In this research, we present the process of creating semantic explanations based on a set of explainability techniques. To start this process, we analyze several techniques aimed at the explainability of different AI models, which are designed to detect a set of attacks within IoT environments. This way, the human interpretability of these explainability techniques for AI models in the detection of multi-class IoT attacks is crucial for building trust and, and enabling viable security responses. Techniques such as SHAP (Shapley Additive Explanations) and LIME (Local Interpretable Model-Agnostic Explanations) are widely used to provide both local (instance-level) and global (feature-level) explanations, helping cybersecurity experts to understand which features most influence the model’s decisions, and why certain attacks are classified as such. Combining multiple interpretability methods can further improve understanding by offering different perspectives on feature relevance and model behavior. While SHAP, in particular, stands out for its high fidelity, consistency, and low complexity, making more reliable and easier explanations for humans to interpret compared to LIME. However, in real-world deployment environments, it is essential to have information about local explanations that point to evidence that an attack is happening. Therefore, the output of both should be optimized to correctly help final users to interpret the information provided by the system using more pedagogical and semantic meaningful explanations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Generation of Semantic Explanations for AI-Based Models for Network Intrusion Detection

  • Enrique Fernández-Morales,
  • Llanos Tobarra,
  • Antonio Robles-Gómez,
  • Rafael Pastor-Vargas,
  • Pedro Vidal-Balboa

摘要

In this research, we present the process of creating semantic explanations based on a set of explainability techniques. To start this process, we analyze several techniques aimed at the explainability of different AI models, which are designed to detect a set of attacks within IoT environments. This way, the human interpretability of these explainability techniques for AI models in the detection of multi-class IoT attacks is crucial for building trust and, and enabling viable security responses. Techniques such as SHAP (Shapley Additive Explanations) and LIME (Local Interpretable Model-Agnostic Explanations) are widely used to provide both local (instance-level) and global (feature-level) explanations, helping cybersecurity experts to understand which features most influence the model’s decisions, and why certain attacks are classified as such. Combining multiple interpretability methods can further improve understanding by offering different perspectives on feature relevance and model behavior. While SHAP, in particular, stands out for its high fidelity, consistency, and low complexity, making more reliable and easier explanations for humans to interpret compared to LIME. However, in real-world deployment environments, it is essential to have information about local explanations that point to evidence that an attack is happening. Therefore, the output of both should be optimized to correctly help final users to interpret the information provided by the system using more pedagogical and semantic meaningful explanations.