liu.seSök publikationer i DiVA
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A New Cybersecurity Approach Enhanced by xAI-Derived Rules to Improve Network Intrusion Detection and SIEM
Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska fakulteten. Univ Naples Parthenope, Italy.
ITTI Sp Z o o, Poland; Bydgoszcz Univ Sci & Technol, Poland.
Univ Naples Parthenope, Italy.
ITTI Sp Z o o, Poland; Bydgoszcz Univ Sci & Technol, Poland.
Visa övriga samt affilieringar
2025 (Engelska)Ingår i: Computers, Materials and Continua, ISSN 1546-2218, E-ISSN 1546-2226, Vol. 83, nr 2, s. 1607-1621Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

The growing sophistication of cyberthreats, among others the Distributed Denial of Service attacks, has exposed limitations in traditional rule-based Security Information and Event Management systems. While machine learning-based intrusion detection systems can capture complex network behaviours, their "black-box" nature often limits trust and actionable insight for security operators. This study introduces a novel approach that integrates Explainable Artificial Intelligence-xAI-with the Random Forest classifier to derive human-interpretable rules, thereby enhancing the detection of Distributed Denial of Service (DDoS) attacks. The proposed framework combines traditional static rule formulation with advanced xAI techniques-SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model. The methodology was validated on two benchmark datasets, CICIDS2017 and WUSTL-IIOT-2021. Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision, recall, accuracy, balanced accuracy, and Matthews Correlation Coefficient. Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules. Notably, the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.
Ort, förlag, år, upplaga, sidor
TECH SCIENCE PRESS , 2025. Vol. 83, nr 2, s. 1607-1621
Nyckelord [en]
Cybersecurity; explainable artificial intelligence; intrusion detection system; rule-based SIEM; distributed denial of service
Nationell ämneskategori
Datorsystem
Identifikatorer
URN: urn:nbn:se:liu:diva-213472DOI: 10.32604/cmc.2025.062801ISI: 001475586100001Scopus ID: 2-s2.0-105003415230OAI: oai:DiVA.org:liu-213472DiVA, id: diva2:1956569
Anmärkning

Funding Agencies|European Union's Horizon Europe Research and Innovation Programme [101070450]

Tillgänglig från: 2025-05-06 Skapad: 2025-05-06 Senast uppdaterad: 2025-05-06

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Sök vidare i DiVA

Av författaren/redaktören
Uccello, Federica
Av organisationen
Programvara och systemTekniska fakulteten
I samma tidskrift
Computers, Materials and Continua
Datorsystem

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 96 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
Om tillgänglighet
|
DiVA portal
|
DiVA Logga in
|
Kontakta oss
|
LiU universitetbibliotek
|
SwePub
|
Uppsök