Chen Xuejiao, Liu Minyao, Wang Zixuan, Wang Yun
School of Communications, Nanjing Vocational College of Information Technology, Nanjing 210023, China.
School of Modern Posts, Nanjing University of Posts & Telecommunications, Nanjing 210003, China.
Sensors (Basel). 2024 Aug 12;24(16):5223. doi: 10.3390/s24165223.
With the rapid advancement of the Internet of Things, network security has garnered increasing attention from researchers. Applying deep learning (DL) has significantly enhanced the performance of Network Intrusion Detection Systems (NIDSs). However, due to its complexity and "black box" problem, deploying DL-based NIDS models in practical scenarios poses several challenges, including model interpretability and being lightweight. Feature selection (FS) in DL models plays a crucial role in minimizing model parameters and decreasing computational overheads while enhancing NIDS performance. Hence, selecting effective features remains a pivotal concern for NIDSs. In light of this, this paper proposes an interpretable feature selection method for encrypted traffic intrusion detection based on SHAP and causality principles. This approach utilizes the results of model interpretation for feature selection to reduce feature count while ensuring model reliability. We evaluate and validate our proposed method on two public network traffic datasets, CICIDS2017 and NSL-KDD, employing both a CNN and a random forest (RF). Experimental results demonstrate superior performance achieved by our proposed method.
随着物联网的快速发展,网络安全越来越受到研究人员的关注。应用深度学习(DL)显著提高了网络入侵检测系统(NIDS)的性能。然而,由于其复杂性和“黑箱”问题,在实际场景中部署基于DL的NIDS模型面临诸多挑战,包括模型可解释性和轻量级问题。DL模型中的特征选择(FS)在最小化模型参数、减少计算开销同时提高NIDS性能方面起着至关重要的作用。因此,选择有效特征仍然是NIDS的关键问题。鉴于此,本文提出了一种基于SHAP和因果关系原则的用于加密流量入侵检测的可解释特征选择方法。该方法利用模型解释结果进行特征选择,以减少特征数量同时确保模型可靠性。我们在两个公共网络流量数据集CICIDS2017和NSL-KDD上使用卷积神经网络(CNN)和随机森林(RF)对我们提出的方法进行评估和验证。实验结果表明我们提出的方法具有卓越的性能。
