IWSHAP: Um Método de Seleção Incremental de Características para Redes CAN baseado em Inteligência Artificial Explicável (XAI)
Resumo
As redes CAN (Controller Area Network) são amplamente usadas na indústria automotiva e frequentemente alvo de ataques cibernéticos. A detecção desses ataques via aprendizado de máquina (AM) depende da seleção adequada de características para garantir o desempenho do modelo de predição. Este artigo propõe o IWSHAP, um novo método de seleção de características que combina o algorítimo Iterative Wrapper Subset Selection (IWSS) com os valores SHAP (SHapley Additive exPlanations). O principal objetivo é maximizar a performance do modelo de AM em um tempo reduzido. Os resultados indicam que IWSHAP consegue reduzir o número de características em até 99,17% e o tempo de execução em 98,3% comparado ao baseline.Referências
Aksu, D. and Aydin, M. A. (2022). MGA-IDS: Optimal feature subset selection for anomaly detection framework on in-vehicle networks-CAN bus based on genetic algorithm and intrusion detection approach. Computers & Security, 118:102717.
Bari, B. S., Yelamarthi, K., and Ghafoor, S. (2023). Intrusion detection in vehicle controller area network (CAN) bus using machine learning: A comparative performance study. Sensors, 23(7).
Bermejo, P., Gámez, J. A., and Puerta, J. M. (2009). Incremental wrapper-based subset selection with replacement: An advantageous alternative to sequential forward selection. In 2009 IEEE symposium on computational intelligence and data mining, pages 367–374. IEEE.
Bhandari, S., Kukreja, A. K., Lazar, A., Sim, A., and Wu, K. (2020). Feature selection improves tree-based classification for wireless intrusion detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, SNTA ’20, page 19–26, New York, NY, USA. Association for Computing Machinery.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers & electrical engineering, 40(1):16–28.
Dhaliwal, S. S., Nahid, A.-A., and Abbas, R. (2018). Effective intrusion detection system using xgboost. Information, 9(7).
Došilović, F. K., Brčić, M., and Hlupić, N. (2018). Explainable artificial intelligence: A survey. In 2018 41st International convention on information and communication technology, electronics and microelectronics (MIPRO), pages 0210–0215. IEEE.
Dresch, F. N., Scherer, F. H., Quincozes, S. E., and Kreutz, D. L. (2024). Modelos interpretáveis com inteligência artificial explicável (XAI) na detecção de intrusões em redes intra-veiculares controller area network (CAN). In Anais do XIX Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
E. L. Asry, C., Benchaji, I., Douzi, S., and E. L. Ouahidi, B. (2024). A robust intrusion detection system based on a shallow learning model and feature extraction techniques. PLOS ONE, 19(1):1–31.
Fryer, D., Strümke, I., and Nguyen, H. (2021). Shapley values for feature selection: The good, the bad, and the axioms. Ieee Access, 9:144352–144360.
Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230–3246.
Khani, P., Moeinaddini, E., Abnavi, N. D., and Shahraki, A. (2024). Explainable artificial intelligence for feature selection in network traffic classification: A comparative study. Transactions on Emerging Telecommunications Technologies, 35(4):e4970.
Lee, S., Choi, W., Kim, I., Lee, G., and Lee, D. H. (2023). A comprehensive analysis of datasets for automotive intrusion detection systems. Computers, Materials & Continua, 76(3):3413–3442.
Lokman, S.-F., Othman, A. T., and Abu-Bakar, M.-H. (2019). Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP Journal on Wireless Communications and Networking, 2019(1):1–17.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mowla, N. I., Rosell, J., and Vahidi, A. (2022). Dynamic Voting based Explainable Intrusion Detection System for In-vehicle Network. In 2022 24th International Conference on Advanced Communication Technology (ICACT), pages 406–411.
Nazat, S., Li, L., and Abdallah, M. (2024). XAI-ADS: An explainable artificial intelligence framework for enhancing anomaly detection in autonomous driving systems. IEEE Access, 12:48583–48607.
ORG, S. (2024). Welcome to the SHAP documentation. 16/05/2024.
Pollicino, F., Stabili, D., and Marchetti, M. (2024). Performance comparison of timing-based anomaly detectors for controller area network: A reproducible study. ACM Trans. Cyber-Phys. Syst., 8(2).
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. IEEE Transactions on Network and Service Management, 19(1):614–626.
Quincozes, V. E., Quincozes, S. E., Kazienko, J. F., Gama, S., Cheikhrouhou, O., and Koubaa, A. (2024). A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT). International Journal of Information Security, 23(3):1975–2002.
Roshan, K. and Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). International Journal of Computer Networks Communications (IJCNC), 13(6):109–128.
Roshan, K. and Zafar, A. (2022). Using kernel SHAP XAI method to optimize the network anomaly detection model. In 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom), pages 74–80.
Scherer, F. H., Dresch, F. N., Quincozes, S. E., Kreutz, D., and Quincozes, V. E. (2024). IWSHAP: Uma ferramenta para seleção incremental de características utilizando IWSS e SHAP. In Anais Estendidos do XXIV Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
Seo, E., Song, H. M., and Kim, H. K. (2018). GIDS: GAN based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–6.
Setitra, M. A., Fan, M., and Bensalem, Z. E. A. (2023). An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization. Transactions on Emerging Telecommunications Technologies, 34(9):e4827.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, S., Khan, M. A., Ahmad, J., Jamal, S. S., e Huma, Z., Hassan, M. T., Pitropakis, N., Arshad, and Buchanan, W. J. (2022). HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles. Sensors, 22(4).
Xie, J., Sage, M., and Zhao, Y. F. (2023). Feature selection and feature learning in machine learning applications for gas turbines: A review. Engineering Applications of Artificial Intelligence, 117:105591.
