EXPLAINABLE AI-BASED INTRUSION DETECTION SYSTEM FOR CLOUD-IOT SECURITY

Abstract

Cloud computing and the Internet of Things (IoT) are coming together quickly , creating a confusing security situation with diverse technologies needing integration along with overloaded networks, shared environments and ongoing threats such as DoS (Denial of Service), Distributed DoS (DDoS), man in the middle and data breaches . [1]. The current level of reliance on existing IDSs within the Cloud-IoT domain is on black box machine learning techniques of various types. Many IDSs using this type of technology can detect intrusions with great accuracy but they offer no insight into how they arrive at their conclusions. This is a major limitation when considering the importance of analysts understanding and having confidence in the recommendations made by the automated application of these systems. [2]. An XAI-IDS is proposed in this paper, which is an XAI-based Intrusion Detection System (IDS) that uses a Random Forest (RF) ensemble classifier with SHAP to provide high accuracy and human-readable explanations at both the feature and instance level while detecting intrusions in Cloud-IoT Security. Both UNSW-NB15 and N-BaIoT are used as test datasets, which take into consideration four of the main components of Cloud-IoT Security: protection of data/information, networks, access control and privacy. [3]. The experimental findings reflect an overall detection accuracy rate of 98.3%, a macro F1-score of 97.8%, and a false positive rate of only 0.9%. In addition, using SHAP analysis, the most important features for each attack class can be identified, which allows security analysts to positively audit their decisions, optimize their policies, and respond properly to cloud-IoT threats. The proposed framework is a deployable, transparent, and multi-component security framework. It overcomes the issue identified in previous research where most solutions focused on only one component of a multi-layered security solution. [4].