Related papers: Explainable AI for Enhancing IDS Against Advanced Persistent Kill Chain

Explainable AI for Enhancing IDS Against Advanced Persistent Kill Chain

URL: http://arxiv.org/abs/2506.07480v1
Date: Mon, 09 Jun 2025 06:54:12 GMT
Title: Explainable AI for Enhancing IDS Against Advanced Persistent Kill Chain
Authors: Bassam Noori Shaker, Bahaa Al-Musawi, Mohammed Falih Hassan,
Abstract summary: This work proposes a feature selection and classification model that integrates two prominent machine learning algo-rithms.<n>The aim is to develop lightweight IDS based on a selected minimum number of influential features for detecting APTs at various phases.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Advanced Persistent Threats (APTs) represent a sophisticated and persistent cy-bersecurity challenge, characterized by stealthy, multi-phase, and targeted attacks aimed at compromising information systems over an extended period. Develop-ing an effective Intrusion Detection System (IDS) capable of detecting APTs at different phases relies on selecting network traffic features. However, not all of these features are directly related to the phases of APTs. Some network traffic features may be unrelated or have limited relevance to identifying malicious ac-tivity. Therefore, it is important to carefully select and analyze the most relevant features to improve the IDS performance. This work proposes a feature selection and classification model that integrates two prominent machine learning algo-rithms: SHapley Additive exPlanations (SHAP) and Extreme Gradient Boosting (XGBoost). The aim is to develop lightweight IDS based on a selected minimum number of influential features for detecting APTs at various phases. The pro-posed method also specifies the relevant features for each phase of APTs inde-pendently. Extensive experimental results on the SCVIC-APT-2021 dataset indi-cated that our proposed approach has improved performance compared to other standard techniques. Specifically, both the macro-average F1-score and recall reached 94% and 93 %, respectively, while reducing the complexity of the detec-tion model by selecting only 12 features out of 77.

Related papers

A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method [0.0]
An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat.<n>We propose a feature selection method for developing a lightweight intrusion detection system.
arXiv Detail & Related papers (2025-06-13T09:07:56Z)
Improving Large Language Model Planning with Action Sequence Similarity [50.52049888490524]
In this work, we explore how to improve the model planning capability through in-context learning (ICL)<n>We propose GRASE-DC: a two-stage pipeline that first re-samples high AS exemplars and then curates the selected exemplars.<n>Our experimental result confirms that GRASE-DC achieves significant performance improvement on various planning tasks.
arXiv Detail & Related papers (2025-05-02T05:16:17Z)
A Study on the Importance of Features in Detecting Advanced Persistent Threats Using Machine Learning [6.144680854063938]
Advanced Persistent Threats (APTs) pose a significant security risk to organizations and industries.<n>Mitigating these sophisticated attacks is highly challenging due to the stealthy and persistent nature of APTs.<n>This paper aims to analyze measurements considered when recording network traffic and conclude which features contribute more to detecting APT samples.
arXiv Detail & Related papers (2025-02-11T03:06:03Z)
Enhanced Intrusion Detection in IIoT Networks: A Lightweight Approach with Autoencoder-Based Feature Learning [0.0]
Intrusion Detection Systems (IDS) are essential for identifying and preventing abnormal network behaviors and malicious activities.<n>This research implements six innovative approaches to enhance IDS performance, including leveraging an autoencoder for dimensional reduction.<n>We are the first to deploy our model on a Jetson Nano, achieving inference times of 0.185 ms for binary classification and 0.187 ms for multiclass classification.
arXiv Detail & Related papers (2025-01-25T16:24:18Z)
Optimized IoT Intrusion Detection using Machine Learning Technique [0.0]
Intrusion detection systems (IDSs) are essential for defending against a variety of attacks.<n>The functional and physical diversity of IoT IDS systems causes significant issues.<n>For peculiarity-based IDS, this study proposes and implements a novel component selection and extraction strategy.
arXiv Detail & Related papers (2024-12-03T21:23:54Z)
TAROT: Targeted Data Selection via Optimal Transport [64.56083922130269]
TAROT is a targeted data selection framework grounded in optimal transport theory.<n>Previous targeted data selection methods rely on influence-based greedys to enhance domain-specific performance.<n>We evaluate TAROT across multiple tasks, including semantic segmentation, motion prediction, and instruction tuning.
arXiv Detail & Related papers (2024-11-30T10:19:51Z)
TAPT: Test-Time Adversarial Prompt Tuning for Robust Inference in Vision-Language Models [53.91006249339802]
We propose a novel defense method called Test-Time Adversarial Prompt Tuning (TAPT) to enhance the inference robustness of CLIP against visual adversarial attacks. TAPT is a test-time defense method that learns defensive bimodal (textual and visual) prompts to robustify the inference process of CLIP. We evaluate the effectiveness of TAPT on 11 benchmark datasets, including ImageNet and 10 other zero-shot datasets.
arXiv Detail & Related papers (2024-11-20T08:58:59Z)
Detection-Rate-Emphasized Multi-objective Evolutionary Feature Selection for Network Intrusion Detection [21.104686670216445]
We propose DR-MOFS to model the feature selection problem in network intrusion detection as a three-objective optimization problem. In most cases, the proposed method can outperform previous methods, i.e., lead to fewer features, higher accuracy and detection rate.
arXiv Detail & Related papers (2024-06-13T14:42:17Z)
MKF-ADS: Multi-Knowledge Fusion Based Self-supervised Anomaly Detection System for Control Area Network [9.305680247704542]
Control Area Network (CAN) is an essential communication protocol that interacts between Electronic Control Units (ECUs) in the vehicular network. CAN is facing stringent security challenges due to innate security risks. We propose a self-supervised multi-knowledge fused anomaly detection model, called MKF-ADS.
arXiv Detail & Related papers (2024-03-07T07:40:53Z)
Spurious Feature Eraser: Stabilizing Test-Time Adaptation for Vision-Language Foundation Model [86.9619638550683]
Vision-language foundation models have exhibited remarkable success across a multitude of downstream tasks due to their scalability on extensive image-text paired data.<n>However, these models display significant limitations when applied to downstream tasks, such as fine-grained image classification, as a result of decision shortcuts''
arXiv Detail & Related papers (2024-03-01T09:01:53Z)
Model Stealing Attack against Graph Classification with Authenticity, Uncertainty and Diversity [80.16488817177182]
GNNs are vulnerable to the model stealing attack, a nefarious endeavor geared towards duplicating the target model via query permissions. We introduce three model stealing attacks to adapt to different actual scenarios.
arXiv Detail & Related papers (2023-12-18T05:42:31Z)
Adversarial Feature Augmentation and Normalization for Visual Recognition [109.6834687220478]
Recent advances in computer vision take advantage of adversarial data augmentation to ameliorate the generalization ability of classification models. Here, we present an effective and efficient alternative that advocates adversarial augmentation on intermediate feature embeddings. We validate the proposed approach across diverse visual recognition tasks with representative backbone networks.
arXiv Detail & Related papers (2021-03-22T20:36:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.