Uma Análise Comparativa de Algoritmos de Machine Learning e Explicabilidade para Detecção de Intrusão de Redes
Resumo
Em redes de alta vazão, onde milissegundos separam a detecção da exfiltração de dados, a precisão é fundamental. Este trabalho analisa o desempenho de seis algoritmos de aprendizado de máquina no dataset CIC-IDS2017, enfrentando o dilema entre a “Caixa Preta” e a necessidade de resposta em tempo real. Através de um pipeline completo, foi revelado um trade-off decisivo: enquanto o Random Forest apresenta a precisão de 99,64%, o CatBoost emerge como a escolha superior para defesa ativa, entregando inferência 3,4× mais rápida (0,65 s) com perda desprezível de acurácia. Por fim, aplicaram-se técnicas de IA Explicável para interpretar a decisão dos modelos baseando-se em padrões de rede legítimos e podendo transformar alertas em segurança auditável.
Referências
Anis, F. M., Alabdullatif, M., Aljbli, S., and Hammoudeh, M. (2025). A survey on the applications of deep learning in network intrusion detection systems to enhance network security. IEEE Access, 13:185348–185373.
Arreche, O., Guntur, T., and Abdallah, M. (2024). Xai-ids: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems. Applied Sciences, 14(10):4170.
Breiman, L. (2001). Random forests. Machine Learning, 45(1):5–32. Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). Smote: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Elasaad, M. M. A., Sayed, S. G., and El-Dakroury, M. M. (2025). Aegisguard: A multi-stage hybrid intrusion detection system with optimized feature selection for industrial iot security. Sensors, 25(22):6958.
Grinsztajn, L., Oyallon, E., and Varoquaux, G. (2022). Why do tree-based models still outperform deep learning on tabular data? Advances in Neural Information Processing Systems (NeurIPS), 35:507–520.
Hakami, H., Faheem, M., and Ahmad, M. B. (2025). Machine learning techniques for enhanced intrusion detection in iot security. IEEE Access, 13:31145–31158.
Ke, G., Meng, Q., Finley, T., Wang, T., Chen, W., Ma, W., Ye, Q., and Liu, T.-Y. (2017). LightGBM: A highly efficient gradient boosting decision tree. In Advances in Neural Information Processing Systems (NeurIPS), pages 3146–3154.
Khan, M. F., Hassan, M. M., Ferdous, S., Hussain, I., Akter, L., and Gupta, A. B. (2024a). Explainable ai and machine learning models for transparent and scalable intrusion detection systems. Journal of Information Systems Engineering and Management, 9(45).
Khan, N., Ahmad, K., Tamimi, A. A., Alani, M. M., Bermak, A., and Khalil, I. (2024b). Explainable ai-based intrusion detection system for industry 5.0: An overview of the literature, associated challenges, and potential research directions. arXiv preprint arXiv:2408.03335.
Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. In Advances in Neural Information Processing Systems (NeurIPS), pages 4765–4774.
Nigar, N. and Mustafa, R. (2025). Enhanced intrusion detection via hybrid data resampling and feature optimization. IEEE Access, 13:149105–149120.
Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A. V., and Gulin, A. (2018). CatBoost: unbiased boosting with categorical features. In Advances in Neural Information Processing Systems (NeurIPS), pages 6638–6648.
Santos, K. and Miani, R. (2025). Impacto da redução de dimensão e seleção de atributos na generalização de modelos de detecção de intrusão. In Anais do XLIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 728–741, Porto Alegre, RS, Brasil. SBC.
Schmidt, T., Granville, L., and Schaeffer-Filho, A. (2025). Analyzing energy and performance trade-offs for network anomaly detection based on deep learning. In Anais do XLIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 224–237, Porto Alegre, RS, Brasil. SBC.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116. SciTePress.
Siganos, M., Radoglou-Grammatikis, P., Kotsiuba, I., Markakis, E., and Moscholios, I. (2022). Explainable ai-based intrusion detection in the internet of things. IEEE Transactions on Industrial Informatics.
Wali, S., Farrukh, Y. A., Khan, I., and Bastian, N. D. (2025). Explainable ai and random forest based reliable intrusion detection system. Computers & Security, 157:104542.
Arreche, O., Guntur, T., and Abdallah, M. (2024). Xai-ids: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems. Applied Sciences, 14(10):4170.
Breiman, L. (2001). Random forests. Machine Learning, 45(1):5–32. Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). Smote: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Elasaad, M. M. A., Sayed, S. G., and El-Dakroury, M. M. (2025). Aegisguard: A multi-stage hybrid intrusion detection system with optimized feature selection for industrial iot security. Sensors, 25(22):6958.
Grinsztajn, L., Oyallon, E., and Varoquaux, G. (2022). Why do tree-based models still outperform deep learning on tabular data? Advances in Neural Information Processing Systems (NeurIPS), 35:507–520.
Hakami, H., Faheem, M., and Ahmad, M. B. (2025). Machine learning techniques for enhanced intrusion detection in iot security. IEEE Access, 13:31145–31158.
Ke, G., Meng, Q., Finley, T., Wang, T., Chen, W., Ma, W., Ye, Q., and Liu, T.-Y. (2017). LightGBM: A highly efficient gradient boosting decision tree. In Advances in Neural Information Processing Systems (NeurIPS), pages 3146–3154.
Khan, M. F., Hassan, M. M., Ferdous, S., Hussain, I., Akter, L., and Gupta, A. B. (2024a). Explainable ai and machine learning models for transparent and scalable intrusion detection systems. Journal of Information Systems Engineering and Management, 9(45).
Khan, N., Ahmad, K., Tamimi, A. A., Alani, M. M., Bermak, A., and Khalil, I. (2024b). Explainable ai-based intrusion detection system for industry 5.0: An overview of the literature, associated challenges, and potential research directions. arXiv preprint arXiv:2408.03335.
Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. In Advances in Neural Information Processing Systems (NeurIPS), pages 4765–4774.
Nigar, N. and Mustafa, R. (2025). Enhanced intrusion detection via hybrid data resampling and feature optimization. IEEE Access, 13:149105–149120.
Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A. V., and Gulin, A. (2018). CatBoost: unbiased boosting with categorical features. In Advances in Neural Information Processing Systems (NeurIPS), pages 6638–6648.
Santos, K. and Miani, R. (2025). Impacto da redução de dimensão e seleção de atributos na generalização de modelos de detecção de intrusão. In Anais do XLIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 728–741, Porto Alegre, RS, Brasil. SBC.
Schmidt, T., Granville, L., and Schaeffer-Filho, A. (2025). Analyzing energy and performance trade-offs for network anomaly detection based on deep learning. In Anais do XLIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 224–237, Porto Alegre, RS, Brasil. SBC.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116. SciTePress.
Siganos, M., Radoglou-Grammatikis, P., Kotsiuba, I., Markakis, E., and Moscholios, I. (2022). Explainable ai-based intrusion detection in the internet of things. IEEE Transactions on Industrial Informatics.
Wali, S., Farrukh, Y. A., Khan, I., and Bastian, N. D. (2025). Explainable ai and random forest based reliable intrusion detection system. Computers & Security, 157:104542.
Publicado
25/05/2026
Como Citar
RIBEIRO, Jhonatas G.; REIS, Igor B.; LACERDA JR, Jurandir C..
Uma Análise Comparativa de Algoritmos de Machine Learning e Explicabilidade para Detecção de Intrusão de Redes. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 44. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 1415-1428.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2026.19530.
