Publication
Leveraging Explainable AI Methods Towards Identifying Classification Issues on IDS Datasets
Eric Lanfer; Sophia Sylvester; Nils Aschenbruck; Martin Atzmueller
In: Eyuphan Bulut; Florian Tschorsch; Kanchana Thilakarathna (Hrsg.). Proceedings of the 48th IEEE Conference on Local Computer Networks - LCN 2023. IEEE Conference on Local Computer Networks (LCN-2023), October 1-5, Daytona Beach, FL, USA, Pages 1-4, IEEE Xplore, 2023.
Abstract
Nowadays, anomaly-based network intrusion detection system (NIDS) still have limited real-world applications; this is particularly due to false alarms, a lack of datasets, and a lack of confidence. In this paper, we propose to use explainable artificial intelligence (XAI) methods for tackling these issues. In our experimentation, we train a random forest (RF) model on the NSL-KDD dataset, and use SHAP to generate global explanations. We find that these explanations deviate substantially from domain expertise. To shed light on the potential causes, we analyze the structural composition of the attack classes. There, we observe severe imbalances in the number of records per attack type subsumed in the attack classes of the NSL-KDD dataset, which could lead to generalization and overfitting regarding classification. Hence, we train a new RF classifier and SHAP explainer directly on the attack types. Classification performance is considerably improved, and the new explanations are matching the expectations based on domain knowledge better. Thus, we conclude that the imbalances in the dataset bias classification and consequently also the results of XAI methods like SHAP. However, the XAI methods can also be employed to find and debug issues and biases in the data and the applied model. Furthermore, the debugging results in higher trustworthiness of anomaly-based NIDS.