XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection Systems
-
Published:2024-05-14
Issue:10
Volume:14
Page:4170
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Arreche Osvaldo1ORCID, Guntur Tanish2ORCID, Abdallah Mustafa3ORCID
Affiliation:
1. Electrical and Computer Engineering Department, Purdue School of Engineering and Technology, Indiana University-Purdue University Indianapolis (IUPUI), Indianapolis, IN 46202, USA 2. Computer and Information Science Department, Indiana University-Purdue University Indianapolis (IUPUI), Indianapolis, IN 46202, USA 3. Computer and Information Technology Department, Purdue School of Engineering and Technology, Indiana University-Purdue University Indianapolis (IUPUI), Indianapolis, IN 46202, USA
Abstract
The exponential growth of network intrusions necessitates the development of advanced artificial intelligence (AI) techniques for intrusion detection systems (IDSs). However, the reliance on AI for IDSs presents several challenges, including the performance variability of different AI models and the opacity of their decision-making processes, hindering comprehension by human security analysts. In response, we propose an end-to-end explainable AI (XAI) framework tailored to enhance the interpretability of AI models in network intrusion detection tasks. Our framework commences with benchmarking seven black-box AI models across three real-world network intrusion datasets, each characterized by distinct features and challenges. Subsequently, we leverage various XAI models to generate both local and global explanations, shedding light on the underlying rationale behind the AI models’ decisions. Furthermore, we employ feature extraction techniques to discern crucial model-specific and intrusion-specific features, aiding in understanding the discriminative factors influencing the detection outcomes. Additionally, our framework identifies overlapping and significant features that impact multiple AI models, providing insights into common patterns across different detection approaches. Notably, we demonstrate that the computational overhead incurred by generating XAI explanations is minimal for most AI models, ensuring practical applicability in real-time scenarios. By offering multi-faceted explanations, our framework equips security analysts with actionable insights to make informed decisions for threat detection and mitigation. To facilitate widespread adoption and further research, we have made our source code publicly available, serving as a foundational XAI framework for IDSs within the research community.
Funder
Lilly Endowment Indiana University
Reference99 articles.
1. Northcutt, S., and Novak, J. (2002). Network Intrusion Detection, Sams Publishing. 2. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., and Ioannidis, S. (2008, January 15–17). Gnort: High performance network intrusion detection using graphics processors. Proceedings of the Recent Advances in Intrusion Detection: 11th International Symposium, RAID 2008, Cambridge, MA, USA. Proceedings 11. 3. Modeling realistic adversarial attacks against network intrusion detection systems;Apruzzese;Digit. Threat. Res. Pract. (DTRAP),2022 4. Wolsing, K., Wagner, E., Saillard, A., and Henze, M. (2022, January 26–28). IPAL: Breaking up silos of protocol-dependent and domain-specific industrial intrusion detection systems. Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, Limassol, Cyprus. 5. An overview of anomaly detection techniques: Existing solutions and latest technological trends;Patcha;Comput. Netw.,2007
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|