An Explainable Machine Learning-based Network Intrusion Detection System
for Enabling Generalisability in Securing IoT Networks
- URL: http://arxiv.org/abs/2104.07183v1
- Date: Thu, 15 Apr 2021 00:44:45 GMT
- Title: An Explainable Machine Learning-based Network Intrusion Detection System
for Enabling Generalisability in Securing IoT Networks
- Authors: Mohanad Sarhan, Siamak Layeghy, Marius Portmann
- Abstract summary: Machine Learning (ML)-based network intrusion detection systems bring many benefits for enhancing the security posture of an organisation.
Many systems have been designed and developed in the research community, often achieving a perfect detection rate when evaluated using certain datasets.
This paper tightens the gap by evaluating the generalisability of a common feature set to different network environments and attack types.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Machine Learning (ML)-based network intrusion detection systems bring many
benefits for enhancing the security posture of an organisation. Many systems
have been designed and developed in the research community, often achieving a
perfect detection rate when evaluated using certain datasets. However, the high
number of academic research has not translated into practical deployments.
There are a number of causes behind the lack of production usage. This paper
tightens the gap by evaluating the generalisability of a common feature set to
different network environments and attack types. Therefore, two feature sets
(NetFlow and CICFlowMeter) have been evaluated across three datasets, i.e.
CSE-CIC-IDS2018, BoT-IoT, and ToN-IoT. The results showed that the NetFlow
feature set enhances the two ML models' detection accuracy in detecting
intrusions across different datasets. In addition, due to the complexity of the
learning models, the SHAP, an explainable AI methodology, has been adopted to
explain and interpret the classification decisions of two ML models. The
Shapley values of the features have been analysed across multiple datasets to
determine the influence contributed by each feature towards the final ML
prediction.
Related papers
- Efficient Network Traffic Feature Sets for IoT Intrusion Detection [0.0]
This work evaluates the feature sets provided by a combination of different feature selection methods, namely Information Gain, Chi-Squared Test, Recursive Feature Elimination, Mean Absolute Deviation, and Dispersion Ratio, in multiple IoT network datasets.
The influence of the smaller feature sets on both the classification performance and the training time of ML models is compared, with the aim of increasing the computational efficiency of IoT intrusion detection.
arXiv Detail & Related papers (2024-06-12T09:51:29Z) - Systematic Evaluation of Deep Learning Models for Log-based Failure Prediction [3.3810628880631226]
This paper systematically investigates the combination of log data embedding strategies and Deep Learning (DL) types for failure prediction.
To that end, we propose a modular architecture to accommodate various configurations of embedding strategies and DL-based encoders.
Using the F1 score metric, our results show that the best overall performing configuration is a CNN-based encoder with Logkey2vec.
arXiv Detail & Related papers (2023-03-13T16:04:14Z) - Leveraging a Probabilistic PCA Model to Understand the Multivariate
Statistical Network Monitoring Framework for Network Security Anomaly
Detection [64.1680666036655]
We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view.
We have evaluated the mathematical model using two different datasets.
arXiv Detail & Related papers (2023-02-02T13:41:18Z) - Batch-Ensemble Stochastic Neural Networks for Out-of-Distribution
Detection [55.028065567756066]
Out-of-distribution (OOD) detection has recently received much attention from the machine learning community due to its importance in deploying machine learning models in real-world applications.
In this paper we propose an uncertainty quantification approach by modelling the distribution of features.
We incorporate an efficient ensemble mechanism, namely batch-ensemble, to construct the batch-ensemble neural networks (BE-SNNs) and overcome the feature collapse problem.
We show that BE-SNNs yield superior performance on several OOD benchmarks, such as the Two-Moons dataset, the FashionMNIST vs MNIST dataset, FashionM
arXiv Detail & Related papers (2022-06-26T16:00:22Z) - Feature Analysis for ML-based IIoT Intrusion Detection [0.0]
Powerful Machine Learning models have been adopted to implement Network Intrusion Detection Systems (NIDSs)
It is important to select the right set of data features, which maximise the detection accuracy as well as computational efficiency.
This paper provides an extensive analysis of the optimal feature sets in terms of the importance and predictive power of network attacks.
arXiv Detail & Related papers (2021-08-29T02:19:37Z) - Feature Extraction for Machine Learning-based Intrusion Detection in IoT
Networks [6.6147550436077776]
This paper aims to discover whether Feature Reduction (FR) and Machine Learning (ML) techniques can be generalised across various datasets.
The detection accuracy of three Feature Extraction (FE) algorithms; Principal Component Analysis (PCA), Auto-encoder (AE), and Linear Discriminant Analysis (LDA) is evaluated.
arXiv Detail & Related papers (2021-08-28T23:52:18Z) - Supervised Feature Selection Techniques in Network Intrusion Detection:
a Critical Review [9.177695323629896]
Machine Learning techniques are becoming an invaluable support for network intrusion detection.
Dealing with the vast diversity and number of features that typically characterize data traffic is a hard problem.
By reducing the feature space and retaining only the most significant features, Feature Selection (FS) becomes a crucial pre-processing step in network management.
arXiv Detail & Related papers (2021-04-11T08:42:01Z) - Anomaly Detection on Attributed Networks via Contrastive Self-Supervised
Learning [50.24174211654775]
We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks.
Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair.
A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
arXiv Detail & Related papers (2021-02-27T03:17:20Z) - TELESTO: A Graph Neural Network Model for Anomaly Classification in
Cloud Services [77.454688257702]
Machine learning (ML) and artificial intelligence (AI) are applied on IT system operation and maintenance.
One direction aims at the recognition of re-occurring anomaly types to enable remediation automation.
We propose a method that is invariant to dimensionality changes of given data.
arXiv Detail & Related papers (2021-02-25T14:24:49Z) - ReMarNet: Conjoint Relation and Margin Learning for Small-Sample Image
Classification [49.87503122462432]
We introduce a novel neural network termed Relation-and-Margin learning Network (ReMarNet)
Our method assembles two networks of different backbones so as to learn the features that can perform excellently in both of the aforementioned two classification mechanisms.
Experiments on four image datasets demonstrate that our approach is effective in learning discriminative features from a small set of labeled samples.
arXiv Detail & Related papers (2020-06-27T13:50:20Z) - One-Shot Object Detection without Fine-Tuning [62.39210447209698]
We introduce a two-stage model consisting of a first stage Matching-FCOS network and a second stage Structure-Aware Relation Module.
We also propose novel training strategies that effectively improve detection performance.
Our method exceeds the state-of-the-art one-shot performance consistently on multiple datasets.
arXiv Detail & Related papers (2020-05-08T01:59:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.