BOOSTING ALGORİTMALARI KULLANARAK SALDIRI TESPİT SİSTEMLERİ SINIFLANDIRMADA AÇIKLANABİLİR YAPAY ZEKA UYGULAMASI

Year 2024, Volume: 10 Issue: 1, 1 - 7, 30.06.2024

Ercan Atagün , Günay Temür , Serdar Biroğul

https://doi.org/10.22531/muglajsci.1343051

Abstract

İnternete erişimin kolaylaşması ve hız oranlarının artması ile birlikte internete bağlı cihazlara erişimi de arttırmaktadır. İnternet kullanıcıları yetkili oldukları veya yetkilendirilmedikleri birçok cihaza erişebilirler. Kullanıcıların yetkisiz erişime sahip olup olmadığını tespit eden bu sistemlere Saldırı Tespit Sistemleri denir. Saldırı tespit sistemleri ile kullanıcıların erişimleri sınıflandırılır ve normal bir giriş mi yoksa bir anormallik mi olduğu belirlenir. Makine öğrenimi yöntemleri bu sınıflandırma görevini üstlenir. Özellikle Boosting algoritmaları, yüksek sınıflandırma performansları ile öne çıkmaktadır. Gradient Boosting algoritmasının Saldırı Tespit Sistemleri problemi için önerilen diğer yöntemlere göre dikkate değer bir sınıflandırma performansı sağladığı gözlemlenmiştir. Python programlama dili kullanılarak Gradient Boost ve Adaboost algoritmaları ile tahmin yapılmış ve ardından model SHAPASH ile açıklanmıştır. SHAPASH, makine öğrenmesi modellerinin herkes tarafından yorumlanabilir ve anlaşılır hale getirmeyi hedeflemektedir. Saldırı Tespit Sistemleri için yorumlanabilir ve açıklanabilir bir yaklaşım sunulması siber güvenlik alanında önemli tedbirlerin alınmasında katkı sağlamaktadır. Bu çalışmada Boosting algoritmaları kullanılarak sınıflandırma yapılmış ve Açıklanabilir Yapay Zeka yaklaşımlarından biri olan SHAPASH ile oluşturulan tahmin modeli anlatılmıştır.

Keywords

İzinsiz giriş tespit sistemi, Açıklanabilir yapay zeka, Gradient boosting

APPLICATION OF EXPLAINABLE ARTIFICIAL INTELLIGENCE IN INTRUSION DETECTION SYSTEM CLASSIFICATION USING BOOSTING ALGORITHMS

Abstract

The increased speed rates and ease of access to the Internet increase the availability of devices with Internet connections. Internet users can access many devices that they are authorized or not authorized. These systems, which detect whether users have unauthorized access or not, are called Intrusion Detection Systems. With intrusion detection systems, users' access is classified and it is determined whether it is a normal login or an anomaly. Machine learning methods undertake this classification task. In particular, Boosting algorithms stand out with their high classification performance. It has been observed that the Gradient Boosting algorithm provides remarkable classification performance when compared to other methods proposed for the Intrusion Detection Systems problem. Using the Python programming language, estimation was made with the Gradient Boost, Adaboost algorithms, Catboost, and Decision Tree and then the model was explained with SHAPASH. The goal of SHAPASH is to enable universal interpretation and comprehension of machine learning models. Providing an interpretable and explainable approach to Intrusion Detection Systems contributes to taking important precautions in the field of cyber security. In this study, classification was made using Boosting algorithms, and the estimation model created with SHAPASH, which is one of the Explainable Artificial Intelligence approaches, is explained.

Keywords

Intrusion detection system, Explainable artificial intelligence, Gradient boosting

