Explainable machine learning in cybersecurity: A survey

Yan, Feixue; Wen, Sheng; Nepal, Surya; Paris, Cécile; Xiang, Yang

doi:10.1002/int.23088

Cited by 12 publications

(2 citation statements)

References 106 publications

(196 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Kemudian dalam penelitian (Ahmetoglu & Das, 2022) dijelaskan juga berbagai teknik ML yaitu deep learning, ensemble, rule system, bayesian, regression, dimensionality reduction, decision tree, instance based, dan clustering. Sedangkan, penelitian (Yan et al, 2022) (Laqtib et al, 2020). Dataset DARPA 1998, KDD CUP 99, NSL-KDD, CIC IDS 2017, CSE-CIC-IDS2018, ADFA 2013, dan UNSW-NB15 juga disebutkan dalam penelitian (Yadav et al, 2020).…”

Section: Hasil Dan Analisis Dari Setiap Research Questionunclassified

Survei Penelitian Metode Kecerdasan Buatan untuk Mendeteksi Ancaman Teknologi Serangan Siber

Fitria,

Mutijarsa

2023

JTIIK

View full text Add to dashboard Cite

Keamanan siber merupakan isu penting di era modern seperti sekarang ini. Serangan siber yang semakin beragam terus bermunculan. Teknik dan metode baru machine learning dan deep learning terus dikembangkan oleh banyak peneliti untuk menangani serangan siber. Selain teknik baru, berbagai jenis dataset baru terkait serangan siber juga turut berkembang. Permasalahan muncul ketika banyaknya teknik atau metode yang ada belum tentu tepat menangani berbagai jenis serangan siber. Begitupun sebaliknya, belum tentu berbagai jenis serangan siber dapat ditangani hanya dengan menggunakan teknik atau metode tertentu saja. Tujuan penelitian ini adalah memetakan teknik-teknik dan metode kecerdasan buatan untuk mendeteksi ancaman teknologi serangan siber dalam bentuk Systematic Literature Review (SLR). Pada penelitian ini teknik dan metode machine learning maupun deep learning dievaluasi untuk dapat menangani jenis serangan siber tertentu dengan tepat. Berbagai dataset yang dapat digunakan untuk eksperimen juga dieksplorasi. Jenis serangan siber yang dibahas pada penelitian ini difokuskan jenis serangan pada sistem host dan serangan pada lapisan keamanan jaringan. Pada penelitian SLR sebelumnya, hal-hal tersebut dibahas secara terpisah atau bahkan salah satunya saja sehingga dalam penelitian ini perlu dibangun kembali SLR yang bisa mengisi kekurangan pada penelitian SLR sebelumnya. Originalitas penelitian ini terletak pada analisis teknik atau metode kecerdasan buatan yang secara spesifik tepat untuk menangani jenis serangan siber tertentu. Terdapat total 44 paper survei yang diulas, diterbitkan antara tahun 2018 hingga 2023. Dari keseluruhan paper tersebut, 30 paper membahas penggunaan teknk machine learning dan deep learning. Kemudian, 19 paper yang membahas penggunaan dataset dan 13 paper membahas peluang penelitian masa depan. Terakhir, 5 paper yang membahas terkait tools. Hasil dari penelitian ini diharapkan dapat berkontribusi dalam memberikan wawasan baru di dunia keamanan siber untuk membuka peluang penelitian masa depan, terutama bagi para peneliti pemula yang ingin melakukan riset di bidang keamanan siber. Abstract Cybersecurity is an essential issue in today's modern era. An increasingly diverse range of cyberattacks continues to emerge. Many researchers continue to develop new techniques and methods for machine learning and deep learning to deal with cyberattacks. In addition to new techniques, various types of new datasets related to cyberattacks are also developing. Problems arise when the many existing techniques or methods are not appropriate for dealing with various types of cyberattacks. Vice versa, it is not certain that various types of cyberattacks can be handled only using specific techniques or methods. This research aims to map the techniques and methods of artificial intelligence to detect cyber-attack technology threats in the form of a Systematic Literature Review (SLR). In this research, machine learning and deep learning techniques and methods are evaluated to be able to handle certain types of cyberattacks properly. Various datasets that can be used for experiments are also explored. The types of cyberattacks discussed in this study focus on attacks on the host system and the network security layer. In previous SLR research, these matters were discussed separately or even just one of them. In this study, it was necessary to rebuild the SLR, which could fill the deficiencies in the previous SLR research. The originality of this research lies in the analysis of artificial intelligence techniques or methods that are specifically appropriate for dealing with certain types of cyberattacks. A total of 44 reviewed survey papers were published between 2018 and 2023. Of all these, 30 papers discuss machine learning and deep learning techniques. Then, 19 papers examine the use of datasets, 13 papers discuss future research opportunities, and five papers discuss developing tools. The results of this research are expected to contribute to providing new insights into the world of cybersecurity to open future research opportunities, especially for novice researchers who wish to conduct research in the field of cybersecurity.

show abstract

Section: Hasil Dan Analisis Dari Setiap Research Questionunclassified

Survei Penelitian Metode Kecerdasan Buatan untuk Mendeteksi Ancaman Teknologi Serangan Siber

Fitria,

Mutijarsa

2023

JTIIK

View full text Add to dashboard Cite

show abstract

“…At present, the construction of the network security industry is basically realized around the three models, and the security product system is also formed as a result [3]. However, in-depth analysis of the current stage of network security product development at home and abroad is not difficult to find that, at present, there is no security product that can defend against all attacks, which makes the traditional network security protection concepts that have long been practiced, network security protection products there are some fundamental problems [4][5]. Traditional network security protection is in a system of hindsight and hindsight defense and threat defense through generic, specific feature rules; this hindsight and hindsight defense system and network security protection of real-time, forward-looking needs there is a certain contradiction [6].…”

Section: Introductionmentioning

confidence: 99%

Optimization of network security protection posture based on data clustering

Zhu

2024

Applied Mathematics and Nonlinear Sciences

View full text Add to dashboard Cite

This paper focuses on the challenges facing network security in the digital era and proposes a network security posture optimization method based on data clustering. Three mainstream network security models, namely, P2DR security operation and maintenance model, line defense model, and three-dimensional defense model, are analyzed, and the limitations of existing security products are pointed out. The application potential of big data technology in network security is emphasized, and a comprehensive technical process containing information extraction, posture modeling, security trend prediction, and security policy deployment is constructed. The ARMA model and reinforcement learning building model are introduced, and the improved K-means algorithm is proposed to address the shortcomings of traditional methods. Experiments are conducted using the DARPA2000 dataset, and the results show the enhanced algorithm’s significant improvement in clustering accuracy and stability, with a maximum threat value of about 160, demonstrating better stability and effectiveness than the traditional method. The posture value exceeds 500 in a specific period, highlighting the dynamic changes in network security and confirming the practicality and effectiveness of the technique. The results of this study provide new strategies and perspectives for network security protection, and have essential reference and guidance value for practical applications and future research.

show abstract

Fair XIDS: Ensuring fairness and transparency in intrusion detection models

Chinu,

Bansal

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryAn intrusion detection system (IDS) is valuable for detecting anomalies and unauthorized access to a system or network. Due to the black‐box nature of these IDS models, network experts need more trust in systems to act on alerts and transparency to understand the model's inner logic. Moreover, biased models' decisions affect the model performance and increase the false positive rates, directly affecting the model's accuracy. So, maintaining Transparency and Fairness simultaneously in IDS models is essential for accurate decision‐making. Existing methods face challenges of the tradeoff between fairness and accuracy, which also affects the reliability and robustness of the model. Motivated by these research gaps, we developed the Fair‐XIDS model. This model clarifies its internal logic with visual explanations and promotes fairness across its entire lifecycle. The Fair‐XIDS model successfully integrates complex transparency and fairness algorithms to address issues like Imbalanced datasets, algorithmic bias, and postprocessing bias with an average 85% reduction in false positive rate. To ensure reliability, the proposed model effectively mitigates the tradeoff between accuracy and fairness with an average of 90% accuracy and more than 85% fairness. The assessment results of the proposed model over diverse datasets and classifiers mark its model‐agnostic nature. Overall, the model achieves more than 85% consistency among diverse classifiers.

show abstract

Explainable machine learning in cybersecurity: A survey

Cited by 12 publications

References 106 publications

Survei Penelitian Metode Kecerdasan Buatan untuk Mendeteksi Ancaman Teknologi Serangan Siber

Survei Penelitian Metode Kecerdasan Buatan untuk Mendeteksi Ancaman Teknologi Serangan Siber

Optimization of network security protection posture based on data clustering

Fair XIDS: Ensuring fairness and transparency in intrusion detection models

Contact Info

Product

Resources

About