Abstract
Cybersecurity has been a concern for quite a while now. In the latest years, cyberattacks have been increasing in size and complexity, fueled by significant advances in technology. Nowadays, there is an unavoidable necessity of protecting systems and data crucial for business continuity. Hence, many intrusion detection systems have been created in an attempt to mitigate these threats and contribute to a timelier detection. This work proposes an interpretable and explainable hybrid intrusion detection system, which makes use of artificial intelligence methods to achieve better and more long-lasting security. The system combines experts’ written rules and dynamic knowledge continuously generated by a decision tree algorithm as new shreds of evidence emerge from network activity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Institute Director, M., Cilluffo, F.J.: Cyber and Physical Security: Perspectives from the C-Suite Survey Research Project Conducted by the Center for Cyber and Homeland Security (CCHS) in Partnership with the International Security Management Association (ISMA) Project Leadership, May 2019. http://cchs.auburn.edu/_files/isma-survey-paper.pdf. Accessed 19 Apr 2021
Cole, E.: Network Security Bible, 2nd edn. Wiley, New York (2002)
KishorWagh, S., Pachghare, V.K., Kolhe, S.R.: Survey on intrusion detection system using machine learning techniques. Int. J. Comput. Appl. 78(16), 30–37 (2013). https://doi.org/10.5120/13608-1412
Snort - Network Intrusion Detection and Prevention System. https://www.snort.org/. Accessed 05 May 2021
Suricata | Open Source IDS/IPS/NSM Engine. https://suricata-ids.org/. Accessed 05 May 2021
The Zeek Network Security Monitor. https://zeek.org/. Accessed 04 July 2021
National Institute of Standards and Technology | NIST. https://www.nist.gov/. Accessed 17 Sept 2021
National Institute of Standards. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (2014). https://doi.org/10.6028/NIST.CSWP.04162018
Oliveira, N., Praça, I., Maia, E., Sousa, O.: Intelligent cyber attack detection and classification for network-based intrusion detection systems. Appl. Sci. 11(4), 1674 (2021). https://doi.org/10.3390/app11041674
Mahbooba, B., Timilsina, M., Sahal, R., Serrano, M.: Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021, 1–11 (2021). https://doi.org/10.1155/2021/6634811
Rosenfeld, A., Richardson, A.: Explainability in human–agent systems. Autonom. Agents Multi-Agent Syst. 33(6), 673–705 (2019). https://doi.org/10.1007/s10458-019-09408-y
Duval, A.: Explainable Artificial Intelligence (XAI) Explainable Artificial Intelligence (XAI) by Alexandre Duval MA4K9 Scholarly Report Submitted to the University of Warwick Mathematics Institute (2019). https://doi.org/10.13140/RG.2.2.24722.09929
Shah, S.A.R., Issac, B.: Performance comparison of intrusion detection systems and application of machine learning to snort system. Futur. Gener. Comput. Syst. 80, 157–170 (2018). https://doi.org/10.1016/j.future.2017.10.016
Gustavsson, V.: Machine learning for network based intrusion detection: an application using Zeek and the CICIDS2017 dataset. In: Royal Institute of Technology, KTH School of Electrical Engineering and Computer Science Stockholm, Sweden (2019)
Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC, vol. Part F1334, no. 0293, pp. 371–377 (1999). https://doi.org/10.1109/CSAC.1999.816048
Ojugo, A.A., Eboka, A.O., Okonta, O.E., Yoro, R.E., Aghware, F.O.: Genetic algorithm rule-based intrusion detection system (GAIDS). J. Emerg. Trends Comput. Inf. Syst. 3(8), 1182–1194 (2012). http://www.cisjournal.org
Welcome To UML Web Site! https://www.uml.org/. Accessed 05 May 2021
Kruchten, P.: Architectural Blueprints-The ‘4+1’ View Model of Software Architecture (1995)
Brown, S.: The C4 model for visualising software architecture. Infoq.Com, pp. 1–13 (2020). https://c4model.com/. Accessed 07 May 2021
Al-Debagy, O., Martinek, P.: A comparative review of microservices and monolithic architectures. In: Proceedings of the 18th IEEE International Symposium on Computational Intelligence and Informatics, CINTI 2018, pp. 149–154 (2018). https://doi.org/10.1109/CINTI.2018.8928192
Larman, C.: Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process, 2nd edn (2001)
Martin, R.C.: Design Principles and Design Patterns (2000)
Proctor, M.: “Gizil Oguz,” no. January 2008 (2014)
Lukkarinen, A., Malmi, L., Haaranen, L.: Event-driven programming in programming education: a mapping review. ACM Trans. Comput. Educ. 21(1), 31 (2021). https://doi.org/10.1145/3423956
Apache Kafka. https://kafka.apache.org/. Accessed 05 May 2021
What is REST. https://restfulapi.net/. Accessed 22 June 2021
Scikit-Learn: Machine Learning in Python — Scikit-Learn 0.24.2 Documentation. https://scikit-learn.org/stable/. Accessed 04 May 2021
Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017, 1–14 (2017). https://doi.org/10.1155/2017/3691629
Acknowledgements
This work was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “Cybers SeC IP” (NORTE-01-0145-FEDER-000044). This work has also received funding from the following projects: UIDB/00760/2020, UIDP/00760/2020 and CyberFactory# 1 (Refª: NORTE-01-0247-FEDER-40124).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dias, T., Oliveira, N., Sousa, N., Praça, I., Sousa, O. (2022). A Hybrid Approach for an Interpretable and Explainable Intrusion Detection System. In: Abraham, A., Gandhi, N., Hanne, T., Hong, TP., Nogueira Rios, T., Ding, W. (eds) Intelligent Systems Design and Applications. ISDA 2021. Lecture Notes in Networks and Systems, vol 418. Springer, Cham. https://doi.org/10.1007/978-3-030-96308-8_96
Download citation
DOI: https://doi.org/10.1007/978-3-030-96308-8_96
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-96307-1
Online ISBN: 978-3-030-96308-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)