The reviewed record of science sign in
Pith

arxiv: 2303.17387 · v1 · pith:C7I4YIYK · submitted 2023-03-30 · cs.CR · cs.AI· cs.LG

Explainable Intrusion Detection Systems Using Competitive Learning Techniques

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:C7I4YIYKrecord.jsonopen to challenge →

classification cs.CR cs.AIcs.LG
keywords modelsexplainablelearningarchitecturedetectionexplanationsintrusionorganizing
0
0 comments X
read the original abstract

The current state of the art systems in Artificial Intelligence (AI) enabled intrusion detection use a variety of black box methods. These black box methods are generally trained using Error Based Learning (EBL) techniques with a focus on creating accurate models. These models have high performative costs and are not easily explainable. A white box Competitive Learning (CL) based eXplainable Intrusion Detection System (X-IDS) offers a potential solution to these problem. CL models utilize an entirely different learning paradigm than EBL approaches. This different learning process makes the CL family of algorithms innately explainable and less resource intensive. In this paper, we create an X-IDS architecture that is based on DARPA's recommendation for explainable systems. In our architecture we leverage CL algorithms like, Self Organizing Maps (SOM), Growing Self Organizing Maps (GSOM), and Growing Hierarchical Self Organizing Map (GHSOM). The resulting models can be data-mined to create statistical and visual explanations. Our architecture is tested using NSL-KDD and CIC-IDS-2017 benchmark datasets, and produces accuracies that are 1% - 3% less than EBL models. However, CL models are much more explainable than EBL models. Additionally, we use a pruning process that is able to significantly reduce the size of these CL based models. By pruning our models, we are able to increase prediction speeds. Lastly, we analyze the statistical and visual explanations generated by our architecture, and we give a strategy that users could use to help navigate the set of explanations. These explanations will help users build trust with an Intrusion Detection System (IDS), and allow users to discover ways to increase the IDS's potency.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. parHSOM: A novel parallel Hierarchical Self-Organizing Map implementation

    cs.DC 2026-05 unverdicted novelty 5.0

    parHSOM parallelizes HSOM training to achieve faster convergence on five cybersecurity datasets across multiple grid sizes and testbeds while preserving detection performance.