Rule-Based Learning for Explainable XGBoost Internal Threat Detection
摘要
In the field of data security, internal threat detection is a critical issue due to its complexity and stealthiness. This paper proposes an explainable method for internal threat detection based on rule learning with XGBoost. Firstly, the XGBoost model is used to extract features from user behavior data and generate initial decision rules. These rules are then processed, filtered, and optimized to construct a subset of rules. Finally, this subset of rules is used as input features to build a penalized logistic regression model, enhancing the interpretability and accuracy of the model. Experimental results show that the proposed method achieves a 96.7% accuracy rate on the CMU-CERT dataset. The method demonstrates decision rationale through interpretable rules, improving the understanding and trust in the detection results.