Inherently Interpretable and Uncertainty-Aware Models for Online Learning in Cyber-Security Problems

TL;DR

This paper introduces a novel, scalable, interpretable, and uncertainty-aware online learning pipeline using Additive Gaussian Processes for cyber-security, enhancing trustworthiness and decision-making in high-stakes environments.

Contribution

It proposes a scalable AGP-based online learning framework that balances interpretability, uncertainty quantification, and predictive performance for cyber-security applications.

Findings

Improved threat detection accuracy with interpretable models.

Enhanced trust and decision-making for security analysts.

Scalable AGP implementation suitable for real-time cyber-security tasks.

Abstract

In this paper, we address the critical need for interpretable and uncertainty-aware machine learning models in the context of online learning for high-risk industries, particularly cyber-security. While deep learning and other complex models have demonstrated impressive predictive capabilities, their opacity and lack of uncertainty quantification present significant questions about their trustworthiness. We propose a novel pipeline for online supervised learning problems in cyber-security, that harnesses the inherent interpretability and uncertainty awareness of Additive Gaussian Processes (AGPs) models. Our approach aims to balance predictive performance with transparency while improving the scalability of AGPs, which represents their main drawback, potentially enabling security analysts to better validate threat detection, troubleshoot and reduce false positives, and generally make trustworthy, informed decisions. This work contributes to the growing field of interpretable AI by proposing a class of models that can be significantly beneficial for high-stake decision problems such as the ones typical of the cyber-security domain. The source code is available.