A Hybrid Approach for an Interpretable and Explainable Intrusion Detection System
Tiago Dias, Nuno Oliveira, Norberto Sousa, Isabel Pra\c{c}a, Orlando, Sousa
TL;DR
This paper introduces a hybrid intrusion detection system that combines rule-based expert knowledge with dynamic decision tree analysis to enhance interpretability and effectiveness in cybersecurity threat detection.
Contribution
It presents a novel hybrid approach integrating expert rules and AI-driven decision trees for more interpretable and adaptive intrusion detection.
Findings
Improved detection accuracy over traditional methods
Enhanced system interpretability and explainability
Adaptive learning from network activity evidence
Abstract
Cybersecurity has been a concern for quite a while now. In the latest years, cyberattacks have been increasing in size and complexity, fueled by significant advances in technology. Nowadays, there is an unavoidable necessity of protecting systems and data crucial for business continuity. Hence, many intrusion detection systems have been created in an attempt to mitigate these threats and contribute to a timelier detection. This work proposes an interpretable and explainable hybrid intrusion detection system, which makes use of artificial intelligence methods to achieve better and more long-lasting security. The system combines experts' written rules and dynamic knowledge continuously generated by a decision tree algorithm as new shreds of evidence emerge from network activity.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Anomaly Detection Techniques and Applications · Time Series Analysis and Forecasting