Skip to main content
SpringerLink
Log in

A Hybrid Approach for an Interpretable and Explainable Intrusion Detection System

  • Conference paper
  • First Online:
Intelligent Systems Design and Applications (ISDA 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 418))

Abstract

Cybersecurity has been a concern for quite a while now. In the latest years, cyberattacks have been increasing in size and complexity, fueled by significant advances in technology. Nowadays, there is an unavoidable necessity of protecting systems and data crucial for business continuity. Hence, many intrusion detection systems have been created in an attempt to mitigate these threats and contribute to a timelier detection. This work proposes an interpretable and explainable hybrid intrusion detection system, which makes use of artificial intelligence methods to achieve better and more long-lasting security. The system combines experts’ written rules and dynamic knowledge continuously generated by a decision tree algorithm as new shreds of evidence emerge from network activity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Institute Director, M., Cilluffo, F.J.: Cyber and Physical Security: Perspectives from the C-Suite Survey Research Project Conducted by the Center for Cyber and Homeland Security (CCHS) in Partnership with the International Security Management Association (ISMA) Project Leadership, May 2019. http://cchs.auburn.edu/_files/isma-survey-paper.pdf. Accessed 19 Apr 2021

  2. Cole, E.: Network Security Bible, 2nd edn. Wiley, New York (2002)

    Google Scholar 

  3. KishorWagh, S., Pachghare, V.K., Kolhe, S.R.: Survey on intrusion detection system using machine learning techniques. Int. J. Comput. Appl. 78(16), 30–37 (2013). https://doi.org/10.5120/13608-1412

    Article  Google Scholar 

  4. Snort - Network Intrusion Detection and Prevention System. https://www.snort.org/. Accessed 05 May 2021

  5. Suricata | Open Source IDS/IPS/NSM Engine. https://suricata-ids.org/. Accessed 05 May 2021

  6. The Zeek Network Security Monitor. https://zeek.org/. Accessed 04 July 2021

  7. National Institute of Standards and Technology | NIST. https://www.nist.gov/. Accessed 17 Sept 2021

  8. National Institute of Standards. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (2014). https://doi.org/10.6028/NIST.CSWP.04162018

  9. Oliveira, N., Praça, I., Maia, E., Sousa, O.: Intelligent cyber attack detection and classification for network-based intrusion detection systems. Appl. Sci. 11(4), 1674 (2021). https://doi.org/10.3390/app11041674

    Article  Google Scholar 

  10. Mahbooba, B., Timilsina, M., Sahal, R., Serrano, M.: Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021, 1–11 (2021). https://doi.org/10.1155/2021/6634811

    Article  Google Scholar 

  11. Rosenfeld, A., Richardson, A.: Explainability in human–agent systems. Autonom. Agents Multi-Agent Syst. 33(6), 673–705 (2019). https://doi.org/10.1007/s10458-019-09408-y

    Article  Google Scholar 

  12. Duval, A.: Explainable Artificial Intelligence (XAI) Explainable Artificial Intelligence (XAI) by Alexandre Duval MA4K9 Scholarly Report Submitted to the University of Warwick Mathematics Institute (2019). https://doi.org/10.13140/RG.2.2.24722.09929

  13. Shah, S.A.R., Issac, B.: Performance comparison of intrusion detection systems and application of machine learning to snort system. Futur. Gener. Comput. Syst. 80, 157–170 (2018). https://doi.org/10.1016/j.future.2017.10.016

    Article  Google Scholar 

  14. Gustavsson, V.: Machine learning for network based intrusion detection: an application using Zeek and the CICIDS2017 dataset. In: Royal Institute of Technology, KTH School of Electrical Engineering and Computer Science Stockholm, Sweden (2019)

    Google Scholar 

  15. Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC, vol. Part F1334, no. 0293, pp. 371–377 (1999). https://doi.org/10.1109/CSAC.1999.816048

  16. Ojugo, A.A., Eboka, A.O., Okonta, O.E., Yoro, R.E., Aghware, F.O.: Genetic algorithm rule-based intrusion detection system (GAIDS). J. Emerg. Trends Comput. Inf. Syst. 3(8), 1182–1194 (2012). http://www.cisjournal.org

  17. Welcome To UML Web Site! https://www.uml.org/. Accessed 05 May 2021

  18. Kruchten, P.: Architectural Blueprints-The ‘4+1’ View Model of Software Architecture (1995)

    Google Scholar 

  19. Brown, S.: The C4 model for visualising software architecture. Infoq.Com, pp. 1–13 (2020). https://c4model.com/. Accessed 07 May 2021

  20. Al-Debagy, O., Martinek, P.: A comparative review of microservices and monolithic architectures. In: Proceedings of the 18th IEEE International Symposium on Computational Intelligence and Informatics, CINTI 2018, pp. 149–154 (2018). https://doi.org/10.1109/CINTI.2018.8928192

  21. Larman, C.: Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process, 2nd edn (2001)

    Google Scholar 

  22. Martin, R.C.: Design Principles and Design Patterns (2000)

    Google Scholar 

  23. Proctor, M.: “Gizil Oguz,” no. January 2008 (2014)

    Google Scholar 

  24. Lukkarinen, A., Malmi, L., Haaranen, L.: Event-driven programming in programming education: a mapping review. ACM Trans. Comput. Educ. 21(1), 31 (2021). https://doi.org/10.1145/3423956

    Article  Google Scholar 

  25. Apache Kafka. https://kafka.apache.org/. Accessed 05 May 2021

  26. What is REST. https://restfulapi.net/. Accessed 22 June 2021

  27. Scikit-Learn: Machine Learning in Python — Scikit-Learn 0.24.2 Documentation. https://scikit-learn.org/stable/. Accessed 04 May 2021

  28. Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017, 1–14 (2017). https://doi.org/10.1155/2017/3691629

    Article  Google Scholar 

Download references

Acknowledgements

This work was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “Cybers SeC IP” (NORTE-01-0145-FEDER-000044). This work has also received funding from the following projects: UIDB/00760/2020, UIDP/00760/2020 and CyberFactory# 1 (Refª: NORTE-01-0247-FEDER-40124).

Author information

Authors and Affiliations

  1. Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), Porto School of Engineering (ISEP), 4200-072, Porto, Portugal

    Tiago Dias, Nuno Oliveira, Norberto Sousa, Isabel Praça & Orlando Sousa

Authors
  1. Tiago Dias
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuno Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Norberto Sousa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Isabel Praça
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Orlando Sousa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tiago Dias .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Ajith Abraham

  2. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Niketa Gandhi

  3. Institut für Wirtschaftsinformatik, Fachhochschule Nordwestschweiz, Olten, Switzerland

    Thomas Hanne

  4. Department of Computer Science and information Engineering, National University of Kaohsiung, Kaohsiung, Taiwan

    Tzung-Pei Hong

  5. Federal University of Bahia, Ondina, Brazil

    Tatiane Nogueira Rios

  6. Nantong University, Nantong Shi, Jiangsu, China

    Weiping Ding

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dias, T., Oliveira, N., Sousa, N., Praça, I., Sousa, O. (2022). A Hybrid Approach for an Interpretable and Explainable Intrusion Detection System. In: Abraham, A., Gandhi, N., Hanne, T., Hong, TP., Nogueira Rios, T., Ding, W. (eds) Intelligent Systems Design and Applications. ISDA 2021. Lecture Notes in Networks and Systems, vol 418. Springer, Cham. https://doi.org/10.1007/978-3-030-96308-8_96

Download citation

Publish with us

Policies and ethics

Search

Navigation