ABSTRACT
Intrusion Detection Systems (IDSs) play a major role in detecting suspicious activities and alerting users of potential malicious adversaries. Security operators investigate these alerts and attempt to mitigate the risks and damage. Many IDS-related studies have focused on improving detection accuracy and reducing false positives; however, the operators need to understand the rationale behind IDS engines issuing an alert. In contrast to conventional rule-based engines, machine-learning-based engines use a detection mechanism that is like a black box, i.e., it is not designed to indicate a rationale. % Explainable AI (XAI) techniques, which explain how the model derives decisions, have also been studied. In this paper, we introduce an explainable IDS (X-IDS) that copes with the well-used XAI techniques to ensure that the system can explain the decisions. To this end, we used local interpretable model-agnostic explanations and Shapley additive explanations, and we evaluated their differing characteristics. We proposed our explanation framework that consists of the variable importance plot, individual value plot, and partial dependence plot. Furthermore, we conclude by discussing future issues regarding better explainable IDS.
- AAG IT Service. 2023. The latest 2023 cyber crime statistics (updated may 2023). Retrieved May 10, 2023 from http://https://aag-it.com/the-latest-cybercrime-statistics/.Google Scholar
- Souradip Roy, Juan Li, Vikram Pandey, and Yan Bai. 2022. An explainable deep neural framework for trustworthy network intrusion detection. In 2022 10th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud). IEEE, 25--30.Google ScholarCross Ref
- Nour Moustafa. 2021. A new distributed architecture for evaluating ai-based security systems at the edge: network ton_iot datasets. Sustainable Cities and Society, 72, 102994.Google ScholarCross Ref
- Subash Neupane, Jesse Ables, William Anderson, Sudip Mittal, Shahram Rahimi, Ioana Banicescu, and Maria Seale. 2022. Explainable intrusion detection systems (x-ids): a survey of current methods, challenges, and opportunities. IEEE Access, 10, 112392--112415.Google ScholarCross Ref
- Maonan Wang, Kangfeng Zheng, Yanqing Yang, and Xiujuan Wang. 2020. An explainable machine learning framework for intrusion detection systems. IEEE Access, 8, 73127--73141.Google ScholarCross Ref
- Shruti Patil, Vijayakumar Varadarajan, Siddiqui Mohd Mazhar, Abdulwodood Sahibzada, Nihal Ahmed, Onkar Sinha, Satish Kumar, Kailash Shaw, and Ketan Kotecha. 2022. Explainable artificial intelligence for intrusion detection system. Electronics, 11, 19, 3079.Google ScholarCross Ref
- Sarhad Arisdakessian, Omar Abdel Wahab, Azzam Mourad, Hadi Otrok, and Mohsen Guizani. 2022. A survey on iot intrusion detection: federated learning, game theory, social psychology and explainable ai as future directions. IEEE Internet of Things Journal.Google Scholar
- Zhibo Zhang, Hussam Al Hamadi, Ernesto Damiani, Chan Yeob Yeun, and Fatma Taher. 2022. Explainable artificial intelligence applications in cyber security: state-of-the-art in research. IEEE Access.Google Scholar
- Marwa Keshk, Nickolaos Koroniotis, Nam Pham, Nour Moustafa, Benjamin Turnbull, and Albert Y Zomaya. 2023. An explainable deep learning-enabled intrusion detection framework in iot networks. Information Sciences, 119000.Google Scholar
- Pieter Barnard, Nicola Marchetti, and Luiz A DaSilva. 2022. Robust network intrusion detection through explainable artificial intelligence (xai). IEEE Networking Letters, 4, 3, 167--171.Google ScholarCross Ref
- Hampus Lundberg, Nishat I Mowla, Sarder Fakhrul Abedin, Kyi Thar, Aamir Mahmood, Mikael Gidlund, and Shahid Raza. 2022. Experimental analysis of trustworthy in-vehicle intrusion detection system using explainable artificial intelligence (xai). IEEE Access, 10, 102831--102841.Google ScholarCross Ref
- Fabien Charmet, Harry Chandra Tanuwidjaja, Solayman Ayoubi, Pierre-François Gimenez, Yufei Han, Houda Jmila, Gregory Blanc, Takeshi Takahashi, and Zonghua Zhang. 2022. Explainable artificial intelligence for cybersecurity: a literature survey. Annals of Telecommunications, 1--24.Google ScholarCross Ref
- Daniel L Marino, Chathurika S Wickramasinghe, and Milos Manic. 2018. An adversarial approach for explainable ai in intrusion detection systems. In IECON 2018--44th Annual Conference of the IEEE Industrial Electronics Society. IEEE, 3237--3243.Google ScholarCross Ref
- Basim Mahbooba, Mohan Timilsina, Radhya Sahal, and Martin Serrano. 2021. Explainable artificial intelligence (xai) to enhance trust management in intrusion detection systems using decision tree model. Complexity, 2021, 1--11.Google ScholarDigital Library
- Jesse Ables, Thomas Kirby, William Anderson, Sudip Mittal, Shahram Rahimi, Ioana Banicescu, and Maria Seale. 2022. Creating an explainable intrusion detection system using self organizing maps. arXiv preprint arXiv:2207.07465.Google Scholar
- Zakaria Abou El Houda, Bouziane Brik, and Lyes Khoukhi. 2022. "why should i trust your ids?": an explainable deep learning framework for intrusion detection systems in internet of things networks. IEEE Open Journal of the Communications Society, 3, 1164--1176.Google ScholarCross Ref
- Shraddha Mane and Dattaraj Rao. 2021. Explaining network intrusion detection system using explainable ai framework. arXiv preprint arXiv:2103.07110.Google Scholar
- Giuseppina Andresini, Annalisa Appice, Francesco Paolo Caforio, Donato Malerba, and Gennaro Vessio. 2022. Roulette: a neural attention multi-output model for explainable network intrusion detection. Expert Systems with Applications, 201, 117144.Google ScholarDigital Library
- Tiago Dias, Nuno Oliveira, Norberto Sousa, Isabel Praça, and Orlando Sousa. 2022. A hybrid approach for an interpretable and explainable intrusion detection system. In Intelligent Systems Design and Applications: 21st International Conference on Intelligent Systems Design and Applications (ISDA 2021) Held During December 13--15, 2021. Springer, 1035--1045.Google ScholarCross Ref
- Christoph Molnar. 2020. Interpretable machine learning. Lulu. com.Google Scholar
Index Terms
- Hybrid Explainable Intrusion Detection System: Global vs. Local Approach
Recommendations
Enhancing Intrusion Detection System with proximity information
Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly ...
Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
AbstractIntrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum developmentThis report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...
Comments