ENIXMA: ENsemble of EXplainable Methods for detecting network Attack

Articles in Press

Document Type : Original Article

Authors

School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

10.22067/cke.2024.82986.1084

Abstract

The Internet has become an integral societal component, with its accessibility being imperative. However, malicious actors strive to disrupt internet services and exploit service providers. Countering such challenges necessitates robust methods for identifying network attacks. Yet, prevailing approaches often grapple with compromised precision and limited interpretability. In this paper, we introduce a pioneering solution named ENIXMA, which harnesses a fusion of machine learning classifiers to enhance attack identification. We validate ENIXMA using the CICDDoS2019 dataset. Our approach achieves a remarkable 90% increase in attack detection precision on the balanced CICDDoS2019 dataset, signifying a substantial advancement compared to antecedent methodologies that registered a mere 3% precision gain. We employ diverse preprocessing and normalization techniques, including z-score, to refine the data. To surmount interpretability challenges, ENIXMA employs SHAP, LIME, and decision tree methods to pinpoint pivotal features in attack detection. Additionally, we scrutinize pivotal scenarios within the decision tree. Notably, ENIXMA not only attains elevated precision and interpretability but also showcases expedited performance in contrast to prior techniques.

Keywords

Main Subjects

Send comment about this article
CAPTCHA Image
Computer and Knowledge Engineering

Articles in Press, Accepted Manuscript
Available Online from 14 May 2024

Files

Share

How to cite

Statistics