Investigating Feature Attribution for 5G Network Intrusion Detection

• URL: http://arxiv.org/abs/2509.10206v1
• Date: Fri, 12 Sep 2025 12:55:48 GMT
• Title: Investigating Feature Attribution for 5G Network Intrusion Detection
• Authors: Federica Uccello, Simin Nadjm-Tehrani,
• Abstract summary: We study two methods, SHAP and VoTE-XAI, by analyzing their interpretations of alerts generated by an XGBoost model.<n>We identify three metrics for assessing explanations: sparsity, how concise they are; stability, how consistent they are across samples from the same attack type.<n>We found a significant divergence between features selected by SHAP and VoTE-XAI. However, none of the top-ranked features selected by SHAP were missed by VoTE-XAI.
• Score: 2.406359246841227
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the rise of fifth-generation (5G) networks in critical applications, it is urgent to move from detection of malicious activity to systems capable of providing a reliable verdict suitable for mitigation. In this regard, understanding and interpreting machine learning (ML) models' security alerts is crucial for enabling actionable incident response orchestration. Explainable Artificial Intelligence (XAI) techniques are expected to enhance trust by providing insights into why alerts are raised. A dominant approach statistically associates feature sets that can be correlated to a given alert. This paper starts by questioning whether such attribution is relevant for future generation communication systems, and investigates its merits in comparison with an approach based on logical explanations. We extensively study two methods, SHAP and VoTE-XAI, by analyzing their interpretations of alerts generated by an XGBoost model in three different use cases with several 5G communication attacks. We identify three metrics for assessing explanations: sparsity, how concise they are; stability, how consistent they are across samples from the same attack type; and efficiency, how fast an explanation is generated. As an example, in a 5G network with 92 features, 6 were deemed important by VoTE-XAI for a Denial of Service (DoS) variant, ICMPFlood, while SHAP identified over 20. More importantly, we found a significant divergence between features selected by SHAP and VoTE-XAI. However, none of the top-ranked features selected by SHAP were missed by VoTE-XAI. When it comes to efficiency of providing interpretations, we found that VoTE-XAI is significantly more responsive, e.g. it provides a single explanation in under 0.002 seconds, in a high-dimensional setting (478 features).

