Litcius/Paper detail

Explainability of Cybersecurity Threats Data Using SHAP

Rafa Alenezi, Simone A. Ludwig

20212021 IEEE Symposium Series on Computational Intelligence (SSCI)51 citationsDOI

Abstract

Nowadays, cybersecurity threats have become a worrisome issue that need to be addressed in all of the world. Almost all people have smart devices that are connected worldwide and many are using social media platforms, and thus, most of their personal information is used and shared. An example of cybersecurity threats are malicious URLs and malware, which are very likely to impact general users. For the research community, detecting new types of attacks is a challenge. Most of the past research studies focused on surveying malicious attack detection. The classification models detect the kind of attacks by using machine learning approaches. Interpreting machine learning models is also an important issue. Tree, Deep, and Kernel of SHAP (Shapley Additive Explanations) are well-known techniques, which achieve efficient performance in interpreting the results. In this paper, two cyber data sets are investigated, both being five-class data sets, for which the Random Forest Classifier, XGBoost Classification, and the Keras Sequential algorithms are applied. The obtained results confirm that applying the classifiers to generate the models are good choices to detect cybersecurity threats. The efficacy of these models' performance was evaluated by measuring the precision, recall, F1-score, accuracy, and confusion matrix. In addition, three SHAP methods are used to explain the output of the resulting machine learning models for the five-class data sets.

Topics & Concepts

Computer scienceMalwareMachine learningRandom forestComputer securityConfusion matrixCyber threatsArtificial intelligenceClassifier (UML)Intrusion detection systemClass (philosophy)Attack modelConfusionData miningPsychoanalysisPsychologyNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesSpam and Phishing Detection