IWSHAP: An Incremental Feature Selection Method for CAN Networks Based on Explainable Artificial Intelligence (XAI)
Abstract
CAN (Controller Area Network) networks are widely used in the automotive industry and are frequently targeted by cyberattacks. Detecting these attacks via machine learning (ML) depends on properly selecting features to ensure the predictive model’s performance. This paper proposes IWSHAP, a new feature selection method that combines the Iterative Wrapper Subset Selection (IWSS) algorithm with SHAP values (SHapley Additive exPlanations). Our main goal is to maximize the ML model’s performance in a reduced time. The results indicate that IWSHAP can reduce the number of features by up to 99.17% and execution time by 98.3% compared to the baseline.References
Aksu, D. and Aydin, M. A. (2022). MGA-IDS: Optimal feature subset selection for anomaly detection framework on in-vehicle networks-CAN bus based on genetic algorithm and intrusion detection approach. Computers & Security, 118:102717.
Bari, B. S., Yelamarthi, K., and Ghafoor, S. (2023). Intrusion detection in vehicle controller area network (CAN) bus using machine learning: A comparative performance study. Sensors, 23(7).
Bermejo, P., Gámez, J. A., and Puerta, J. M. (2009). Incremental wrapper-based subset selection with replacement: An advantageous alternative to sequential forward selection. In 2009 IEEE symposium on computational intelligence and data mining, pages 367–374. IEEE.
Bhandari, S., Kukreja, A. K., Lazar, A., Sim, A., and Wu, K. (2020). Feature selection improves tree-based classification for wireless intrusion detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, SNTA ’20, page 19–26, New York, NY, USA. Association for Computing Machinery.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers & electrical engineering, 40(1):16–28.
Dhaliwal, S. S., Nahid, A.-A., and Abbas, R. (2018). Effective intrusion detection system using xgboost. Information, 9(7).
Došilović, F. K., Brčić, M., and Hlupić, N. (2018). Explainable artificial intelligence: A survey. In 2018 41st International convention on information and communication technology, electronics and microelectronics (MIPRO), pages 0210–0215. IEEE.
Dresch, F. N., Scherer, F. H., Quincozes, S. E., and Kreutz, D. L. (2024). Modelos interpretáveis com inteligência artificial explicável (XAI) na detecção de intrusões em redes intra-veiculares controller area network (CAN). In Anais do XIX Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
E. L. Asry, C., Benchaji, I., Douzi, S., and E. L. Ouahidi, B. (2024). A robust intrusion detection system based on a shallow learning model and feature extraction techniques. PLOS ONE, 19(1):1–31.
Fryer, D., Strümke, I., and Nguyen, H. (2021). Shapley values for feature selection: The good, the bad, and the axioms. Ieee Access, 9:144352–144360.
Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230–3246.
Khani, P., Moeinaddini, E., Abnavi, N. D., and Shahraki, A. (2024). Explainable artificial intelligence for feature selection in network traffic classification: A comparative study. Transactions on Emerging Telecommunications Technologies, 35(4):e4970.
Lee, S., Choi, W., Kim, I., Lee, G., and Lee, D. H. (2023). A comprehensive analysis of datasets for automotive intrusion detection systems. Computers, Materials & Continua, 76(3):3413–3442.
Lokman, S.-F., Othman, A. T., and Abu-Bakar, M.-H. (2019). Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP Journal on Wireless Communications and Networking, 2019(1):1–17.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mowla, N. I., Rosell, J., and Vahidi, A. (2022). Dynamic Voting based Explainable Intrusion Detection System for In-vehicle Network. In 2022 24th International Conference on Advanced Communication Technology (ICACT), pages 406–411.
Nazat, S., Li, L., and Abdallah, M. (2024). XAI-ADS: An explainable artificial intelligence framework for enhancing anomaly detection in autonomous driving systems. IEEE Access, 12:48583–48607.
ORG, S. (2024). Welcome to the SHAP documentation. 16/05/2024.
Pollicino, F., Stabili, D., and Marchetti, M. (2024). Performance comparison of timing-based anomaly detectors for controller area network: A reproducible study. ACM Trans. Cyber-Phys. Syst., 8(2).
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. IEEE Transactions on Network and Service Management, 19(1):614–626.
Quincozes, V. E., Quincozes, S. E., Kazienko, J. F., Gama, S., Cheikhrouhou, O., and Koubaa, A. (2024). A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT). International Journal of Information Security, 23(3):1975–2002.
Roshan, K. and Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). International Journal of Computer Networks Communications (IJCNC), 13(6):109–128.
Roshan, K. and Zafar, A. (2022). Using kernel SHAP XAI method to optimize the network anomaly detection model. In 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom), pages 74–80.
Scherer, F. H., Dresch, F. N., Quincozes, S. E., Kreutz, D., and Quincozes, V. E. (2024). IWSHAP: Uma ferramenta para seleção incremental de características utilizando IWSS e SHAP. In Anais Estendidos do XXIV Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
Seo, E., Song, H. M., and Kim, H. K. (2018). GIDS: GAN based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–6.
Setitra, M. A., Fan, M., and Bensalem, Z. E. A. (2023). An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization. Transactions on Emerging Telecommunications Technologies, 34(9):e4827.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, S., Khan, M. A., Ahmad, J., Jamal, S. S., e Huma, Z., Hassan, M. T., Pitropakis, N., Arshad, and Buchanan, W. J. (2022). HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles. Sensors, 22(4).
Xie, J., Sage, M., and Zhao, Y. F. (2023). Feature selection and feature learning in machine learning applications for gas turbines: A review. Engineering Applications of Artificial Intelligence, 117:105591.
