Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Explainable and Resilient ML-Based Physical-Layer Attack Detectors

Aleksandra Knapińska, Marija Furdek

TL;DR

The paper tackles explainability and resilience of ML-based physical-layer attack detectors for optical networks by applying SHAP-based analyses to MLP, XGBoost, and SVM detectors trained on real lab data with 31 OPM features across six attack types. It demonstrates attack-specific feature usage and the benefits of using aggregated detectors, then leverages feature selection guided by XAI to boost speed (up to ~2×) while preserving accuracy. A resilience study via parameter noising reveals a clear speed-versus-robustness trade-off: FS-optimized detectors are faster but more vulnerable to adversarial perturbations. The findings provide design guidelines for building fast, explainable, and robust detectors tailored to network security needs, and point to future work on dynamic detectors and deeper resilience analyses.

Abstract

Detection of emerging attacks on network infrastructure is a critical aspect of security management. To meet the growing scale and complexity of modern threats, machine learning (ML) techniques offer valuable tools for automating the detection of malicious activities. However, as these techniques become more complex, their internal operations grow increasingly opaque. In this context, we address the need for explainable physical-layer attack detection methods. First, we analyze the inner workings of various classifiers trained to alert about physical layer intrusions, examining how the influence of different monitored parameters varies depending on the type of attack being detected. This analysis not only improves the interpretability of the models but also suggests ways to enhance their design for increased speed. In the second part, we evaluate the detectors' resilience to malicious parameter noising. The results highlight a key trade-off between model speed and resilience. This work serves as a design guideline for developing fast and robust detectors trained on available network monitoring data.

Explainable and Resilient ML-Based Physical-Layer Attack Detectors

TL;DR

The paper tackles explainability and resilience of ML-based physical-layer attack detectors for optical networks by applying SHAP-based analyses to MLP, XGBoost, and SVM detectors trained on real lab data with 31 OPM features across six attack types. It demonstrates attack-specific feature usage and the benefits of using aggregated detectors, then leverages feature selection guided by XAI to boost speed (up to ~2×) while preserving accuracy. A resilience study via parameter noising reveals a clear speed-versus-robustness trade-off: FS-optimized detectors are faster but more vulnerable to adversarial perturbations. The findings provide design guidelines for building fast, explainable, and robust detectors tailored to network security needs, and point to future work on dynamic detectors and deeper resilience analyses.

Abstract

Detection of emerging attacks on network infrastructure is a critical aspect of security management. To meet the growing scale and complexity of modern threats, machine learning (ML) techniques offer valuable tools for automating the detection of malicious activities. However, as these techniques become more complex, their internal operations grow increasingly opaque. In this context, we address the need for explainable physical-layer attack detection methods. First, we analyze the inner workings of various classifiers trained to alert about physical layer intrusions, examining how the influence of different monitored parameters varies depending on the type of attack being detected. This analysis not only improves the interpretability of the models but also suggests ways to enhance their design for increased speed. In the second part, we evaluate the detectors' resilience to malicious parameter noising. The results highlight a key trade-off between model speed and resilience. This work serves as a design guideline for developing fast and robust detectors trained on available network monitoring data.

Paper Structure

This paper contains 11 sections, 6 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Experimental Environment and the Dataset
  4. Data Collection
  5. ML Experiments Setup
  6. Understanding Attack Detectors
  7. Dedicated Detectors
  8. Aggregated Detectors
  9. XAI-Based Detector Optimization
  10. Resilience of the Detectors
  11. Conclusions

Figures (6)

  • Figure 1: Scheme of the data collection experimental setup.
  • Figure 2: Example SHAP decision plot for the attack detection task.
  • Figure 3: SHAP summary plots for models detecting INBLGT (first row) and INBSTR (second row). MLP (right), XGB (middle), and SVM (left) classifiers.
  • Figure 4: SHAP summary decision plots for models trained on aggregated data of all attacks. MLP (left), XGB (middle), and SVM (right) classifiers.
  • Figure 5: Inference time of the classifiers before and after FS for the considered physical layer attack types.
  • ...and 1 more figures