Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

XAI-based Feature Selection for Improved Network Intrusion Detection Systems

Osvaldo Arreche, Tanish Guntur, Mustafa Abdallah

TL;DR

This work tackles the lack of interpretability in AI-based IDS by introducing an XAI-driven feature selection framework. It leverages SHAP for global feature importance and Xplique for a suite of explanation-based feature selectors, applied across seven black-box classifiers on CICIDS-2017 and RoEduNet-SIMARGL2021 datasets. The approach yields superior or competitive detection performance compared to traditional baselines in most configurations, and provides attack- and model-specific feature insights to aid security analysts. By releasing open-source code, the framework establishes a foundation for broader adoption and further development of XAI-enhanced IDS feature selection with real-world impact.

Abstract

Explainability and evaluation of AI models are crucial parts of the security of modern intrusion detection systems (IDS) in the network security field, yet they are lacking. Accordingly, feature selection is essential for such parts in IDS because it identifies the most paramount features, enhancing attack detection and its description. In this work, we tackle the feature selection problem for IDS by suggesting new ways of applying eXplainable AI (XAI) methods for this problem. We identify the crucial attributes originated by distinct AI methods in tandem with the novel five attribute selection methods. We then compare many state-of-the-art feature selection strategies with our XAI-based feature selection methods, showing that most AI models perform better when using the XAI-based approach proposed in this work. By providing novel feature selection techniques and establishing the foundation for several XAI-based strategies, this research aids security analysts in the AI decision-making reasoning of IDS by providing them with a better grasp of critical intrusion traits. Furthermore, we make the source codes available so that the community may develop additional models on top of our foundational XAI-based feature selection framework.

XAI-based Feature Selection for Improved Network Intrusion Detection Systems

TL;DR

This work tackles the lack of interpretability in AI-based IDS by introducing an XAI-driven feature selection framework. It leverages SHAP for global feature importance and Xplique for a suite of explanation-based feature selectors, applied across seven black-box classifiers on CICIDS-2017 and RoEduNet-SIMARGL2021 datasets. The approach yields superior or competitive detection performance compared to traditional baselines in most configurations, and provides attack- and model-specific feature insights to aid security analysts. By releasing open-source code, the framework establishes a foundation for broader adoption and further development of XAI-enhanced IDS feature selection with real-world impact.

Abstract

Explainability and evaluation of AI models are crucial parts of the security of modern intrusion detection systems (IDS) in the network security field, yet they are lacking. Accordingly, feature selection is essential for such parts in IDS because it identifies the most paramount features, enhancing attack detection and its description. In this work, we tackle the feature selection problem for IDS by suggesting new ways of applying eXplainable AI (XAI) methods for this problem. We identify the crucial attributes originated by distinct AI methods in tandem with the novel five attribute selection methods. We then compare many state-of-the-art feature selection strategies with our XAI-based feature selection methods, showing that most AI models perform better when using the XAI-based approach proposed in this work. By providing novel feature selection techniques and establishing the foundation for several XAI-based strategies, this research aids security analysts in the AI decision-making reasoning of IDS by providing them with a better grasp of critical intrusion traits. Furthermore, we make the source codes available so that the community may develop additional models on top of our foundational XAI-based feature selection framework.

Paper Structure

This paper contains 24 sections, 3 figures, 20 tables.

Table of Contents

  1. Introduction
  2. The Problem Statement
  3. Network Intrusion Types
  4. Intrusion Detection Systems
  5. The drawbacks of Black-box AI Models
  6. Explainable AI
  7. Benefits of XAI for Network IDS
  8. Framework
  9. XAI-based Workflow Sections for Choosing Features
  10. IDS Feature Selection Methods
  11. Traditional Feature Selection Methods
  12. Feature Selection Methods from Xplique
  13. Feature Explanation
  14. Evaluation
  15. Description of Datasets
  16. ...and 9 more sections

Figures (3)

  • Figure 1: A summary of our feature selection approach for network intrusion detection based on XAI.
  • Figure 2: For every intrusion detection AI model for the RoEduNet-SIMARGL2021 dataset, global summary graphs (by SHAP) are provided. It illustrates the relative weights of several attributes, with varying hues signifying the relevance of every kind of attack.
  • Figure 3: Global summary graphs for each intrusion detection AI model for the CICIDS-2017 dataset, produced by SHAP. It displays the relative weights of several attributes, with varying hues signifying the relevance of each kind of attack.