Using Kernel SHAP XAI Method to optimize the Network Anomaly Detection Model

TL;DR

This paper employs Kernel SHAP, an explainable AI technique, to enhance network anomaly detection models, improving their accuracy and interpretability using the CICIDS2017 dataset.

Contribution

It introduces the use of Kernel SHAP for explaining and optimizing deep learning-based network anomaly detection models.

Findings

OPT_Model achieved 0.90 accuracy and 0.76 F score.

Kernel SHAP improved model interpretability and performance.

Unsupervised training enhanced detection metrics.

Abstract

Anomaly detection and its explanation is important in many research areas such as intrusion detection, fraud detection, unknown attack detection in network traffic and logs. It is challenging to identify the cause or explanation of why one instance is an anomaly? and the other is not due to its unbounded and lack of supervisory nature. The answer to this question is possible with the emerging technique of explainable artificial intelligence (XAI). XAI provides tools and techniques to interpret and explain the output and working of complex models such as Deep Learning (DL). This paper aims to detect and explain network anomalies with XAI, kernelSHAP method. The same approach is used to improve the network anomaly detection model in terms of accuracy, recall, precision and f score. The experiment is conduced with the latest CICIDS2017 dataset. Two models are created (Model_1 and OPT_Model) and compared. The overall accuracy and F score of OPT_Model (when trained in unsupervised way) are 0.90 and 0.76, respectively.