EXPLAIN-IT: Towards Explainable AI for Unsupervised Network Traffic Analysis
This addresses the need for explainable AI in unsupervised network traffic analysis, particularly for cybersecurity or network management, but is incremental as it extends existing explainable AI methods to unsupervised learning.
The paper tackles the problem of making unsupervised clustering results interpretable for network traffic analysis by introducing EXPLAIN-IT, a methodology that provides explanations for clustering decisions, and demonstrates its application in YouTube video quality classification under encrypted traffic with promising results.
The application of unsupervised learning approaches, and in particular of clustering techniques, represents a powerful exploration means for the analysis of network measurements. Discovering underlying data characteristics, grouping similar measurements together, and identifying eventual patterns of interest are some of the applications which can be tackled through clustering. Being unsupervised, clustering does not always provide precise and clear insight into the produced output, especially when the input data structure and distribution are complex and difficult to grasp. In this paper we introduce EXPLAIN-IT, a methodology which deals with unlabeled data, creates meaningful clusters, and suggests an explanation to the clustering results for the end-user. EXPLAIN-IT relies on a novel explainable Artificial Intelligence (AI) approach, which allows to understand the reasons leading to a particular decision of a supervised learning-based model, additionally extending its application to the unsupervised learning domain. We apply EXPLAIN-IT to the problem of YouTube video quality classification under encrypted traffic scenarios, showing promising results.