A hybrid learning-based intrusion detection framework for emerging network attacks with LIME-driven interpretability

Abstract

The fast-developing artificial intelligence (AI) in cybersecurity has brought the most recent prospects and threats. This thesis examines the weaknesses of AI-based Intrusion Detection Systems (IDS), especially in competitive and adversarial uses that strive to cause model misbehaviors. Starting with conducting a thorough literature review, we are discussing the current methodologies within AI-based IDS and indicating the issues of obscurity of models, scalability, and robustness. Then, a variety of models are applied, ensemble and ordinary machine learning, decision trees, random forests, gradient-based (XGBoost and LightGBM), etc. In order to further promote model reliability and transparency, the Explainable AI (XAI) technique is incorporated, paying particular attention to the LIME (Local Interpretable Model- Agnostic Explanations) method of AI decision-making interpretation. Moreover, we also build and test hybrid ensemble models in order to enhance the accuracy of detection and adversarial resilience. The thesis ends with a demonstration of how explainability and ensemble can be combined to have stronger and more trustworthy and effective intrusion detection frameworks.