Developing an Explainable AI (XAI) Model for Cyber-Attack Detection in Industrial Internet of Things (IIoT) Environments
Keywords:
Explainable AI (XAI) ; Industrial Internet of Things (IIoT) ; Intrusion Detection System (IDS) ;Network Traffic Classification; Cybersecurity; Random Forest; SHAP; Machine LearningAbstract
The Internet of Things (IoT) in industries improves the efficiency of operations at the cost of expanding the attack surface of critical infrastructure. In this paper, the original proposal is rewritten in the form of a journal and a baseline explainable machine learning workflow is described to detect cyber-attacks using a network traffic dataset provided by the author. The data consist of 211,043 records, 42 predictive variables, a binary attack flag, and ten-class label of traffic type (normal traffic and various forms of attacks) namely backdoor, DDoS, DoS, injection, password, scanning, ransomware, cross-site scripting and man-in-the-middle activity. Following categorical encoding and an 80/20 stratified train-test split, a Random Forest classifier was trained and mapped using SHAP-based feature analysis. The model had a 99.52% accuracy and a macro F1-score of 98.77 and weighted F1-score of 99.52% on the multi-class task. The findings indicate that the network dataset that has been attached is much more appropriate than the Iris dataset that was used previously, since it directly models the target security problem, as opposed to an irrelevant botanical classification exercise. The paper concludes that explainable, data-driven intrusion detection can be achieved on the attached dataset, although the importance of features focused on addressing fields and port-related fields may decrease the generalizability in case the conditions of deployment vary between the training environment and the deployment setting.Keywords: Explainable AI, Industrial Internet of Things, intrusion detection, network traffic classification, SHAP, Random Forest
References
[1] H. Boyes, B. Hallaq, J. Cunningham, and T. Watson, “The industrial internet of things (IIoT): An analysis framework,” Computers in Industry, vol. 101, pp. 1-12, 2018.
[2] E. Sisinni, A. Saifullah, S. Han, U. Jennehag, and M. Gidlund, “Industrial internet of things: Challenges, opportunities, and directions,” IEEE Transactions on Industrial Informatics, vol. 14, no. 11, pp. 4724-4734, 2018.
[3] A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-physical systems security - A survey,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1802-1831, 2017.
[4] A. R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference, 2015.
[5] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, 2020.
[6] R. Guidotti et al., “A survey of methods for explaining black box models,” ACM Computing Surveys, vol. 51, no. 5, 2018.
[7] A. B. Arrieta et al., “Explainable artificial intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI,” Information Fusion, vol. 58, pp. 82-115, 2020.
[8] L. Breiman, “Random forests,” Machine Learning, vol. 45, no. 1, pp. 5-32, 2001.
[9] S. M. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” in Advances in Neural Information Processing Systems, vol. 30, 2017.
