Explainability of Machine Learning in Intrusion Detection Systems
Primary Investigator:
Research Independant
Yujie Zhang, Xianshun Jiang Advised by Dr. Mohammad Noureddine
Abstract
With the proliferation of network security attacks, various kinds of intrusion detection systems have been invented and so as to deal with new emerging threats, machine learning techniques are widely used on network intrusion detection systems (NIDS). However, problems still exist for machine learning models in NIDS such as the existence of semantic gaps, shortcut learning, and the high cost of errors. In order to better understand and improve the model, we need to utilize the explainability of machine learning models. This paper provides the explainability of models from both local and global sides based on the CIC-Bell-DNS-EXF-2021 dataset, and uses shapely values, an idea from game theory, to help understand how features affect the prediction result. Besides, this paper also focuses on analyzing the distribution of SHAP values (SHapley Additive exPlanations) of different features and corresponding values in order to generate a formula, which gives weight to features and values, for the firewall rule to better detect the malicious incoming traffic.