Ngoc Tai Nguyen , Hien Do Hoang , Phan The Duy * and Van-Hau Pham

* Corresponding author (duypt@uit.edu.vn)

Main Article Content

Abstract

In recent years, Deep Neural Networks (DNN) have demonstrated remarkable success in various domains, including Intrusion Detection Systems (IDS). The ability of DNN to learn complex patterns from large datasets has significantly improved IDS performance, leading to more accurate and efficient threat detection. Despite their effectiveness, DNN models exhibit vulnerabilities to adversarial attacks, where malicious inputs are specifically crafted to deceive the models and evade detection. This paper provides insights into the effectiveness of deep learning-based IDS (DL-IDS) against adversarial example (AE) attacks. We tackle the weaknesses of DNN in detecting adversarial attacks by proposing the Convolutional Neural Network (CNN), which serves as an AE detector. We also utilize one of the XAI techniques, specifically SHAP, to enhance the transparency of the AE detector. Our results show that the AE detector has obvious effects for detecting adversarial examples and achieves an impressive 99.46% accuracy in our experimental environment.

Keywords: Machine learning, XAI, intrusion detection, adversarial sample, explainable AI

Article Details

References

ART. (n.d.). Retrieved from Adversarial Robustness Toolbox: https://github.com/Trusted-AI/adversarial-robustness-toolbox

Capuano, N. A. (2022). Explainable artificial intelligence in cybersecurity: A survey. IEEE Access, 93575--93600.

Carlini, N. A. (2017). Towards evaluating the robustness of neural networks. In 2017 IEEE Symposium on Security and Privacy (sp) (pp. 39--57). IEEE.

Chawla, N. V. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of artificial intelligence research.

Goodfellow, I. J. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.

Ko, G. A. (2021). Unsupervised detection of adversarial examples with model explanations. arXiv preprint arXiv:2107.10480.

Le, T.-T.-H. A. (2022). Classification and explanation for intrusion detection system based on ensemble trees and SHAP method. Sensors, 1154.

Liang, H. A. (2022). Adversarial attack and defense: A survey. Electronics, 1283.

Lundberg, S. M. I. (2017). A unified approach to interpreting model predictions. Advances in neural information processing systems, 30.

Moosavi-Dezfooli, S.-M. A. (2016). Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition.

Otoum, Y. A. (2022). DL-IDS: a deep learning--based intrusion detection framework for securing IoT. Transactions on Emerging Telecommunications Technologies, e3803.

Papernot, N. A. (2016). The limitations of deep learning in adversarial settings. In 2016 IEEE European symposium on security and privacy (EuroS&P) (pp. 372--387).

Peng, J. A. (2022). An trustworthy intrusion detection framework enabled by ex-post-interpretation-enabled approach. Journal of Information Security and Applications, 103364.

SHAP. (n.d.). Retrieved from SHAP: https://github.com/shap/shap

Sun, P., Liu, P., Li, Q., Liu, C., Lu, X., Hao, R., & Chen, J. (2020). DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system. Security and communication networks, 2020, 1-11.

Wang, J. (2021). Adversarial examples in physical world. In IJCAI (pp. 4925-4926).

Wang, N. A. (2022). Manda: On adversarial example detection for network intrusion detection system. IEEE Transactions on Dependable and Secure Computing, 1139-1153.

Wilson, D. (2020). From explanations to feature selection: assessing SHAP values as feature selection mechanism. In 2020 33rd SIBGRAPI conference on Graphics, Patterns and Images (SIBGRAPI) (pp. 340-347).