Using Kernel SHAP XAI Method to optimize the Network Anomaly Detection Model
This work addresses the challenge of interpreting anomaly detection in network security, which is important for intrusion and fraud detection, but it is incremental as it applies an existing XAI method to optimize a model.
The paper tackled the problem of detecting and explaining network anomalies by applying the kernel SHAP explainable AI method to improve model performance, achieving an overall accuracy of 0.90 and F-score of 0.76 on the CICIDS2017 dataset.
Anomaly detection and its explanation is important in many research areas such as intrusion detection, fraud detection, unknown attack detection in network traffic and logs. It is challenging to identify the cause or explanation of why one instance is an anomaly? and the other is not due to its unbounded and lack of supervisory nature. The answer to this question is possible with the emerging technique of explainable artificial intelligence (XAI). XAI provides tools and techniques to interpret and explain the output and working of complex models such as Deep Learning (DL). This paper aims to detect and explain network anomalies with XAI, kernelSHAP method. The same approach is used to improve the network anomaly detection model in terms of accuracy, recall, precision and f score. The experiment is conduced with the latest CICIDS2017 dataset. Two models are created (Model_1 and OPT_Model) and compared. The overall accuracy and F score of OPT_Model (when trained in unsupervised way) are 0.90 and 0.76, respectively.