References

• Liao, H. J., Lin, C. H. R., Lin, Y. C., and Tung, K. Y., “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications, 36 (1), 16-24, 2013.
• Sharma S. and Gupta R. K., “Intrusion detection system: A review”, International Journal of Security and Its Applications, 9 (5), 69–76, 2015.
• Özgür, A., and Erdem, H., “Saldırı tespit sistemlerinde genetik algoritma kullanarak nitelik seçimi ve çoklu sınıflandırıcı füzyonu”, Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, 33(1), 75-87, 2018.
• Salvatore Stolfo, 2019. [Online ]. Available: https://kdd.ics.uci.edu/databases/kddcup99/task.html. [Accessed 12 1 2023].
• Levin, I. “KDD-99 classifier learning contest LLSoft's results overview”, ACM SIGKDD Explorations Newsletter, 1 (2), 67-75, 2000.
• Manzoor, I., and Kumar, N. “A feature reduced intrusion detection system using ANN classifier”, Expert Systems with Applications, 88, 249-257, 2017.
• Alzubi, Q. M., Anbar, M., Sanjalawe, Y., Al-Betar, M. A., & Abdullah, R. “Intrusion detection system based on hybridizing a modified binary grey wolf optimization and particle swarm optimization”, Expert Systems with Applications, 204, 117-597, 2022.
• Abd Elaziz, M., Al-qaness, M. A., Dahou, A., Ibrahim, R. A., and Abd El-Latif, A. A., “Intrusion detection approach for cloud and IoT environments using deep learning and Capuchin Search Algorithm”, Advances in Engineering Software, 176, 103-402, 2023.
• Hussain, J., and Lalmuanawma, S., “Feature analysis, evaluation and comparisons of classification algorithms based on noisy intrusion dataset”, Procedia Computer Science, 92, 188-198, 2016.
• Ruan, Z., Miao, Y., Pan, L., Patterson, N., and Zhang, J. “Visualization of big data security: a case study on the KDD99 cup data set”, Digital Communications and Networks, 3 (4), 250-259, 2017.
• Al Mehedi Hasan, M., Nasser, M., and Pal, B., “On the KDD’99 dataset: support vector machine based intrusion detection system (ids) with different kernels”, International Journal of Electronics Communication and Computer Engineering, 4 (4), 1164-1170, 2013.
• Kandeeban, S. S., and Rajesh, R. S., “A Genetic Algorithm Based elucidation for improving Intrusion Detection through condensed feature set by KDD 99 data set”, Information and Knowledge Management, 1 (1), 1-9, 2011.
• Nuiaa, R. R., Alsaeedi, A. H., Manickam, S., and Al-Shammary, D. E. J., “Evolving dynamic fuzzy clustering (EDFC) to enhance DRDoS_DNS attacks detection mechanism”, International Journal of Intelligent Engineering & Systems, 15 (1), 509-519, 2022.
• Sahu, S. K., Sarangi, S., and Jena, S. K., “A detail analysis on intrusion detection datasets”, 2014 IEEE international advance computing conference, 1348-1353, 2014.
• Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. “A detailed analysis of the KDD CUP 99 data set”, IEEE symposium on computational intelligence for security and defense applications, 1-6, 2009.
• Shone, N., Ngoc, T. N., Phai, V. D., and Shi, Q., ”A deep learning approach to network intrusion detection”, IEEE transactions on emerging topics in computational intelligence, 2, 41-50, 2018.
• Niu, Y., Chen, C., Zhang, X., Zhou, X., and Liu, H., “Application of a New Feature Generation Algorithm in Intrusion Detection System”, Wireless Communications and Mobile Computing, 1, 1-17, 2022.
• Ingre, B., and Yadav, A., “Performance analysis of NSL-KDD dataset using ANN”, 2015 international conference on signal processing and communication engineering systems, 92-96, 2015.
• Ambusaidi, M. A., He, X., Nanda, P., and Tan, Z., “Building an intrusion detection system using a filter-based feature selection algorithm”, IEEE transactions on computers, 65 (10), 2986-2998, 2016.
• Ferrag, M. A., Maglaras, L., Moschoyiannis, S., and Janicke, H., “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study”, Journal of Information Security and Applications, 50, 102-419, 2020.
• Beechey, M., Kyriakopoulos, K. G., and Lambotharan, S., “Evidential classification and feature selection for cyber-threat hunting”, Knowledge-Based Systems, 226, 107-120, 2021.
• Moustafa, N., Koroniotis, N., Keshk, M., Zomaya, A. Y., and Tari, Z., “Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions”, IEEE Communications Surveys & Tutorials, 1, 1-17, 2023.
• Sevri, M., and Karacan, H., “Explainable Artificial Intelligence (XAI) for Deep Learning Based Intrusion Detection Systems”, In The International Conference on Artificial Intelligence and Applied Mathematics in Engineering, 39-55, Cham: Springer International Publishing, 2022.
• Wang, M., Zheng, K., Yang, Y., and Wang, X., “An explainable machine learning framework for intrusion detection systems”, IEEE Access, 8, 73127-73141, 2020.
• Mallampati, S. B., and Seetha, H., “A Review on Recent Approaches of Machine Learning, Deep Learning, and Explainable Artificial Intelligence in Intrusion Detection Systems”, Majlesi Journal of Electrical Engineering, 17(1), 29-54, 2023.
• Patil, S., Varadarajan, V., Mazhar, S. M., Sahibzada, A., Ahmed, N., Sinha, O., and Kotecha, K., “Explainable artificial intelligence for intrusion detection system”, Electronics, 11(19), 30-79, 2022.
• Kharwar, A., & Thakor, D. (2023). A hybrid approach for feature selection using SFFS and SBFS with extra-tree and classification using XGBoost. International Journal of Ad Hoc and Ubiquitous Computing, 43(4), 191-205.
• Carrera, F., Dentamaro, V., Galantucci, S., Iannacone, A., Impedovo, D., & Pirlo, G. (2022). Combining unsupervised approaches for near real-time network traffic anomaly detection. Applied Sciences, 12(3), 1759.
• Sivamohan, S., & Sridhar, S. S. (2023). An optimized model for network intrusion detection systems in industry 4.0 using XAI based Bi-LSTM framework. Neural Computing and Applications, 35(15), 11459-11475.
• Alexey Natekin, “Gradient boosting machines, a tutorial”, 2013. [Online]. Available: https://www.frontiersin.org/articles/10.3389/fnbot.2013.00021/full. [Accessed 14 11 2022].
• Ravipati, R. D., and Abualkibash, M., “Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets-a review paper”, International Journal of Computer Science & Information Technology, 11(3), 65-80, 2019.
• Güllü, M., Polat, H., and Çetin, A., “Author identification with chicken swarm optimization algorithm and adaboost approaches”, International Conference on Computer Science and Engineering, 1-5, 2020.
• Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A. V., & Gulin, A. (2018). CatBoost: unbiased boosting with categorical features. Advances in neural information processing systems, 31.
• Ravipati, R. D., & Abualkibash, M. (2019). Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets-a review paper. International Journal of Computer Science & Information Technology (IJCSIT) 11.
• Anonymous , “Welcome to Shapash’s documentation”, 2020. [Online]. Available: https://shapash.readthedocs.io/en/latest/. [Accessed 24 1 2022].
• Amin, M. N., Salami, B. A., Zahid, M., Iqbal, M., Khan, K., Abu-Arab, A. M., and Jalal, F. E., “Investigating the Bond Strength of FRP Laminates with Concrete Using LIGHT GBM and SHAPASH Analysis”, Polymers, 14 (21), 1-16, 2022.
• Bouche T., "Overview", 2022. [Online]. Available: https://github.com/MAIF/shapash. [Accessed 26 11, 2022].