A Hybrid Approach for an Interpretable and Explainable Intrusion Detection System
This work addresses the need for more interpretable and explainable intrusion detection systems in cybersecurity, but it appears incremental as it builds on existing methods without claiming major breakthroughs.
The paper tackles the problem of improving cybersecurity by developing a hybrid intrusion detection system that combines expert-written rules with dynamic knowledge from a decision tree algorithm to enhance detection capabilities, though no concrete performance numbers are provided.
Cybersecurity has been a concern for quite a while now. In the latest years, cyberattacks have been increasing in size and complexity, fueled by significant advances in technology. Nowadays, there is an unavoidable necessity of protecting systems and data crucial for business continuity. Hence, many intrusion detection systems have been created in an attempt to mitigate these threats and contribute to a timelier detection. This work proposes an interpretable and explainable hybrid intrusion detection system, which makes use of artificial intelligence methods to achieve better and more long-lasting security. The system combines experts' written rules and dynamic knowledge continuously generated by a decision tree algorithm as new shreds of evidence emerge from network activity.