Yang, Z., Wang, Z., Huang, C., and Yao, X. (2023). An explainable feature selection approach for fair machine learning. In International Conference on Artificial Neural Networks, pages 75–86. Springer.
Bari, B. S., Yelamarthi, K., and Ghafoor, S. (2023). Intrusion detection in vehicle controller area network (CAN) bus using machine learning: A comparative performance study. Sensors, 23(7).
Bermejo, P., Gámez, J. A., and Puerta, J. M. (2009). Incremental wrapper-based subset selection with replacement: An advantageous alternative to sequential forward selection. In 2009 IEEE symposium on computational intelligence and data mining, pages 367–374. IEEE.
Bhandari, S., Kukreja, A. K., Lazar, A., Sim, A., and Wu, K. (2020). Feature selection improves tree-based classification for wireless intrusion detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, SNTA ’20, page 19–26, New York, NY, USA. Association for Computing Machinery.
Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers & electrical engineering, 40(1):16–28.
Dhaliwal, S. S., Nahid, A.-A., and Abbas, R. (2018). Effective intrusion detection system using xgboost. Information, 9(7).
Došilović, F. K., Brčić, M., and Hlupić, N. (2018). Explainable artificial intelligence: A survey. In 2018 41st International convention on information and communication technology, electronics and microelectronics (MIPRO), pages 0210–0215. IEEE.
Dresch, F. N., Scherer, F. H., Quincozes, S. E., and Kreutz, D. L. (2024). Modelos interpretáveis com inteligência artificial explicável (XAI) na detecção de intrusões em redes intra-veiculares controller area network (CAN). In Anais do XIX Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
E. L. Asry, C., Benchaji, I., Douzi, S., and E. L. Ouahidi, B. (2024). A robust intrusion detection system based on a shallow learning model and feature extraction techniques. PLOS ONE, 19(1):1–31.
Fryer, D., Strümke, I., and Nguyen, H. (2021). Shapley values for feature selection: The good, the bad, and the axioms. Ieee Access, 9:144352–144360.
Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230–3246.
Khani, P., Moeinaddini, E., Abnavi, N. D., and Shahraki, A. (2024). Explainable artificial intelligence for feature selection in network traffic classification: A comparative study. Transactions on Emerging Telecommunications Technologies, 35(4):e4970.
Lee, S., Choi, W., Kim, I., Lee, G., and Lee, D. H. (2023). A comprehensive analysis of datasets for automotive intrusion detection systems. Computers, Materials & Continua, 76(3):3413–3442.
Lokman, S.-F., Othman, A. T., and Abu-Bakar, M.-H. (2019). Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP Journal on Wireless Communications and Networking, 2019(1):1–17.
Moustafa, N. and Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Mowla, N. I., Rosell, J., and Vahidi, A. (2022). Dynamic Voting based Explainable Intrusion Detection System for In-vehicle Network. In 2022 24th International Conference on Advanced Communication Technology (ICACT), pages 406–411.
Nazat, S., Li, L., and Abdallah, M. (2024). XAI-ADS: An explainable artificial intelligence framework for enhancing anomaly detection in autonomous driving systems. IEEE Access, 12:48583–48607.
ORG, S. (2024). Welcome to the SHAP documentation. 16/05/2024.
Pollicino, F., Stabili, D., and Marchetti, M. (2024). Performance comparison of timing-based anomaly detectors for controller area network: A reproducible study. ACM Trans. Cyber-Phys. Syst., 8(2).
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. IEEE Transactions on Network and Service Management, 19(1):614–626.
Quincozes, V. E., Quincozes, S. E., Kazienko, J. F., Gama, S., Cheikhrouhou, O., and Koubaa, A. (2024). A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT). International Journal of Information Security, 23(3):1975–2002.
Roshan, K. and Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). International Journal of Computer Networks Communications (IJCNC), 13(6):109–128.
Roshan, K. and Zafar, A. (2022). Using kernel SHAP XAI method to optimize the network anomaly detection model. In 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom), pages 74–80.
Scherer, F. H., Dresch, F. N., Quincozes, S. E., Kreutz, D., and Quincozes, V. E. (2024). IWSHAP: Uma ferramenta para seleção incremental de características utilizando IWSS e SHAP. In Anais Estendidos do XXIV Simpósio Brasileiro de Segurança da Informaçao e de Sistemas Computacionais. SBC.
Seo, E., Song, H. M., and Kim, H. K. (2018). GIDS: GAN based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–6.
Setitra, M. A., Fan, M., and Bensalem, Z. E. A. (2023). An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization. Transactions on Emerging Telecommunications Technologies, 34(9):e4827.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, S., Khan, M. A., Ahmad, J., Jamal, S. S., e Huma, Z., Hassan, M. T., Pitropakis, N., Arshad, and Buchanan, W. J. (2022). HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles. Sensors, 22(4).
Xie, J., Sage, M., and Zhao, Y. F. (2023). Feature selection and feature learning in machine learning applications for gas turbines: A review. Engineering Applications of Artificial Intelligence, 117:105591.
Yang, Z., Wang, Z., Huang, C., and Yao, X. (2023). An explainable feature selection approach for fair machine learning. In International Conference on Artificial Neural Networks, pages 75–86. Springer.
Publicado
16/09/2024
Como Citar
SCHERER, Felipe H.; DRESCH, Felipe N.; QUINCOZES, Silvio E.; KREUTZ, Diego; QUINCOZES, Vagner E..
IWSHAP: Um Método de Seleção Incremental de Características para Redes CAN baseado em Inteligência Artificial Explicável (XAI). In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 351-366.
DOI: https://doi.org/10.5753/sbseg.2024.241780.