Yang, Z., Wang, Z., Huang, C., and Yao, X. (2023). An explainable feature selection approach for fair machine learning. In International Conference on Artificial Neural Networks, pages 75–86. Springer.
Bari, B. S., Yelamarthi, K., and Ghafoor, S. (2023). Intrusion detection in vehicle controller area network (CAN) bus using machine learning: A comparative performance study. Sensors, 23(7).
Bermejo, P., Gámez, J. A., and Puerta, J. M. (2009). Incremental wrapper-based subset selection with replacement: An advantageous alternative to sequential forward selection. In 2009 IEEE symposium on computational intelligence and data mining, pages 367–374. IEEE.
Bhandari, S., Kukreja, A. K., Lazar, A., Sim, A., and Wu, K. (2020). Feature selection improves tree-based classification for wireless intrusion detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, SNTA ’20, page 19–26, New York, NY, USA. Association for Computing Machinery.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers & electrical engineering, 40(1):16–28.
Dhaliwal, S. S., Nahid, A.-A., and Abbas, R. (2018). Effective intrusion detection system using xgboost. Information, 9(7).
Došilović, F. K., Brčić, M., and Hlupić, N. (2018). Explainable artificial intelligence: A survey. In 2018 41st International convention on information and communication technology, electronics and microelectronics (MIPRO), pages 0210–0215. IEEE.
Dresch, F. N., Scherer, F. H., Quincozes, S. E., and Kreutz, D. L. (2024). Modelos interpretáveis com inteligência artificial explicável (XAI) na detecção de intrusões em redes intra-veiculares controller area network (CAN). In Anais do XIX Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
E. L. Asry, C., Benchaji, I., Douzi, S., and E. L. Ouahidi, B. (2024). A robust intrusion detection system based on a shallow learning model and feature extraction techniques. PLOS ONE, 19(1):1–31.
Fryer, D., Strümke, I., and Nguyen, H. (2021). Shapley values for feature selection: The good, the bad, and the axioms. Ieee Access, 9:144352–144360.
Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230–3246.
Khani, P., Moeinaddini, E., Abnavi, N. D., and Shahraki, A. (2024). Explainable artificial intelligence for feature selection in network traffic classification: A comparative study. Transactions on Emerging Telecommunications Technologies, 35(4):e4970.
Lee, S., Choi, W., Kim, I., Lee, G., and Lee, D. H. (2023). A comprehensive analysis of datasets for automotive intrusion detection systems. Computers, Materials & Continua, 76(3):3413–3442.
Lokman, S.-F., Othman, A. T., and Abu-Bakar, M.-H. (2019). Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP Journal on Wireless Communications and Networking, 2019(1):1–17.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mowla, N. I., Rosell, J., and Vahidi, A. (2022). Dynamic Voting based Explainable Intrusion Detection System for In-vehicle Network. In 2022 24th International Conference on Advanced Communication Technology (ICACT), pages 406–411.
Nazat, S., Li, L., and Abdallah, M. (2024). XAI-ADS: An explainable artificial intelligence framework for enhancing anomaly detection in autonomous driving systems. IEEE Access, 12:48583–48607.
ORG, S. (2024). Welcome to the SHAP documentation. 16/05/2024.
Pollicino, F., Stabili, D., and Marchetti, M. (2024). Performance comparison of timing-based anomaly detectors for controller area network: A reproducible study. ACM Trans. Cyber-Phys. Syst., 8(2).
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. IEEE Transactions on Network and Service Management, 19(1):614–626.
Quincozes, V. E., Quincozes, S. E., Kazienko, J. F., Gama, S., Cheikhrouhou, O., and Koubaa, A. (2024). A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT). International Journal of Information Security, 23(3):1975–2002.
Roshan, K. and Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). International Journal of Computer Networks Communications (IJCNC), 13(6):109–128.
Roshan, K. and Zafar, A. (2022). Using kernel SHAP XAI method to optimize the network anomaly detection model. In 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom), pages 74–80.
Scherer, F. H., Dresch, F. N., Quincozes, S. E., Kreutz, D., and Quincozes, V. E. (2024). IWSHAP: Uma ferramenta para seleção incremental de características utilizando IWSS e SHAP. In Anais Estendidos do XXIV Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
Seo, E., Song, H. M., and Kim, H. K. (2018). GIDS: GAN based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–6.
Setitra, M. A., Fan, M., and Bensalem, Z. E. A. (2023). An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization. Transactions on Emerging Telecommunications Technologies, 34(9):e4827.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, S., Khan, M. A., Ahmad, J., Jamal, S. S., e Huma, Z., Hassan, M. T., Pitropakis, N., Arshad, and Buchanan, W. J. (2022). HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles. Sensors, 22(4).
Xie, J., Sage, M., and Zhao, Y. F. (2023). Feature selection and feature learning in machine learning applications for gas turbines: A review. Engineering Applications of Artificial Intelligence, 117:105591.
Yang, Z., Wang, Z., Huang, C., and Yao, X. (2023). An explainable feature selection approach for fair machine learning. In International Conference on Artificial Neural Networks, pages 75–86. Springer.
Published
2024-09-16
How to Cite
SCHERER, Felipe H.; DRESCH, Felipe N.; QUINCOZES, Silvio E.; KREUTZ, Diego; QUINCOZES, Vagner E..
IWSHAP: An Incremental Feature Selection Method for CAN Networks Based on Explainable Artificial Intelligence (XAI). In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 351-366.
DOI: https://doi.org/10.5753/sbseg.2024.241780.
