Usman Ahmed, Zheng Jiangbin, Sheharyar Khan, Muhammad Tariq Sadiq
{"title":"基于可解释人工智能的入侵检测共识混合集成机器学习","authors":"Usman Ahmed, Zheng Jiangbin, Sheharyar Khan, Muhammad Tariq Sadiq","doi":"10.1016/j.jnca.2024.104091","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDSs) are dynamic to cybersecurity because they protect computer networks from malicious activity. IDS can benefit from machine learning; however, individual models may be unable to handle sophisticated and dynamic threats. Current cutting-edge research frequently concentrates on single machine-learning models for intrusion detection. They do not emphasize the necessity for more flexible and effective alternatives. The current computer network identification design techniques often need to improve efficiency and interpretability. Techniques that allow different models to operate together and adjust to dynamic network settings are required. This research addresses this gap, suggesting an innovative ensemble learning strategy, the ”Consensus Hybrid Ensemble Model” (CHEM)”, for intrusion detection. We combined different types of models, such as linear, nonlinear, and ensemble methods, neural networks, and probabilistic models, by using a metaclassifier approach. In this setup, a hybrid model of random forest (RF) and decision tree (DT) acts as the metaclassifier in a voting classifier, which uses consensus voting to align predictions from the various base classifiers. This method enhances the decision-making by considering each base classifier’s confidence and agreement. Local and global explanation models, such as the Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) approaches, contributed to the primary predictions of the models’ transparency. We used different datasets for testing, such as Kdd99, NSL-KDD, CIC-IDS2017, BoTNeTIoT, and Edge-IIoTset. The proposed ”CHEM” model shows impressive performance across several attack scenarios, including novel and zero-day attacks, and proves its ability to identify and adapt to changing cyber threats. Several ablation experiments were conducted on available datasets to train, test, evaluate, and compare the proposed ”CHEM” model with the most sophisticated and state-of-the-art models. This research combines machine learning algorithms to create a precise IDS that adapts to ever-changing cyber threats.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"60 1","pages":""},"PeriodicalIF":7.7000,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Consensus hybrid ensemble machine learning for intrusion detection with explainable AI\",\"authors\":\"Usman Ahmed, Zheng Jiangbin, Sheharyar Khan, Muhammad Tariq Sadiq\",\"doi\":\"10.1016/j.jnca.2024.104091\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDSs) are dynamic to cybersecurity because they protect computer networks from malicious activity. IDS can benefit from machine learning; however, individual models may be unable to handle sophisticated and dynamic threats. Current cutting-edge research frequently concentrates on single machine-learning models for intrusion detection. They do not emphasize the necessity for more flexible and effective alternatives. The current computer network identification design techniques often need to improve efficiency and interpretability. Techniques that allow different models to operate together and adjust to dynamic network settings are required. This research addresses this gap, suggesting an innovative ensemble learning strategy, the ”Consensus Hybrid Ensemble Model” (CHEM)”, for intrusion detection. We combined different types of models, such as linear, nonlinear, and ensemble methods, neural networks, and probabilistic models, by using a metaclassifier approach. In this setup, a hybrid model of random forest (RF) and decision tree (DT) acts as the metaclassifier in a voting classifier, which uses consensus voting to align predictions from the various base classifiers. This method enhances the decision-making by considering each base classifier’s confidence and agreement. Local and global explanation models, such as the Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) approaches, contributed to the primary predictions of the models’ transparency. We used different datasets for testing, such as Kdd99, NSL-KDD, CIC-IDS2017, BoTNeTIoT, and Edge-IIoTset. The proposed ”CHEM” model shows impressive performance across several attack scenarios, including novel and zero-day attacks, and proves its ability to identify and adapt to changing cyber threats. Several ablation experiments were conducted on available datasets to train, test, evaluate, and compare the proposed ”CHEM” model with the most sophisticated and state-of-the-art models. This research combines machine learning algorithms to create a precise IDS that adapts to ever-changing cyber threats.\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"60 1\",\"pages\":\"\"},\"PeriodicalIF\":7.7000,\"publicationDate\":\"2024-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1016/j.jnca.2024.104091\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1016/j.jnca.2024.104091","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Consensus hybrid ensemble machine learning for intrusion detection with explainable AI
Intrusion detection systems (IDSs) are dynamic to cybersecurity because they protect computer networks from malicious activity. IDS can benefit from machine learning; however, individual models may be unable to handle sophisticated and dynamic threats. Current cutting-edge research frequently concentrates on single machine-learning models for intrusion detection. They do not emphasize the necessity for more flexible and effective alternatives. The current computer network identification design techniques often need to improve efficiency and interpretability. Techniques that allow different models to operate together and adjust to dynamic network settings are required. This research addresses this gap, suggesting an innovative ensemble learning strategy, the ”Consensus Hybrid Ensemble Model” (CHEM)”, for intrusion detection. We combined different types of models, such as linear, nonlinear, and ensemble methods, neural networks, and probabilistic models, by using a metaclassifier approach. In this setup, a hybrid model of random forest (RF) and decision tree (DT) acts as the metaclassifier in a voting classifier, which uses consensus voting to align predictions from the various base classifiers. This method enhances the decision-making by considering each base classifier’s confidence and agreement. Local and global explanation models, such as the Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) approaches, contributed to the primary predictions of the models’ transparency. We used different datasets for testing, such as Kdd99, NSL-KDD, CIC-IDS2017, BoTNeTIoT, and Edge-IIoTset. The proposed ”CHEM” model shows impressive performance across several attack scenarios, including novel and zero-day attacks, and proves its ability to identify and adapt to changing cyber threats. Several ablation experiments were conducted on available datasets to train, test, evaluate, and compare the proposed ”CHEM” model with the most sophisticated and state-of-the-art models. This research combines machine learning algorithms to create a precise IDS that adapts to ever-changing cyber threats.
期刊介绍:
The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
