ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

XAI for intrusion detection system: comparing explanations based on global and local scope

Hariharan, S and Rejimol Robinson, RR and Prasad, RR and Thomas, C and Balakrishnan, N (2023) XAI for intrusion detection system: comparing explanations based on global and local scope. In: Journal of Computer Virology and Hacking Techniques, 19 (2). pp. 217-239.

[img] PDF
jou_com_vir_19-2_217-239_2023.pdf - Published Version
Restricted to Registered users only

Download (4MB) | Request a copy
Official URL: https://doi.org/10.1007/s11416-022-00441-2


Intrusion Detection System is a device or software in the field of cybersecurity that has become an essential tool in computer networks to provide a secured network environment. Machine Learning based IDS offers a self-learning solution and provides better performance when compared to traditional IDS. As the predictive performance of IDS is based on conflicting criteria, the underlying algorithms are becoming more complex and hence, less transparent. Explainable Artificial Intelligence is a set of frameworks that help to develop interpretable and inclusive machine learning models. In this paper, we use Permutation Importance, SHapley Additive exPlanation, Local Interpretable Model-Agnostic Explanation algorithms, Contextual Importance and Utility algorithms, covering both global and local scope of explanation to IDSs on Random Forest, eXtreme Gradient Boosting and Light Gradient Boosting machine learning models along with a comparison of explanations in terms of accuracy, consistency and stability. This comparison can help cyber security personnel to have a better understanding of the predictions of cyber-attacks in the network traffic. A case study focusing on DoS attack variants shows some useful insights on the impact of features in prediction performance.

Item Type: Journal Article
Publication: Journal of Computer Virology and Hacking Techniques
Publisher: Springer-Verlag Italia s.r.l.
Additional Information: The copyright for this article belongs to Springer-Verlag Italia s.r.l.
Keywords: Adaptive boosting; Cybersecurity; Decision trees; Denial-of-service attack; Intrusion detection; Machine learning; Network security, Contextual importance and utility; Cyber security; Intrusion Detection Systems; Lightgbm; Machine learning models; Permutation importance; RF; SHAP; XAI; Xgboost, Lime
Department/Centre: Division of Interdisciplinary Sciences > Supercomputer Education & Research Centre
Date Deposited: 14 Jun 2023 13:16
Last Modified: 14 Jun 2023 13:16
URI: https://eprints.iisc.ac.in/id/eprint/81924

Actions (login required)

View Item View Item