Explainable AI supported hybrid deep learnig method for layer 2 intrusion detection

IF 5 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Egyptian Informatics Journal Pub Date : 2025-03-22 DOI:10.1016/j.eij.2025.100669

Ilhan Firat Kilincer

{"title":"Explainable AI supported hybrid deep learnig method for layer 2 intrusion detection","authors":"Ilhan Firat Kilincer","doi":"10.1016/j.eij.2025.100669","DOIUrl":null,"url":null,"abstract":"<div><div>With rapidly developing technology, digitalization environments are also expanding. Although this situation has many positive effects on daily life, the security vulnerabilities brought about by digitalization continue to be a major concern. There is a large network structure behind many applications provided to users by organizations. A substantial network infrastructure exists behind numerous applications made available to users by organisations. It is imperative that these extensive network infrastructures, which often contain sensitive data including personal, commercial, financial and security information, possess the capability to impede cyberattacks. This study proposes the creation of a Comprehensive Layer 2 − IDS (CL2-IDS) dataset for the development of IDS systems utilised in the local network structures of organisations, in conjunction with a hybrid deep learning (DL) model for the detection of attack vectors in the proposed dataset. The proposed hybrid model is obtained by using CNN (Convolutional Neural Networks) and Bi-LSTM (Bidirectional Long Short-Term Memory) models, which are widely used in areas such as image analysis and time series data. The proposed hybrid DL model achieved an accuracy of 95.28% in the classification of the CL2-IDS dataset. It is observed that the combination of these two deep learning models, which complement each other in various ways, yields successful results in the classification of the proposed CL2-IDS dataset. In the last part of the study, the effect of the features in the CL2-IDS dataset on the classification is interpreted with SHapley Additive exPlanations (SHAP), an Explainable Artificial Intelligence (XAI) method. The study, CL2-IDS dataset and hybrid DL model, combinations of CNN and Bi-LSTM algorithms, facilitates the intrusion detection and exemplifies how DL models and XAI techniques can be used to support IDS systems.</div></div>","PeriodicalId":56010,"journal":{"name":"Egyptian Informatics Journal","volume":"30 ","pages":"Article 100669"},"PeriodicalIF":5.0000,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Egyptian Informatics Journal","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110866525000623","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

With rapidly developing technology, digitalization environments are also expanding. Although this situation has many positive effects on daily life, the security vulnerabilities brought about by digitalization continue to be a major concern. There is a large network structure behind many applications provided to users by organizations. A substantial network infrastructure exists behind numerous applications made available to users by organisations. It is imperative that these extensive network infrastructures, which often contain sensitive data including personal, commercial, financial and security information, possess the capability to impede cyberattacks. This study proposes the creation of a Comprehensive Layer 2 − IDS (CL2-IDS) dataset for the development of IDS systems utilised in the local network structures of organisations, in conjunction with a hybrid deep learning (DL) model for the detection of attack vectors in the proposed dataset. The proposed hybrid model is obtained by using CNN (Convolutional Neural Networks) and Bi-LSTM (Bidirectional Long Short-Term Memory) models, which are widely used in areas such as image analysis and time series data. The proposed hybrid DL model achieved an accuracy of 95.28% in the classification of the CL2-IDS dataset. It is observed that the combination of these two deep learning models, which complement each other in various ways, yields successful results in the classification of the proposed CL2-IDS dataset. In the last part of the study, the effect of the features in the CL2-IDS dataset on the classification is interpreted with SHapley Additive exPlanations (SHAP), an Explainable Artificial Intelligence (XAI) method. The study, CL2-IDS dataset and hybrid DL model, combinations of CNN and Bi-LSTM algorithms, facilitates the intrusion detection and exemplifies how DL models and XAI techniques can be used to support IDS systems.

查看原文本刊更多论文

可解释的人工智能支持的混合深度学习方法用于第二层入侵检测

随着技术的快速发展，数字化环境也在不断扩大。尽管这种情况对日常生活有许多积极的影响，但数字化带来的安全漏洞仍然是一个主要问题。组织向用户提供的许多应用程序背后都有一个庞大的网络结构。在组织向用户提供的众多应用程序背后，存在着大量的网络基础设施。这些广泛的网络基础设施通常包含个人、商业、金融和安全信息等敏感数据，因此必须具备阻止网络攻击的能力。本研究建议创建一个综合的第2层-IDS （CL2-IDS）数据集，用于开发在组织的本地网络结构中使用的IDS系统，并结合混合深度学习（DL）模型，用于检测所提议数据集中的攻击向量。该混合模型采用卷积神经网络（CNN）和双向长短期记忆（Bi-LSTM）模型，这两种模型广泛应用于图像分析和时间序列数据等领域。该混合深度学习模型对CL2-IDS数据集的分类准确率达到95.28%。可以观察到，这两种深度学习模型以各种方式相互补充，结合在一起，在提出的CL2-IDS数据集的分类中产生了成功的结果。最后，利用可解释人工智能（Explainable Artificial Intelligence， XAI）方法SHapley Additive exPlanations （SHAP）解释CL2-IDS数据集中特征对分类的影响。CL2-IDS数据集和混合深度学习模型，结合CNN和Bi-LSTM算法，促进了入侵检测，并举例说明了如何使用深度学习模型和XAI技术来支持IDS系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Egyptian Informatics Journal Decision Sciences-Management Science and Operations Research

CiteScore

11.10

自引率

1.90%

发文量

审稿时长

110 days

期刊介绍： The Egyptian Informatics Journal is published by the Faculty of Computers and Artificial Intelligence, Cairo University. This Journal provides a forum for the state-of-the-art research and development in the fields of computing, including computer sciences, information technologies, information systems, operations research and decision support. Innovative and not-previously-published work in subjects covered by the Journal is encouraged to be submitted, whether from academic, research or commercial sources.