Enhancing intrusion detection performance using explainable ensemble deep learning

IF 3.5 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

PeerJ Computer Science Pub Date : 2024-09-13 DOI:10.7717/peerj-cs.2289

Chiheb Eddine Ben Ncir, Mohamed Aymen Ben HajKacem, Mohammed Alattas

{"title":"Enhancing intrusion detection performance using explainable ensemble deep learning","authors":"Chiheb Eddine Ben Ncir, Mohamed Aymen Ben HajKacem, Mohammed Alattas","doi":"10.7717/peerj-cs.2289","DOIUrl":null,"url":null,"abstract":"Given the exponential growth of available data in large networks, the need for an accurate and explainable intrusion detection system has become of high necessity to effectively discover attacks in such networks. To deal with this challenge, we propose a two-phase Explainable Ensemble deep learning-based method (EED) for intrusion detection. In the first phase, a new ensemble intrusion detection model using three one-dimensional long short-term memory networks (LSTM) is designed for an accurate attack identification. The outputs of three classifiers are aggregated using a meta-learner algorithm resulting in refined and improved results. In the second phase, interpretability and explainability of EED outputs are enhanced by leveraging the capabilities of SHape Additive exPplanations (SHAP). Factors contributing to the identification and classification of attacks are highlighted which allows security experts to understand and interpret the attack behavior and then implement effective response strategies to improve the network security. Experiments conducted on real datasets have shown the effectiveness of EED compared to conventional intrusion detection methods in terms of both accuracy and explainability. The EED method exhibits high accuracy in accurately identifying and classifying attacks while providing transparency and interpretability.","PeriodicalId":54224,"journal":{"name":"PeerJ Computer Science","volume":null,"pages":null},"PeriodicalIF":3.5000,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PeerJ Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.7717/peerj-cs.2289","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Given the exponential growth of available data in large networks, the need for an accurate and explainable intrusion detection system has become of high necessity to effectively discover attacks in such networks. To deal with this challenge, we propose a two-phase Explainable Ensemble deep learning-based method (EED) for intrusion detection. In the first phase, a new ensemble intrusion detection model using three one-dimensional long short-term memory networks (LSTM) is designed for an accurate attack identification. The outputs of three classifiers are aggregated using a meta-learner algorithm resulting in refined and improved results. In the second phase, interpretability and explainability of EED outputs are enhanced by leveraging the capabilities of SHape Additive exPplanations (SHAP). Factors contributing to the identification and classification of attacks are highlighted which allows security experts to understand and interpret the attack behavior and then implement effective response strategies to improve the network security. Experiments conducted on real datasets have shown the effectiveness of EED compared to conventional intrusion detection methods in terms of both accuracy and explainability. The EED method exhibits high accuracy in accurately identifying and classifying attacks while providing transparency and interpretability.

查看原文本刊更多论文

利用可解释集合深度学习提高入侵检测性能

考虑到大型网络中可用数据的指数级增长，我们亟需一种准确且可解释的入侵检测系统，以有效发现此类网络中的攻击行为。为应对这一挑战，我们提出了一种分两个阶段的基于可解释集合深度学习的入侵检测方法（EED）。在第一阶段，为了准确识别攻击，我们设计了一种使用三个一维长短期记忆网络（LSTM）的新型集合入侵检测模型。使用元学习算法对三个分类器的输出结果进行聚合，从而得到完善和改进的结果。在第二阶段，通过利用 SHape Additive exPplanations (SHAP) 的功能，提高了 EED 输出的可解释性和可说明性。有助于识别和分类攻击的因素得到了强调，从而使安全专家能够理解和解释攻击行为，进而实施有效的应对策略来提高网络安全性。在真实数据集上进行的实验表明，与传统的入侵检测方法相比，EED 在准确性和可解释性方面都非常有效。EED 方法在准确识别和分类攻击方面表现出很高的准确性，同时还提供了透明度和可解释性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

PeerJ Computer Science Computer Science-General Computer Science

CiteScore

6.10

自引率

5.30%

发文量

332

审稿时长

10 weeks

期刊介绍： PeerJ Computer Science is the new open access journal covering all subject areas in computer science, with the backing of a prestigious advisory board and more than 300 academic editors.