Related papers

• Human-Centered Explainable AI for Security Enhancement: A Deep Intrusion Detection Framework [0.0]
  This paper presented a novel IDS framework that integrated Explainable Artificial Intelligence (XAI) to enhance transparency in deep learning models.<n>The framework was evaluated experimentally using the benchmark dataset NSL-KDD, demonstrating superior performance compared to traditional IDS and black-box deep learning models.
  arXiv  Detail & Related papers  (2026-02-04T20:33:27Z)
• Explainability Methods for Hardware Trojan Detection: A Systematic Comparison [0.0]
  This work compares three explainability categories for gate-level detection on the Trust-Hub benchmark.<n>Property-based analysis provides explanations through circuit concepts like "high fanin complexity near outputs indicates potential triggers"<n>Case-based reasoning achieves 97.4% correspondence between predictions and training trojans, offering justifications grounded in precedent.
  arXiv  Detail & Related papers  (2026-01-26T17:13:00Z)
• Explainable and Fine-Grained Safeguarding of LLM Multi-Agent Systems via Bi-Level Graph Anomaly Detection [76.91230292971115]
  Large language model (LLM)-based multi-agent systems (MAS) have shown strong capabilities in solving complex tasks.<n>XG-Guard is an explainable and fine-grained safeguarding framework for detecting malicious agents in MAS.
  arXiv  Detail & Related papers  (2025-12-21T13:46:36Z)
• PROVEX: Enhancing SOC Analyst Trust with Explainable Provenance-Based IDS [1.9336815376402718]
  This paper presents a comprehensive XAI framework designed to bridge the trust gap in Security Operations Centers (SOCs) by making graph-based detection transparent.<n>We implement this framework on top of KAIROS, a state-of-the-art temporal graph-based IDS, though our design is applicable to any temporal graph-based detector with minimal adaptation.
  arXiv  Detail & Related papers  (2025-12-20T03:45:21Z)
• Towards 6G Native-AI Edge Networks: A Semantic-Aware and Agentic Intelligence Paradigm [85.7583231789615]
  6G positions intelligence as a native network capability, transforming the design of radio access networks (RANs)<n>Within this vision, Semantic-native communication and agentic intelligence are expected to play central roles.<n>Agentic intelligence endows distributed RAN entities with goal-driven autonomy, reasoning, planning, and multi-agent collaboration.
  arXiv  Detail & Related papers  (2025-12-04T03:09:33Z)
• Diversity Boosts AI-Generated Text Detection [51.56484100374058]
  DivEye is a novel framework that captures how unpredictability fluctuates across a text using surprisal-based features.<n>Our method outperforms existing zero-shot detectors by up to 33.2% and achieves competitive performance with fine-tuned baselines.
  arXiv  Detail & Related papers  (2025-09-23T10:21:22Z)
• RepreGuard: Detecting LLM-Generated Text by Revealing Hidden Representation Patterns [50.401907401444404]
  Large language models (LLMs) are crucial for preventing misuse and building trustworthy AI systems.<n>We propose RepreGuard, an efficient statistics-based detection method.<n> Experimental results show that RepreGuard outperforms all baselines with average 94.92% AUROC on both in-distribution (ID) and OOD scenarios.
  arXiv  Detail & Related papers  (2025-08-18T17:59:15Z)
• Unifying VXAI: A Systematic Review and Framework for the Evaluation of Explainable AI [4.715895520943978]
  Explainable AI (XAI) addresses this issue by providing human-understandable explanations of model behavior.<n>Despite the growing number of XAI methods, the field lacks standardized evaluation protocols and consensus on appropriate metrics.<n>We introduce a unified framework for the eValuation of XAI (VXAI)
  arXiv  Detail & Related papers  (2025-06-18T12:25:37Z)
• Visual Agents as Fast and Slow Thinkers [88.1404921693082]
  We introduce FaST, which incorporates the Fast and Slow Thinking mechanism into visual agents.<n>FaST employs a switch adapter to dynamically select between System 1/2 modes.<n>It tackles uncertain and unseen objects by adjusting model confidence and integrating new contextual data.
  arXiv  Detail & Related papers  (2024-08-16T17:44:02Z)
• Critical Analysis of 5G Networks Traffic Intrusion using PCA, t-SNE and UMAP Visualization and Classifying Attacks [0.0]
  We use a recently published 5G traffic dataset, 5G-NIDD, to detect network traffic anomalies using machine and deep learning approaches. We reduce data dimensionality using mutual information and PCA techniques. We solve the class imbalance issue by inserting synthetic records of minority classes.
  arXiv  Detail & Related papers  (2023-12-08T06:43:19Z)
• HuntGPT: Integrating Machine Learning-Based Anomaly Detection and Explainable AI with Large Language Models (LLMs) [0.09208007322096533]
  We present HuntGPT, a specialized intrusion detection dashboard applying a Random Forest classifier. The paper delves into the system's architecture, components, and technical accuracy, assessed through Certified Information Security Manager (CISM) Practice Exams. The results demonstrate that conversational agents, supported by LLM and integrated with XAI, provide robust, explainable, and actionable AI solutions in intrusion detection.
  arXiv  Detail & Related papers  (2023-09-27T20:58:13Z)
• Deep Attention Recognition for Attack Identification in 5G UAV scenarios: Novel Architecture and End-to-End Evaluation [3.3253720226707992]
  Despite the robust security features inherent in the 5G framework, attackers will still discover ways to disrupt 5G unmanned aerial vehicle (UAV) operations. We propose Deep Attention Recognition (DAtR) as a solution to identify attacks based on a small deep network embedded in authenticated UAVs.
  arXiv  Detail & Related papers  (2023-03-03T17:10:35Z)
• Be Your Own Neighborhood: Detecting Adversarial Example by the Neighborhood Relations Built on Self-Supervised Learning [64.78972193105443]
  This paper presents a novel AE detection framework, named trustworthy for predictions. performs the detection by distinguishing the AE's abnormal relation with its augmented versions. An off-the-shelf Self-Supervised Learning (SSL) model is used to extract the representation and predict the label.
  arXiv  Detail & Related papers  (2022-08-31T08:18:44Z)
• Neuro-Symbolic Artificial Intelligence (AI) for Intent based Semantic Communication [85.06664206117088]
  6G networks must consider semantics and effectiveness (at end-user) of the data transmission. NeSy AI is proposed as a pillar for learning causal structure behind the observed data. GFlowNet is leveraged for the first time in a wireless system to learn the probabilistic structure which generates the data.
  arXiv  Detail & Related papers  (2022-05-22T07:11:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.