Cybersecurity Knowledge Extraction Using XAI

Global networking, growing computer infrastructure complexity and the ongoing migration of many private and business aspects to the electronic domain commonly mandate using cutting-edge technologies based on data analysis, machine learning, and artificial intelligence to ensure high levels of network and information system security. Transparency is a major barrier to the deployment of black box intelligent systems in high-risk domains, such as the cybersecurity domain, with the problem getting worse as machine learning models increase in complexity. In this research, explainable machine learning is used to extract information from the CIC-IDS2017 dataset and to critically contrast the knowledge attained by analyzing if-then decision tree rules with the knowledge attained by the SHAP approach. The paper compares the challenges of the knowledge extraction using the SHAP method and the if-then decision tree rules, providing guidelines regarding different approaches suited to specific situations.

Automated summary

Global networking and the complexity of computer infrastructures require the use of cutting-edge technologies like data analysis, machine learning, and artificial intelligence to ensure network and information system security. However, in high-risk domains, the deployment of black box intelligent systems is hindered by the lack of transparency, especially as machine learning models become more complex. This research focuses on the use of explainable machine learning to extract knowledge from a specific dataset, comparing the knowledge attained through decision tree rules and the SHAP approach, and providing guidelines for different approaches in specific situations.