<p>As cyber threats evolve in complexity and scale, accurately classifying network traffic is paramount for effective cybersecurity. Leveraging ensemble learning techniques offers a robust solution to enhance the detection and differentiation of malicious and legitimate traffic patterns. This paper presents the Local Interpretable hybrid meta-learner (LI-HML), an enhanced version of the HML framework, incorporating Local Interpretable Model-Agnostic Explanations (LIME) to address critical challenges in attack detection and network traffic analysis. By integrating LIME at both the ensemble and meta-learner levels, the proposed method provides dual-level interpretability, offering granular insights into individual ensemble decisions and holistic explanations of aggregated predictions. Key innovations include feature clustering for enhanced diversity, robust handling of imbalanced datasets through bootstrap sampling, and pre- and post-majority voting explanations. The framework not only achieves high performance but also delivers actionable insights into feature importance and decision-making processes. This interpretable and effective approach positions LI-HML as a powerful tool for advancing cybersecurity and network traffic analysis. Experimental results show that the proposed framework outperforms state-of-the-art methods in detecting a variety of attacks and anomalies, proving its potential for robust cybersecurity applications.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

LI-HML detector: a unified framework for network traffic attack classification

  • Hajar Kamel,
  • Hasna Chamlal,
  • Tayeb Ouaderhman

摘要

As cyber threats evolve in complexity and scale, accurately classifying network traffic is paramount for effective cybersecurity. Leveraging ensemble learning techniques offers a robust solution to enhance the detection and differentiation of malicious and legitimate traffic patterns. This paper presents the Local Interpretable hybrid meta-learner (LI-HML), an enhanced version of the HML framework, incorporating Local Interpretable Model-Agnostic Explanations (LIME) to address critical challenges in attack detection and network traffic analysis. By integrating LIME at both the ensemble and meta-learner levels, the proposed method provides dual-level interpretability, offering granular insights into individual ensemble decisions and holistic explanations of aggregated predictions. Key innovations include feature clustering for enhanced diversity, robust handling of imbalanced datasets through bootstrap sampling, and pre- and post-majority voting explanations. The framework not only achieves high performance but also delivers actionable insights into feature importance and decision-making processes. This interpretable and effective approach positions LI-HML as a powerful tool for advancing cybersecurity and network traffic analysis. Experimental results show that the proposed framework outperforms state-of-the-art methods in detecting a variety of attacks and anomalies, proving its potential for robust cybersecurity applications.