Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions

IF 34.4 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Communications Surveys and Tutorials Pub Date : 2023-03-26 DOI:10.1109/COMST.2023.3280465

Nour Moustafa;Nickolaos Koroniotis;Marwa Keshk;Albert Y. Zomaya;Zahir Tari

{"title":"Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions","authors":"Nour Moustafa;Nickolaos Koroniotis;Marwa Keshk;Albert Y. Zomaya;Zahir Tari","doi":"10.1109/COMST.2023.3280465","DOIUrl":null,"url":null,"abstract":"The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and confidence to the inner workings of state-of-the-art deep learning models. However, XAI-enhanced cybersecurity measures in the Internet of Things (IoT) and its sub-domains, require further investigation to provide effective discovery of attack surfaces, their corresponding vectors, and interpretable justification of model outputs. Cyber defence involves operations conducted in the cybersecurity field supporting mission objectives to identify and prevent cyberattacks using various tools and techniques, including intrusion detection systems (IDS), threat intelligence and hunting, and intrusion prevention. In cyber defence, especially anomaly-based IDS, the emerging applications of deep learning models require the interpretation of the models’ architecture and the explanation of models’ prediction to examine how cyberattacks would occur. This paper presents a comprehensive review of XAI techniques for anomaly-based intrusion detection in IoT networks. Firstly, we review IDSs focusing on anomaly-based detection techniques in IoT and how XAI models can augment them to provide trust and confidence in their detections. Secondly, we review AI models, including machine learning (ML) and deep learning (DL), for anomaly detection applications and IoT ecosystems. Moreover, we discuss DL’s ability to effectively learn from large-scale IoT datasets, accomplishing high performances in discovering and interpreting security events. Thirdly, we demonstrate recent research on the intersection of XAI, anomaly-based IDS and IoT. Finally, we discuss the current challenges and solutions of XAI for security applications in the cyber defence perspective of IoT networks, revealing future research directions. By analysing our findings, new cybersecurity applications that require XAI models emerge, assisting decision-makers in understanding and explaining security events in compromised IoT networks.","PeriodicalId":55029,"journal":{"name":"IEEE Communications Surveys and Tutorials","volume":null,"pages":null},"PeriodicalIF":34.4000,"publicationDate":"2023-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Communications Surveys and Tutorials","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10136827/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 7

Abstract

The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and confidence to the inner workings of state-of-the-art deep learning models. However, XAI-enhanced cybersecurity measures in the Internet of Things (IoT) and its sub-domains, require further investigation to provide effective discovery of attack surfaces, their corresponding vectors, and interpretable justification of model outputs. Cyber defence involves operations conducted in the cybersecurity field supporting mission objectives to identify and prevent cyberattacks using various tools and techniques, including intrusion detection systems (IDS), threat intelligence and hunting, and intrusion prevention. In cyber defence, especially anomaly-based IDS, the emerging applications of deep learning models require the interpretation of the models’ architecture and the explanation of models’ prediction to examine how cyberattacks would occur. This paper presents a comprehensive review of XAI techniques for anomaly-based intrusion detection in IoT networks. Firstly, we review IDSs focusing on anomaly-based detection techniques in IoT and how XAI models can augment them to provide trust and confidence in their detections. Secondly, we review AI models, including machine learning (ML) and deep learning (DL), for anomaly detection applications and IoT ecosystems. Moreover, we discuss DL’s ability to effectively learn from large-scale IoT datasets, accomplishing high performances in discovering and interpreting security events. Thirdly, we demonstrate recent research on the intersection of XAI, anomaly-based IDS and IoT. Finally, we discuss the current challenges and solutions of XAI for security applications in the cyber defence perspective of IoT networks, revealing future research directions. By analysing our findings, new cybersecurity applications that require XAI models emerge, assisting decision-makers in understanding and explaining security events in compromised IoT networks.

查看原文本刊更多论文

物联网网络防御的可解释入侵检测:机遇与解决方案

近年来，可解释人工智能(XAI)领域获得了相当多的研究关注，旨在为最先进的深度学习模型的内部工作提供可解释性和信心。然而，在物联网(IoT)及其子领域中，xai增强的网络安全措施需要进一步调查，以提供有效的攻击面发现，其相应的向量，以及模型输出的可解释理由。网络防御涉及在网络安全领域开展的行动，支持使用各种工具和技术识别和防止网络攻击的任务目标，包括入侵检测系统(IDS)、威胁情报和狩猎以及入侵防御。在网络防御中，特别是基于异常的入侵防御中，深度学习模型的新兴应用需要对模型的架构进行解释，并对模型的预测进行解释，以检查网络攻击将如何发生。本文全面回顾了用于物联网网络中基于异常的入侵检测的XAI技术。首先，我们回顾了专注于物联网中基于异常的检测技术的ids，以及XAI模型如何增强它们以提供对其检测的信任和信心。其次，我们回顾了人工智能模型，包括机器学习(ML)和深度学习(DL)，用于异常检测应用和物联网生态系统。此外，我们还讨论了深度学习从大规模物联网数据集中有效学习的能力，从而在发现和解释安全事件方面实现高性能。第三，我们展示了最近关于XAI，基于异常的IDS和物联网交叉的研究。最后，我们从物联网网络防御的角度讨论了当前XAI在安全应用中的挑战和解决方案，揭示了未来的研究方向。通过分析我们的发现，需要XAI模型的新网络安全应用出现了，帮助决策者理解和解释受损物联网网络中的安全事件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Communications Surveys and Tutorials COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

80.20

自引率

2.50%

发文量

审稿时长

6 months

期刊介绍： IEEE Communications Surveys & Tutorials is an online journal published by the IEEE Communications Society for tutorials and surveys covering all aspects of the communications field. Telecommunications technology is progressing at a rapid pace, and the IEEE Communications Society is committed to providing researchers and other professionals the information and tools to stay abreast. IEEE Communications Surveys and Tutorials focuses on integrating and adding understanding to the existing literature on communications, putting results in context. Whether searching for in-depth information about a familiar area or an introduction into a new area, IEEE Communications Surveys & Tutorials aims to be the premier source of peer-reviewed, comprehensive tutorials and surveys, and pointers to further sources. IEEE Communications Surveys & Tutorials publishes only articles exclusively written for IEEE Communications Surveys & Tutorials and go through a rigorous review process before their publication in the quarterly issues. A tutorial article in the IEEE Communications Surveys & Tutorials should be designed to help the reader to become familiar with and learn something specific about a chosen topic. In contrast, the term survey, as applied here, is defined to mean a survey of the literature. A survey article in IEEE Communications Surveys & Tutorials should provide a comprehensive review of developments in a selected area, covering its development from its inception to its current state and beyond, and illustrating its development through liberal citations from the literature. Both tutorials and surveys should be tutorial in nature and should be written in a style comprehensible to readers outside the specialty of the article.