Ben Ncir Chiheb Eddine, Ben HajKacem Mohamed Aymen, Alattas Mohammed
MIS Department, College of Business, University of Jeddah, Jeddah, Jeddah, Saudi Arabia.
LARODEC Lab, ISG Tunis, University of Tunis, Le Bardo, Tunis, Tunisia.
PeerJ Comput Sci. 2024 Sep 13;10:e2289. doi: 10.7717/peerj-cs.2289. eCollection 2024.
Given the exponential growth of available data in large networks, the need for an accurate and explainable intrusion detection system has become of high necessity to effectively discover attacks in such networks. To deal with this challenge, we propose a two-phase Explainable Ensemble deep learning-based method (EED) for intrusion detection. In the first phase, a new ensemble intrusion detection model using three one-dimensional long short-term memory networks (LSTM) is designed for an accurate attack identification. The outputs of three classifiers are aggregated using a meta-learner algorithm resulting in refined and improved results. In the second phase, interpretability and explainability of EED outputs are enhanced by leveraging the capabilities of SHape Additive exPplanations (SHAP). Factors contributing to the identification and classification of attacks are highlighted which allows security experts to understand and interpret the attack behavior and then implement effective response strategies to improve the network security. Experiments conducted on real datasets have shown the effectiveness of EED compared to conventional intrusion detection methods in terms of both accuracy and explainability. The EED method exhibits high accuracy in accurately identifying and classifying attacks while providing transparency and interpretability.
鉴于大型网络中可用数据呈指数级增长,为了在这类网络中有效发现攻击,对准确且可解释的入侵检测系统的需求变得极为迫切。为应对这一挑战,我们提出了一种基于可解释集成深度学习的两阶段方法(EED)用于入侵检测。在第一阶段,设计了一种使用三个一维长短期记忆网络(LSTM)的新型集成入侵检测模型,用于准确识别攻击。使用元学习算法聚合三个分类器的输出,从而得到优化和改进的结果。在第二阶段,通过利用SHapley值加法解释(SHAP)的功能来增强EED输出的可解释性和可说明性。突出了有助于攻击识别和分类的因素,这使安全专家能够理解和解释攻击行为,进而实施有效的应对策略以提高网络安全性。在真实数据集上进行的实验表明,与传统入侵检测方法相比,EED在准确性和可解释性方面均有效。EED方法在准确识别和分类攻击方面表现出高精度,同时提供透明度和可解释性。
