Explainable Machine Learning for Intrusion Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F24%3A50021581" target="_blank" >RIV/62690094:18450/24:50021581 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-981-97-4677-4_11" target="_blank" >http://dx.doi.org/10.1007/978-981-97-4677-4_11</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-981-97-4677-4_11" target="_blank" >10.1007/978-981-97-4677-4_11</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Explainable Machine Learning for Intrusion Detection

Popis výsledku v původním jazyce

Intrusion detection systems (IDS) are essential tools to maintain robust cybersecurity. Machine learning (ML)-based IDS providespromising results. However, such IDS are recognized as black-box andlack trust and transparency. There is a limited number of explainableIDS (X-IDS). Moreover, several X-IDS used outdated datasets. Somepapers used deep neural network which is computationally expensive.This paper proposes lightweight tree-based X-IDS using a recent IDSdataset. We explore the effectiveness of explainable artificial intelligence(XAI) techniques in increasing ML-based IDS transparency. Four MLalgorithms are employed; viz. LightGBM, random forests, AdaBoost,and XGBoost; to classify a given network flow as benign or malicious.Network flows extracted from the CSE-CIC-IDS2018 dataset are used toevaluate the IDS models. The best F1-score results of 0.979 and 0.978are achieved with LightGBM and XGBoost, respectively. We use SHapleyAdditive exPlanations (SHAP) and Local Model-Agnostic Explanations(LIME) techniques to provide global and local explanations for predictions made by the LightGBM. The obtained explanations in the form ofgraphs provide measurable insights for cybersecurity experts regardingthe most important features that impact the detection of intrusions.

Název v anglickém jazyce

Explainable Machine Learning for Intrusion Detection

Popis výsledku anglicky

Intrusion detection systems (IDS) are essential tools to maintain robust cybersecurity. Machine learning (ML)-based IDS providespromising results. However, such IDS are recognized as black-box andlack trust and transparency. There is a limited number of explainableIDS (X-IDS). Moreover, several X-IDS used outdated datasets. Somepapers used deep neural network which is computationally expensive.This paper proposes lightweight tree-based X-IDS using a recent IDSdataset. We explore the effectiveness of explainable artificial intelligence(XAI) techniques in increasing ML-based IDS transparency. Four MLalgorithms are employed; viz. LightGBM, random forests, AdaBoost,and XGBoost; to classify a given network flow as benign or malicious.Network flows extracted from the CSE-CIC-IDS2018 dataset are used toevaluate the IDS models. The best F1-score results of 0.979 and 0.978are achieved with LightGBM and XGBoost, respectively. We use SHapleyAdditive exPlanations (SHAP) and Local Model-Agnostic Explanations(LIME) techniques to provide global and local explanations for predictions made by the LightGBM. The obtained explanations in the form ofgraphs provide measurable insights for cybersecurity experts regardingthe most important features that impact the detection of intrusions.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Lecture Notes in Artificial Intelligence, Theory and Applications

ISBN

978-981-9746-76-7

ISSN

0302-9743

e-ISSN

1611-3349

Počet stran výsledku

13

Strana od-do

122-134

Název nakladatele

Springer Nature

Místo vydání

Berlín

Místo konání akce

Hradec Králové, Czech Republic

Datum konání akce

10. 7. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001315630900011