Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An Interpretable Generalization Mechanism for Accurately Detecting Anomaly and Identifying Networking Intrusion Techniques (2403.07959v2)

Published 12 Mar 2024 in cs.CR and cs.AI

Abstract: Recent advancements in Intrusion Detection Systems (IDS), integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE)=0.93, Recall (REC)=0.94, and Area Under Curve (AUC)=0.94 in NSL-KDD; PRE=0.98, REC=0.99, and AUC=0.99 in UNSW-NB15; and PRE=0.98, REC=0.98, and AUC=0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC=1.0 and at least PRE=0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC=1.0 and at least PRE=0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. Federal Bureau of Investigation. Internet crime report 2021. https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf, 2021. Accessed: 25-Apr-2022.
  2. A.A. F. Presse. Global cost of cybercrime topped $6 trillion in 2021: Defence firm, 2022. Accessed: 13-May-2022.
  3. An effective intrusion detection approach using svm with naïve bayes feature embedding. Computers & Security, 103:102158, 2021.
  4. Outlier dirichlet mixture mechanism: Adversarial statistical learning for anomaly detection in the fog. IEEE Transactions on Information Forensics and Security, 14(8):1975–1987, 2019.
  5. An online offline framework for anomaly scoring and detecting new traffic in network streams. IEEE Transactions on Knowledge and Data Engineering, 34(11):5166–5181, 2021.
  6. Explainable ai (xai): Core ideas, techniques, and solutions. ACM Computing Surveys, 55(9):1–33, 2023.
  7. Explainable intrusion detection for cyber defences in the internet of things: Opportunities and solutions. IEEE Communications Surveys & Tutorials, 2023.
  8. Adversarial xai methods in cybersecurity. IEEE Transactions on Information Forensics and Security, 16:4924–4938, 2021.
  9. Intelligent approach to build a deep neural network based ids for cloud environment using combination of machine learning algorithms. Computers & Security, 86:291–317, 2019.
  10. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security, 92:101752, 2020.
  11. Roulette: A neural attention multi-output model for explainable network intrusion detection. Expert Systems with Applications, 201:117144, 2022.
  12. An explainable deep learning framework for resilient intrusion detection in iot-enabled transportation networks. IEEE Transactions on Intelligent Transportation Systems, 24(1):1000–1014, 2022.
  13. Detection of adversarial attacks in ai-based intrusion detection systems using explainable ai. Human-Centric Comput Inform Sci, 11, 2021.
  14. An explainable deep learning-enabled intrusion detection framework in iot networks. Information Sciences, 639:119000, 2023.
  15. Cybertrust: From explainable to actionable and interpretable artificial intelligence. Computer, 53(9):91–96, 2020.
  16. Explainable analytics: understanding causes, correcting errors, and achieving increasingly perfect accuracy from the nature of distinguishable patterns. Scientific Reports, 12(1):18368, 2022.
  17. Corrcorr: A feature selection method for multivariate correlation network anomaly detection techniques. Computers & Security, 83:234–245, 2019.
  18. Designing an efficient security framework for detecting intrusions in virtual network of cloud computing. Computers & Security, 85:402–422, 2019.
  19. Model of the intrusion detection system based on the integration of spatial-temporal features. Computers & Security, 89:101681, 2020.
  20. An improved rule induction based denial of service attacks classification model. Computers & Security, 99:102008, 2020.
  21. Mga-ids: Optimal feature subset selection for anomaly detection framework on in-vehicle networks-can bus based on genetic algorithm and intrusion detection approach. Computers & Security, 118:102717, 2022.
  22. Intrusion detection methods based on integrated deep learning model. Computers & Security, 103:102177, 2021.
  23. An adaptive method and a new dataset, ukm-ids20, for the network intrusion detection system. Computer Communications, 180:57–76, 2021.
  24. Provenance-based intrusion detection systems: A survey. ACM Computing Surveys, 55(7):1–36, 2022.
  25. A detailed analysis of the kdd cup 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6. IEEE, 2009.
  26. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6. IEEE, 2015.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets