Explanation Framework for Intrusion Detection

Burkart, Nadia; Franz, Maximilian; Huber, Marco F.

doi:10.1007/978-3-662-62746-4_9

Cited by 4 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Burkart et al [103] proposes a similar application of counterfactuals on an explainable IDS framework. Here the goal of the system is to answer the question: Why did X happen and not Y?…”

Section: ) Perturbation Based Approachesmentioning

confidence: 99%

Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities

et al. 2022

View full text Add to dashboard Cite

The application of Artificial Intelligence (AI) and Machine Learning (ML) to cybersecurity challenges has gained traction in industry and academia, partially as a result of widespread malware attacks on critical systems such as cloud infrastructures and government institutions. Intrusion Detection Systems (IDS), using some forms of AI, have received widespread adoption due to their ability to handle vast amounts of data with a high prediction accuracy. These systems are hosted in the organizational Cyber Security Operation Center (CSoC) as a defense tool to monitor and detect malicious network flow that would otherwise impact the Confidentiality, Integrity, and Availability (CIA). CSoC analysts rely on these systems to make decisions about the detected threats. However, IDSs designed using Deep Learning (DL) techniques are often treated as black box models and do not provide a justification for their predictions. This creates a barrier for CSoC analysts, as they are unable to improve their decisions based on the model's predictions. One solution to this problem is to design explainable IDS (X-IDS). This survey reviews the state-of-the-art in explainable AI (XAI) for IDS, its current challenges, and discusses how these challenges span to the design of an X-IDS. In particular, we discuss black box and white box approaches comprehensively. We also present the tradeoff between these approaches in terms of their performance and ability to produce explanations. Furthermore, we propose a generic architecture that considers human-in-the-loop which can be used as a guideline when designing an X-IDS. Research recommendations are given from three critical viewpoints: the need to define explainability for IDS, the need to create explanations tailored to various stakeholders, and the need to design metrics to evaluate explanations.INDEX TERMS Explainable intrusion detection systems, explainable artificial intelligence, machine learning, deep learning, white box, black box, explainability, cybersecurity.

show abstract

“…Burkart et al [103] proposes a similar application of counterfactuals on an explainable IDS framework. Here the goal of the system is to answer the question: Why did X happen and not Y?…”

Section: ) Perturbation Based Approachesmentioning

confidence: 99%

Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Burkart et al [17] propose a framework to generate decision boundary centered explanations which come in form of surrogate models and counterfactuals. The goal is to find the local decision boundary for a given point and create a representation of the boundary with a simpler model.…”

Section: Related Workmentioning

confidence: 99%

A Step Towards Global Counterfactual Explanations: Approximating the Feature Space Through Hierarchical Division and Graph Search

Becker¹,

Burkart²,

Birnstill³

et al. 2021

AAIML

Self Cite

View full text Add to dashboard Cite

The field of Explainable Artificial Intelligence (XAI) tries to make learned models more understandable. One type of explanation for such models are counterfactual explanations. Counterfactual explanations explain the decision for a specific instance, the factual, by providing a similar instance which leads to a different decision, the counterfactual. In this work a new approaches around the idea of counterfactuals was developed. It generates a data structure over the feature space of a classification problem to accelerate the search for counterfactuals and augments them with global explanations. The approach maps the feature space by hierarchically dividing it into regions which belong to the same class. It is applicable in any case where predictions can be generated for input data, even without direct access to the model. The framework works well for lower-dimensional problems but becomes unpractical due to high computation times at around 12 to 15 dimensions.

show abstract

Leveraging Grad-CAM to Improve the Accuracy of Network Intrusion Detection Systems

et al. 2021

View full text Add to dashboard Cite

Explanation Framework for Intrusion Detection

Cited by 4 publications

References 9 publications

Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities

Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities

A Step Towards Global Counterfactual Explanations: Approximating the Feature Space Through Hierarchical Division and Graph Search

Leveraging Grad-CAM to Improve the Accuracy of Network Intrusion Detection Systems

Contact Info

Product

Resources

About