E-XAI: Evaluating Black-Box Explainable AI Frameworks for Network Intrusion Detection
Primary Investigator:
Research Independant
Osvaldo Arreche, Tanish Guntur, Jack Roberts Primary PI:
Abstract
The exponential growth of intrusions on networked systems inspires new research directions
on developing artificial intelligence (AI) techniques for intrusion detection systems (IDS). In particular, the
need to understand and explain these AI models to security analysts (managing these IDS to safeguard their
networks) motivates the usage of explainable AI (XAI) methods in real-world IDS. In this work, we propose
an end-to-end framework to evaluate black-box XAI methods for network IDS. We evaluate both global
and local scopes for these black-box XAI methods for network intrusion detection. We analyze six different
evaluation metrics for two popular black-box XAI techniques, namely SHAP and LIME. These metrics are
descriptive accuracy, sparsity, stability, efficiency, robustness, and completeness. They cover main metrics
from network security and AI domains. We evaluate our XAI evaluation framework using three popular
network intrusion datasets and seven AI methods with different characteristics. We release our codes for
the network security community to access it as a baseline XAI framework for network IDS. Our framework
shows the limitations and strengths of current black-box XAI methods when applied to network IDS.