Explainable AI for Comparative Analysis of Intrusion Detection Models

TL;DR

This paper evaluates various machine learning models for intrusion detection using explainability techniques, revealing that simpler models often rely on few features and that Random Forest offers optimal performance.

Contribution

It provides a comparative analysis of multiple models for intrusion detection with explainability insights, emphasizing the importance of feature engineering over model complexity.

Findings

Most classifiers use fewer than three features for high accuracy

Random Forest achieves the best balance of accuracy, efficiency, and robustness

Effective feature engineering can outperform complex models in intrusion detection

Abstract

Explainable Artificial Intelligence (XAI) has become a widely discussed topic, the related technologies facilitate better understanding of conventional black-box models like Random Forest, Neural Networks and etc. However, domain-specific applications of XAI are still insufficient. To fill this gap, this research analyzes various machine learning models to the tasks of binary and multi-class classification for intrusion detection from network traffic on the same dataset using occlusion sensitivity. The models evaluated include Linear Regression, Logistic Regression, Linear Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Random Forest, Decision Trees, and Multi-Layer Perceptrons (MLP). We trained all models to the accuracy of 90\% on the UNSW-NB15 Dataset. We found that most classifiers leverage only less than three critical features to achieve such accuracies, indicating that effective feature engineering could actually be far more important for intrusion detection than applying complicated models. We also discover that Random Forest provides the best performance in terms of accuracy, time efficiency and robustness. Data and code available at https://github.com/pcwhy/XML-IntrusionDetection.git