ENIXMA: ENsemble of EXplainable Methods for detecting network Attack
- سال انتشار: 1403
- محل انتشار: مجله مهندسی کامپیوتر و دانش، دوره: 7، شماره: 1
- کد COI اختصاصی: JR_CKE-7-1_001
- زبان مقاله: انگلیسی
- تعداد مشاهده: 193
نویسندگان
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
چکیده
The Internet has become an integral societal component, with its accessibility being imperative. However, malicious actors strive to disrupt internet services and exploit service providers. Countering such challenges necessitates robust methods for identifying network attacks. Yet, prevailing approaches often grapple with compromised precision and limited interpretability. In this paper, we introduce a pioneering solution named ENIXMA, which harnesses a fusion of machine learning classifiers to enhance attack identification. We validate ENIXMA using the CICDDoS۲۰۱۹ dataset. Our approach achieves a remarkable ۹۰% increase in attack detection precision on the balanced CICDDoS۲۰۱۹ dataset, signifying a substantial advancement compared to antecedent methodologies that registered a mere ۳% precision gain. We employ diverse preprocessing and normalization techniques, including z-score, to refine the data. To surmount interpretability challenges, ENIXMA employs SHAP, LIME, and decision tree methods to pinpoint pivotal features in attack detection. Additionally, we scrutinize pivotal scenarios within the decision tree. Notably, ENIXMA not only attains elevated precision and interpretability but also showcases expedited performance in contrast to prior techniques.کلیدواژه ها
Network anomaly detection, Machine learning, Intrusion detection system, Ensemble learning, Interpretabilityاطلاعات بیشتر در مورد COI
COI مخفف عبارت CIVILICA Object Identifier به معنی شناسه سیویلیکا برای اسناد است. COI کدی است که مطابق محل انتشار، به مقالات کنفرانسها و ژورنالهای داخل کشور به هنگام نمایه سازی بر روی پایگاه استنادی سیویلیکا اختصاص می یابد.
کد COI به مفهوم کد ملی اسناد نمایه شده در سیویلیکا است و کدی یکتا و ثابت است و به همین دلیل همواره قابلیت استناد و پیگیری دارد.