准确检测异常和识别网络入侵技术的可解释泛化机制

IF 6.3 1区 计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS IEEE Transactions on Information Forensics and Security Pub Date : 2024-10-31 DOI:10.1109/TIFS.2024.3488967
Hao-Ting Pai;Yu-Hsuan Kang;Wen-Cheng Chung
{"title":"准确检测异常和识别网络入侵技术的可解释泛化机制","authors":"Hao-Ting Pai;Yu-Hsuan Kang;Wen-Cheng Chung","doi":"10.1109/TIFS.2024.3488967","DOIUrl":null,"url":null,"abstract":"The increasing complexity of modern network environments presents formidable challenges to Intrusion Detection Systems (IDS) in effectively mitigating cyber-attacks. Recent advancements in IDS research, integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE) =0.93, Recall (REC) =0.94, and Area Under Curve (AUC) =0.94 in NSL-KDD; PRE =0.98, REC =0.99, and AUC =0.99 in UNSW-NB15; and PRE =0.98, REC =0.98, and AUC =0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC =1.0 and at least PRE =0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC =1.0 and at least PRE =0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10302-10313"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10740319","citationCount":"0","resultStr":"{\"title\":\"An Interpretable Generalization Mechanism for Accurately Detecting Anomaly and Identifying Networking Intrusion Techniques\",\"authors\":\"Hao-Ting Pai;Yu-Hsuan Kang;Wen-Cheng Chung\",\"doi\":\"10.1109/TIFS.2024.3488967\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The increasing complexity of modern network environments presents formidable challenges to Intrusion Detection Systems (IDS) in effectively mitigating cyber-attacks. Recent advancements in IDS research, integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE) =0.93, Recall (REC) =0.94, and Area Under Curve (AUC) =0.94 in NSL-KDD; PRE =0.98, REC =0.99, and AUC =0.99 in UNSW-NB15; and PRE =0.98, REC =0.98, and AUC =0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC =1.0 and at least PRE =0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC =1.0 and at least PRE =0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"19 \",\"pages\":\"10302-10313\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2024-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10740319\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10740319/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10740319/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

摘要

现代网络环境日益复杂,给入侵检测系统(IDS)有效缓解网络攻击带来了严峻挑战。集成了可解释人工智能(XAI)方法的入侵检测系统研究最近取得了进展,通过精确的特征选择显著提高了系统性能。然而,要想彻底了解网络攻击,就需要在 IDS 内部建立可解释的决策过程。在本文中,我们介绍了可解释泛化机制(IG),它将彻底改变 IDS 的能力。IG 能识别连贯的模式,使其在区分正常和异常网络流量时具有可解释性。此外,连贯模式的综合还能揭示错综复杂的入侵路径,为网络安全取证提供重要见解。通过对真实世界数据集 NSL-KDD、UNSW-NB15 和 UKM-IDS20 的实验,IG 即使在训练与测试比例较低的情况下也很准确。在 NSL-KDD 中,10%-90% 的 IG 精度 (PRE) =0.93,召回率 (REC) =0.94,曲线下面积 (AUC) =0.94;在 UNSW-NB15 中,PRE =0.98,REC =0.99,AUC =0.99;在 UKM-IDS20 中,PRE =0.98,REC =0.98,AUC =0.99。值得注意的是,在 UNSW-NB15 中,IG 达到了 REC =1.0 和至少 PRE =0.98(从 40% 到 60%);在 UKM-IDS20 中,IG 达到了 REC =1.0 和至少 PRE =0.88(从 20% 到 80%)。重要的是,在 UKM-IDS20 中,IG 在没有事先暴露的情况下成功识别了所有三个异常实例,这证明了它的泛化能力。这些结果和推论都是可重复的。总之,IG 在不同的数据集和训练与测试比率(从 10% 到 90% 到 90%-10%)中始终表现出色,展示了卓越的泛化能力,并能在没有事先暴露的情况下识别新的异常情况。它的可解释性通过准确区分正常和异常活动的一致性证据而得到增强,从而显著提高了检测准确性并减少了误报,从而增强了 IDS 的可靠性和可信度。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
An Interpretable Generalization Mechanism for Accurately Detecting Anomaly and Identifying Networking Intrusion Techniques
The increasing complexity of modern network environments presents formidable challenges to Intrusion Detection Systems (IDS) in effectively mitigating cyber-attacks. Recent advancements in IDS research, integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE) =0.93, Recall (REC) =0.94, and Area Under Curve (AUC) =0.94 in NSL-KDD; PRE =0.98, REC =0.99, and AUC =0.99 in UNSW-NB15; and PRE =0.98, REC =0.98, and AUC =0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC =1.0 and at least PRE =0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC =1.0 and at least PRE =0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Transactions on Information Forensics and Security
IEEE Transactions on Information Forensics and Security 工程技术-工程:电子与电气
CiteScore
14.40
自引率
7.40%
发文量
234
审稿时长
6.5 months
期刊介绍: The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
期刊最新文献
On the Efficient Design of Stacked Intelligent Metasurfaces for Secure SISO Transmission Attackers Are Not the Same! Unveiling the Impact of Feature Distribution on Label Inference Attacks Backdoor Online Tracing With Evolving Graphs LHADRO: A Robust Control Framework for Autonomous Vehicles Under Cyber-Physical Attacks Towards Mobile Palmprint Recognition via Multi-view Hierarchical Graph Learning
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1