Explainable Artificial Intelligence Models for Intrusion Detection Systems to Improve the Efficiency and Interpretability of Black Box Models

In the field of cybersecurity, Intrusion Detection Systems (IDS) are commonly used to prevent and minimize threats. Systems for detecting intrusions aid in preventing threats and vulnerable points from entering computer networks. Many Machine Learning (ML) techniques are available for assisting development of IDS that perform effectively. In a broad range of tasks, ML based systems have demonstrated improved learning performance. But, the problem with the certain cutting-edge models is that they lack in explanation ability, transparency, and reliability. Explainable AI (XAI) approaches are employed in order to comprehend and clarify these AI models to security analysts. The present study proposes an architecture that uses SHAP for Intrusion detection Systems (IDS) to increase the interpretability of the model by extracting the explanations from the black box models like XGBoost, AdaBoost, Support Vector Machines (SVM) and Random Forest (RF) algorithms. The explanations provided by the SHAP analysis are validated with filter based Feature selection method. The experiment’s findings show that the XGBoost model outperforms the other ML models and the SHAP analysis is performed for the ML model to study the efficacy of the explanations and the importance of features.