Improving Classification Results in Network Data Analysis using Interpretability Methods (CROSBI ID 725028)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Begušić, Domagoj ; Pintar, Damir ; Krznarić, Sanja ; Frederick-Walker Luke
engleski
Improving Classification Results in Network Data Analysis using Interpretability Methods
Developing network intrusion detection and prevention systems usually leverage a rule-based approach, which is derived from rules defined by network security experts who can utilize logic from both low and high network layers. However, in recent times, machine learning methods have also achieved promising results in developing Network Intrusion Detection Systems, and their popularity is steadily rising. Unfortunately, the usage of these machine learning methods in real-life problems has regularly proved that no good out-of-the-box solution exists for production or deployment. Also, due to the increasing volume and complexity of processed data that machine learning methods are faced with over time, improvements and adaptions are frequently required. As the problem at hand becomes more convoluted, so does the the nature of the applied solution. This complexity is further compounded by the fact that certain machine and deep learning methods intrinsically do not offer a way of understanding how they make decisions, effectively behaving like black boxes. All of this significantly lowers the understandability of implemented solutions in production environments that are already quite complex, which justifies the need of interpretability methods. While interpretability methods are commonly designed to be used by humans, in this paper we propose a way of improving a model's classification performance by applying data mining methods on explanation data generated by interpretability methods. The paper showcases this approach by improving on a previously built network intrusion detection system and achieving a higher negative predictive value, even after hyperparameter optimization.
network intrusion detection system ; cybersecurity ; data mining ; interpretability methods ; classification
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
67-72.
2022.
objavljeno
Podaci o matičnoj publikaciji
Proceedings of 30th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2022)
Podaci o skupu
30th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2022
predavanje
22.09.2022-24.09.2022
Split, Hrvatska