Automated and Explainable Denial of Service Analysis for AI-Driven Intrusion Detection Systems
This work addresses the need for scalable and interpretable intrusion detection systems in cybersecurity, though it is incremental by combining existing tools like TPOT and SHAP.
The paper tackled the problem of detecting Distributed Denial of Service (DDoS) attacks by developing an automated framework using machine learning to improve accuracy and transparency, with experimental results identifying key features like mean backward packet length and minimum forward packet header length as critical for detection.
With the increasing frequency and sophistication of Distributed Denial of Service (DDoS) attacks, it has become critical to develop more efficient and interpretable detection methods. Traditional detection systems often struggle with scalability and transparency, hindering real-time response and understanding of attack vectors. This paper presents an automated framework for detecting and interpreting DDoS attacks using machine learning (ML). The proposed method leverages the Tree-based Pipeline Optimization Tool (TPOT) to automate the selection and optimization of ML models and features, reducing the need for manual experimentation. SHapley Additive exPlanations (SHAP) is incorporated to enhance model interpretability, providing detailed insights into the contribution of individual features to the detection process. By combining TPOT's automated pipeline selection with SHAP interpretability, this approach improves the accuracy and transparency of DDoS detection. Experimental results demonstrate that key features such as mean backward packet length and minimum forward packet header length are critical in detecting DDoS attacks, offering a scalable and explainable cybersecurity solution.