Applied Sciences (Dec 2024)

Post-Hoc Categorization Based on Explainable AI and Reinforcement Learning for Improved Intrusion Detection

  • Xavier Larriva-Novo,
  • Luis Pérez Miguel,
  • Victor A. Villagra,
  • Manuel Álvarez-Campana,
  • Carmen Sanchez-Zas,
  • Óscar Jover

DOI
https://doi.org/10.3390/app142411511
Journal volume & issue
Vol. 14, no. 24
p. 11511

Abstract

Read online

The massive usage of Internet services nowadays has led to a drastic increase in cyberattacks, including sophisticated techniques, so that Intrusion Detection Systems (IDSs) need to use AP technologies to enhance their effectiveness. However, this has resulted in a lack of interpretability and explainability from different applications that use AI predictions, making it hard to understand by cybersecurity operators why decisions were made. To address this, the concept of Explainable AI (XAI) has been introduced to make the AI’s decisions more understandable at both global and local levels. This not only boosts confidence in the AI but also aids in identifying different attributes commonly used in cyberattacks for the exploitation of flaws or vulnerabilities. This study proposes two developments: first, the creation and evaluation of machine learning models for an IDS with the objective to use Reinforcement Learning (RL) to classify malicious network traffic, and second, the development of a methodology to extract multi-level explanations from the RL model to identify, detect, and understand how different attributes affect uncertain types of attack categories.

Keywords