, Maciaszek LA, Paprzycki M, Slezak D, editors, Proceedings of the 20th Conference on Computer Science and Intelligence Systems, FedCSIS 2025. 2025 ed. Institute of Electrical and Electronics Engineers Inc. 2025. p. 345-350 doi: 10.15439/2025F5708

Out-Of-Distribution Is Not Magic: The Clash Between Rejection Rate and Model Success

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this