Ahmed, Usman and Jiangbin, Zheng and Almogren, Ahmad and Khan, Sheharyar and Sadiq, Muhammad Tariq and Altameem, Ayman and Rehman, Ateeq Ur (2024) Explainable AI-based innovative hybrid ensemble model for intrusion detection. Journal of Cloud Computing, 13 (1). DOI https://doi.org/10.1186/s13677-024-00712-x
Ahmed, Usman and Jiangbin, Zheng and Almogren, Ahmad and Khan, Sheharyar and Sadiq, Muhammad Tariq and Altameem, Ayman and Rehman, Ateeq Ur (2024) Explainable AI-based innovative hybrid ensemble model for intrusion detection. Journal of Cloud Computing, 13 (1). DOI https://doi.org/10.1186/s13677-024-00712-x
Ahmed, Usman and Jiangbin, Zheng and Almogren, Ahmad and Khan, Sheharyar and Sadiq, Muhammad Tariq and Altameem, Ayman and Rehman, Ateeq Ur (2024) Explainable AI-based innovative hybrid ensemble model for intrusion detection. Journal of Cloud Computing, 13 (1). DOI https://doi.org/10.1186/s13677-024-00712-x
Abstract
Cybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Stacking ensemble, Bayesian model averaging, Conditional ensemble method, Machine learning, Explainable AI, Network security, Intrusion detection |
Subjects: | Z Bibliography. Library Science. Information Resources > ZZ OA Fund (articles) |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 28 Oct 2024 17:18 |
Last Modified: | 30 Oct 2024 17:40 |
URI: | http://repository.essex.ac.uk/id/eprint/39474 |
Available files
Filename: s13677-024-00712-x.pdf
Licence: Creative Commons: Attribution 4.0