相信我的 IDS:基于深度学习的可解释人工智能集成工业网络透明威胁检测系统

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Shifa Shoukat , Tianhan Gao , Danish Javeed , Muhammad Shahid Saeed , Muhammad Adil
{"title":"相信我的 IDS:基于深度学习的可解释人工智能集成工业网络透明威胁检测系统","authors":"Shifa Shoukat ,&nbsp;Tianhan Gao ,&nbsp;Danish Javeed ,&nbsp;Muhammad Shahid Saeed ,&nbsp;Muhammad Adil","doi":"10.1016/j.cose.2024.104191","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial networks are vulnerable to various cyber threats that can compromise their Confidentiality, Integrity, and Availability (CIA). To counter the increasing frequency of such threats, we designed and developed an Explainable Artificial Intelligence (XAI) integrated Deep Learning (DL)-based threat detection system (XDLTDS). We first employ a Long-Short Term Memory-AutoEncoder (LSTM-AE) to encode IIoT data and mitigate inference attacks. Then, we introduce an Attention-based Gated Recurrent Unit (AGRU) with softmax for multiclass threat classification in IIoT networks. To address the black-box nature of DL-based IDS, we use the Shapley Additive Explanations (SHAP) mechanism to provide transparency and trust for the system’s decisions. This interpretation helps SOC analysts understand why specific events are flagged as malicious by the XDLTDS framework. Our approach reduces the risk of sensitive data and reputation loss. We also present a Software-Defined Networking (SDN)-based deployment architecture for the XDLTDS framework. Extensive experiments with the N-BaIoT, Edge-IIoTset, and CIC-IDS2017 datasets confirm the effectiveness of XDLTDS against existing frameworks in addressing modern cybersecurity challenges and protecting industrial networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"149 ","pages":"Article 104191"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks\",\"authors\":\"Shifa Shoukat ,&nbsp;Tianhan Gao ,&nbsp;Danish Javeed ,&nbsp;Muhammad Shahid Saeed ,&nbsp;Muhammad Adil\",\"doi\":\"10.1016/j.cose.2024.104191\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Industrial networks are vulnerable to various cyber threats that can compromise their Confidentiality, Integrity, and Availability (CIA). To counter the increasing frequency of such threats, we designed and developed an Explainable Artificial Intelligence (XAI) integrated Deep Learning (DL)-based threat detection system (XDLTDS). We first employ a Long-Short Term Memory-AutoEncoder (LSTM-AE) to encode IIoT data and mitigate inference attacks. Then, we introduce an Attention-based Gated Recurrent Unit (AGRU) with softmax for multiclass threat classification in IIoT networks. To address the black-box nature of DL-based IDS, we use the Shapley Additive Explanations (SHAP) mechanism to provide transparency and trust for the system’s decisions. This interpretation helps SOC analysts understand why specific events are flagged as malicious by the XDLTDS framework. Our approach reduces the risk of sensitive data and reputation loss. We also present a Software-Defined Networking (SDN)-based deployment architecture for the XDLTDS framework. Extensive experiments with the N-BaIoT, Edge-IIoTset, and CIC-IDS2017 datasets confirm the effectiveness of XDLTDS against existing frameworks in addressing modern cybersecurity challenges and protecting industrial networks.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"149 \",\"pages\":\"Article 104191\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004966\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004966","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

工业网络很容易受到各种网络威胁,这些威胁会破坏网络的机密性、完整性和可用性(CIA)。为了应对日益频繁的此类威胁,我们设计并开发了基于深度学习(DL)的可解释人工智能(XAI)集成威胁检测系统(XDLTDS)。我们首先采用长短期记忆自动编码器(LSTM-AE)对 IIoT 数据进行编码,减轻推理攻击。然后,我们引入了基于注意力的门控循环单元(AGRU)和软最大值(softmax),用于 IIoT 网络中的多类威胁分类。为了解决基于 DL 的 IDS 的黑箱性质,我们使用 Shapley Additive Explanations (SHAP) 机制为系统的决策提供透明度和信任度。这种解释可帮助 SOC 分析师理解特定事件被 XDLTDS 框架标记为恶意的原因。我们的方法降低了敏感数据和声誉损失的风险。我们还为 XDLTDS 框架提出了基于软件定义网络(SDN)的部署架构。利用 N-BaIoT、Edge-IIoTset 和 CIC-IDS2017 数据集进行的广泛实验证实,XDLTDS 在应对现代网络安全挑战和保护工业网络方面与现有框架相比非常有效。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks
Industrial networks are vulnerable to various cyber threats that can compromise their Confidentiality, Integrity, and Availability (CIA). To counter the increasing frequency of such threats, we designed and developed an Explainable Artificial Intelligence (XAI) integrated Deep Learning (DL)-based threat detection system (XDLTDS). We first employ a Long-Short Term Memory-AutoEncoder (LSTM-AE) to encode IIoT data and mitigate inference attacks. Then, we introduce an Attention-based Gated Recurrent Unit (AGRU) with softmax for multiclass threat classification in IIoT networks. To address the black-box nature of DL-based IDS, we use the Shapley Additive Explanations (SHAP) mechanism to provide transparency and trust for the system’s decisions. This interpretation helps SOC analysts understand why specific events are flagged as malicious by the XDLTDS framework. Our approach reduces the risk of sensitive data and reputation loss. We also present a Software-Defined Networking (SDN)-based deployment architecture for the XDLTDS framework. Extensive experiments with the N-BaIoT, Edge-IIoTset, and CIC-IDS2017 datasets confirm the effectiveness of XDLTDS against existing frameworks in addressing modern cybersecurity challenges and protecting industrial networks.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信