LI-HML detector: a unified framework for network traffic attack classification
摘要
As cyber threats evolve in complexity and scale, accurately classifying network traffic is paramount for effective cybersecurity. Leveraging ensemble learning techniques offers a robust solution to enhance the detection and differentiation of malicious and legitimate traffic patterns. This paper presents the Local Interpretable hybrid meta-learner (LI-HML), an enhanced version of the HML framework, incorporating Local Interpretable Model-Agnostic Explanations (LIME) to address critical challenges in attack detection and network traffic analysis. By integrating LIME at both the ensemble and meta-learner levels, the proposed method provides dual-level interpretability, offering granular insights into individual ensemble decisions and holistic explanations of aggregated predictions. Key innovations include feature clustering for enhanced diversity, robust handling of imbalanced datasets through bootstrap sampling, and pre- and post-majority voting explanations. The framework not only achieves high performance but also delivers actionable insights into feature importance and decision-making processes. This interpretable and effective approach positions LI-HML as a powerful tool for advancing cybersecurity and network traffic analysis. Experimental results show that the proposed framework outperforms state-of-the-art methods in detecting a variety of attacks and anomalies, proving its potential for robust cybersecurity applications.