Domain Knowledge Aided Explainable Artificial Intelligence for Intrusion Detection and Response

Artificial Intelligence (AI) has become an integral part of modern-day security solutions for its capability of learning very complex functions and handling "Big Data". However, the lack of explainability and interpretability of successful AI models is a key stumbling block when trust in a model's prediction is critical. This leads to human intervention, which in turn results in a delayed response or decision. While there have been major advancements in the speed and performance of AI-based intrusion detection systems, the response is still at human speed when it comes to explaining and interpreting a specific prediction or decision. In this work, we infuse popular domain knowledge (i.e., CIA principles) in our model for better explainability and validate the approach on a network intrusion detection test case. Our experimental results suggest that the infusion of domain knowledge provides better explainability as well as a faster decision or response. In addition, the infused domain knowledge generalizes the model to work well with unknown attacks, as well as open the path to adapt to a large stream of network traffic from numerous IoT devices.

[1]  Scott Lundberg,et al.  A Unified Approach to Interpreting Model Predictions , 2017, NIPS.

[2]  Alexander Binder,et al.  On Pixel-Wise Explanations for Non-Linear Classifier Decisions by Layer-Wise Relevance Propagation , 2015, PloS one.

[3]  Martin Wattenberg,et al.  Interpretability Beyond Feature Attribution: Quantitative Testing with Concept Activation Vectors (TCAV) , 2017, ICML.

[4]  Govindan Marthandan,et al.  Statistical and data mining methods in credit scoring , 2016 .

[5]  Matt Bishop Introduction to Computer Security , 2004 .

[6]  Tom M. Mitchell,et al.  Explanation-Based Generalization: A Unifying View , 1986, Machine Learning.

[7]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[8]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[9]  Kenli Li,et al.  A Parallel Random Forest Algorithm for Big Data in a Spark Cloud Computing Environment , 2017, IEEE Transactions on Parallel and Distributed Systems.

[10]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[11]  OpitzDavid,et al.  Popular ensemble methods , 1999 .

[12]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[13]  William Eberle,et al.  Credit Default Mining Using Combined Machine Learning and Heuristic Approach , 2018, ArXiv.

[14]  Seth Flaxman,et al.  European Union Regulations on Algorithmic Decision-Making and a "Right to Explanation" , 2016, AI Mag..

[15]  Erik Strumbelj,et al.  Explaining prediction models and individual predictions with feature contributions , 2014, Knowledge and Information Systems.

[16]  Gerald DeJong,et al.  Generalizations Based on Explanations , 1981, IJCAI.

[17]  Hetan Shah,et al.  Algorithmic accountability , 2018, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[18]  William Eberle,et al.  Mining Illegal Insider Trading of Stocks: A Proactive Approach , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[19]  Tim Miller,et al.  Explanation in Artificial Intelligence: Insights from the Social Sciences , 2017, Artif. Intell..

[20]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[21]  Wojciech Samek,et al.  Methods for interpreting and understanding deep neural networks , 2017, Digit. Signal Process..

[22]  William Eberle,et al.  Infusing domain knowledge in AI-based "black box" models for better explainability with application in bankruptcy prediction , 2019, ArXiv.

[23]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[24]  Zachary Chase Lipton The mythos of model interpretability , 2016, ACM Queue.

[25]  Carlos Guestrin,et al.  "Why Should I Trust You?": Explaining the Predictions of Any Classifier , 2016, ArXiv.

[26]  B. Chandrasekaran,et al.  Explaining control strategies in problem solving , 1989, IEEE Expert.

[27]  Scott Cheng‐Hsin Yang,et al.  Explainable Artificial Intelligence via Bayesian Teaching , 2017 .

[28]  S. Lipovetsky,et al.  Analysis of regression in game theory approach , 2001 .

[29]  Yair Zick,et al.  Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[30]  Johanna D. Moore,et al.  Explanation in second generation expert systems , 1993 .

[31]  J. Friedman Greedy function approximation: A gradient boosting machine. , 2001 .

[32]  Harry Zhang,et al.  The Optimality of Naive Bayes , 2004, FLAIRS.

[33]  Xue Wang,et al.  Comparison deep learning method to traditional methods using for network intrusion detection , 2016, 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN).

[34]  Regina Barzilay,et al.  Rationalizing Neural Predictions , 2016, EMNLP.

[35]  M. Elliot What is Explainable AI , 2018 .

[36]  Robert C. Atkinson,et al.  Threat analysis of IoT networks using artificial neural network intrusion detection system , 2016, 2016 International Symposium on Networks, Computers and Communications (ISNCC).

[37]  M. Bouaziz,et al.  An Introduction to Computer Security , 2012 .

[38]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..

[39]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[40]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[41]  Martin Wattenberg,et al.  TCAV: Relative concept importance testing with Linear Concept Activation Vectors , 2018 .

[42]  Pierre Geurts,et al.  Extremely randomized trees , 2006, Machine Learning.

[43]  Lingfeng Wang,et al.  A neural network based distributed intrusion detection system on cloud platform , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[44]  Sheikh Rabiul Islam AN ABSTRACT OF A THESIS AN EFFICIENT TECHNIQUE FOR MINING BAD CREDIT ACCOUNTS FROM BOTH OLAP AND OLTP , 2018 .

[45]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[46]  Hinrich Schütze,et al.  Introduction to information retrieval , 2008 .

[47]  Avanti Shrikumar,et al.  Learning Important Features Through Propagating Activation Differences , 2017, ICML.