FALSE POSITIVE IDENTIFICATION IN INTRUSION DETECTION USING XAI
Keywords:
Intrusion detection, machine learning, explainability, XAI, false positive rateAbstract
With the growing popularity of the Internet to access sensitive data, intrusion detection has become a
necessary security measure. The evolution of Artificial Intelligence over the past few decades,
particularly in Machine Learning techniques, combined with the availability of network traffic datasets,
has created an immense development and research field for anomaly-based Intrusion Detection Systems.
However, there is unanimity among published studies on this issue that this form of detection is more
prone to false positives. In order to mitigate this problem, we propose a more effective method of
identifying them, compared to using only the algorithm’s confidence. For this, we hypothesize that the
relevance given by the algorithm to certain attributes may be related to whether the detection is true or
false. The method consists, therefore, in obtaining these features relevance through eXplainable Artificial
Intelligence (XAI) and, together with a confidence measure, identifying detections that are more likely to
be false. By using the LYCOS-IDS2017 dataset, it is possible to eliminate some percentage of the total
false positives, with a loss of only less number of true positives. Conversely, by using only a confidence
measure, the elimination of false positives is approximately just 50%, with a loss of 0.42% of true
positives
