Skip to main content
SpringerLink
Log in

Interpreting Intrusions - The Role of Explainability in AI-Based Intrusion Detection Systems

  • Conference paper
  • First Online:
Progress on Pattern Classification, Image Processing and Communications (CORES 2023, IP&C 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 766))

  • 59 Accesses

Abstract

Machine learning has become a key component of the effective detection of network intrusions. Yet, it comes with the lack of transparency - an issue which can be mitigated with the employment of explainable AI techniques. In this paper, the crucial role of explainability in intrusion detection is discussed, along with its benefits and drawbacks, followed by presenting and comparing the results of four main explainability techniques applied to an intrusion detection system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 2016), pp. 265–283 (2016)

    Google Scholar 

  2. Capuano, N., Fenza, G., Loia, V., Stanzione, C.: Explainable artificial intelligence in cybersecurity: a survey. IEEE Access 10, 93575–93600 (2022). https://doi.org/10.1109/ACCESS.2022.3204171

    Article  Google Scholar 

  3. Doshi-Velez, F., Kim, B.: Towards a rigorous science of interpretable machine learning (2017). http://arxiv.org/abs/1702.08608

  4. Gunning, D., Stefik, M., Choi, J., Miller, T., Stumpf, S., Yang, G.Z.: XAI-Explainable artificial intelligence. Sci. Rob. 4(37) (2019). https://doi.org/10.1126/scirobotics.aay7120

  5. Gurumoorthy, K.S., Dhurandhar, A., Cecchi, G., Aggarwal, C.: Efficient data representation by selecting prototypes with importance weights. In: 2019 IEEE International Conference on Data Mining (ICDM), pp. 260–269. IEEE (2019)

    Google Scholar 

  6. Li, L., Jamieson, K., DeSalvo, G., Rostamizadeh, A., Talwalkar, A.: Hyperband: a novel bandit-based approach to hyperparameter optimization. J. Mach. Learn. Res. 18(1), 6765–6816 (2017)

    MathSciNet  MATH  Google Scholar 

  7. Lundberg, S.M., Lee, S.I.: A unified approach to interpreting model predictions. In: Guyon, I., et al. (eds.) Advances in Neural Information Processing Systems, vol. 30. Curran Associates, Inc. (2017). https://proceedings.neurips.cc/paper_files/paper/2017/file/8a20a8621978632d76c43dfd28b67767-Paper.pdf

  8. Molnar, C.: Interpretable Machine Learning (Second Edition) A Guide for Making Black Box Models Explainable. Leanpub (2022). https://leanpub.com/interpretable-machine-learning

  9. Mothilal, R.K., Sharma, A., Tan, C.: Explaining machine learning classifiers through diverse counterfactual explanations. In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency, pp. 607–617 (2020)

    Google Scholar 

  10. Nwakanma, C.I., et al.: Explainable Artificial Intelligence (XAI) for intrusion detection and mitigation in intelligent connected vehicles: a review. Appl. Sci. 13(3), 1252 (2023). https://doi.org/10.3390/app13031252

  11. Pawlicki, M., Kozik, R., Choraś, M.: A survey on neural networks for (cyber-) security and (cyber-) security of neural networks. Neurocomputing 500, 1075–1087 (2022). https://doi.org/10.1016/j.neucom.2022.06.002

    Article  Google Scholar 

  12. Ribeiro, M., Singh, S., Guestrin, C.: Why should i trust you?: explaining the predictions of any classifier. In: 2016 Conference of the North American Chapter of the Association for Computational Linguistics: Demonstrations, San Diego (2016)

    Google Scholar 

  13. Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9

    Chapter  Google Scholar 

  14. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)

    Google Scholar 

  15. Sharma, D.K., Mishra, J., Singh, A., Govil, R., Srivastava, G., Lin, J.C.W.: Explainable artificial intelligence for cybersecurity. Comput. Electr. Eng. 103, 108356 (2022). https://doi.org/10.1016/j.compeleceng.2022.108356

    Article  Google Scholar 

  16. Yan, F., Wen, S., Nepal, S., Paris, C., Xiang, Y.: Explainable machine learning in cybersecurity: a survey. Int. J. Intell. Syst. 37(12), 12305–12334 (2022). https://doi.org/10.1002/int.23088

    Article  Google Scholar 

Download references

Acknowledgement

This research is funded under the Horizon 2020 Ai4Cyber Project, which has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No. 101070450

Author information

Authors and Affiliations

  1. ITTI, Poznań, Poland

    Marek Pawlicki, Aleksandra Pawlicka, Rafał Kozik & Michał Choraś

  2. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Marek Pawlicki, Mścisław Śrutek, Rafał Kozik & Michał Choraś

  3. University of Warsaw, Warsaw, Poland

    Aleksandra Pawlicka

Authors
  1. Marek Pawlicki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aleksandra Pawlicka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mścisław Śrutek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafał Kozik
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michał Choraś
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marek Pawlicki .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Robert Burduk

  2. University of Technology and Life Science, Bydgoszcz, Poland

    Michał Choraś

  3. University of Technology and Life Science, Bydgoszcz, Poland

    Rafał Kozik

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Paweł Ksieniewicz

  5. University of Technology and Life Science, Bydgoszcz, Poland

    Tomasz Marciniak

  6. Wrocław University of Science and Technology, Wrocław, Poland

    Paweł Trajdos

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pawlicki, M., Pawlicka, A., Śrutek, M., Kozik, R., Choraś, M. (2023). Interpreting Intrusions - The Role of Explainability in AI-Based Intrusion Detection Systems. In: Burduk, R., Choraś, M., Kozik, R., Ksieniewicz, P., Marciniak, T., Trajdos, P. (eds) Progress on Pattern Classification, Image Processing and Communications. CORES IP&C 2023 2023. Lecture Notes in Networks and Systems, vol 766. Springer, Cham. https://doi.org/10.1007/978-3-031-41630-9_5

Download citation

Publish with us

Policies and ethics

Search

Navigation