Enregistré dans:
Détails bibliographiques
Auteurs principaux: Mia, Maraz, Pritom, Mir Mehedi A., Islam, Tariqul, Hasan, Kamrul
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2411.02670
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866912105509158912
author Mia, Maraz
Pritom, Mir Mehedi A.
Islam, Tariqul
Hasan, Kamrul
author_facet Mia, Maraz
Pritom, Mir Mehedi A.
Islam, Tariqul
Hasan, Kamrul
contents Intrusion detection has been a commonly adopted detective security measures to safeguard systems and networks from various threats. A robust intrusion detection system (IDS) can essentially mitigate threats by providing alerts. In networks based IDS, typically we deal with cyber threats like distributed denial of service (DDoS), spoofing, reconnaissance, brute-force, botnets, and so on. In order to detect these threats various machine learning (ML) and deep learning (DL) models have been proposed. However, one of the key challenges with these predictive approaches is the presence of false positive (FP) and false negative (FN) instances. This FPs and FNs within any black-box intrusion detection system (IDS) make the decision-making task of an analyst further complicated. In this paper, we propose an explainable artificial intelligence (XAI) based visual analysis approach using overlapping SHAP plots that presents the feature explanation to identify potential false positive and false negatives in IDS. Our approach can further provide guidance to security analysts for effective decision-making. We present case study with multiple publicly available network traffic datasets to showcase the efficacy of our approach for identifying false positive and false negative instances. Our use-case scenarios provide clear guidance for analysts on how to use the visual analysis approach for reliable course-of-actions against such threats.
format Preprint
id arxiv_https___arxiv_org_abs_2411_02670
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Visually Analyze SHAP Plots to Diagnose Misclassifications in ML-based Intrusion Detection
Mia, Maraz
Pritom, Mir Mehedi A.
Islam, Tariqul
Hasan, Kamrul
Cryptography and Security
Machine Learning
Intrusion detection has been a commonly adopted detective security measures to safeguard systems and networks from various threats. A robust intrusion detection system (IDS) can essentially mitigate threats by providing alerts. In networks based IDS, typically we deal with cyber threats like distributed denial of service (DDoS), spoofing, reconnaissance, brute-force, botnets, and so on. In order to detect these threats various machine learning (ML) and deep learning (DL) models have been proposed. However, one of the key challenges with these predictive approaches is the presence of false positive (FP) and false negative (FN) instances. This FPs and FNs within any black-box intrusion detection system (IDS) make the decision-making task of an analyst further complicated. In this paper, we propose an explainable artificial intelligence (XAI) based visual analysis approach using overlapping SHAP plots that presents the feature explanation to identify potential false positive and false negatives in IDS. Our approach can further provide guidance to security analysts for effective decision-making. We present case study with multiple publicly available network traffic datasets to showcase the efficacy of our approach for identifying false positive and false negative instances. Our use-case scenarios provide clear guidance for analysts on how to use the visual analysis approach for reliable course-of-actions against such threats.
title Visually Analyze SHAP Plots to Diagnose Misclassifications in ML-based Intrusion Detection
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2411.02670