Organizations depend on heavy use of various cyber defense technologies, including intrusion detection and prevention systems, to monitor and protect networks and devices from malicious activities. However, large volumes of false alerts from such technologies challenge cybersecurity analysts in isolating credible alerts from false positives for further investigations. In this article, we propose a framework named FAIXID that leverages Explainable Artificial Intelligence (XAI) and data cleaning methods for improving the explainability and understandability of intrusion detection alerts, which in turn assist cyber analysts in making more informed decisions fueled by the quick elimination of false positives. We identified five functional modules in FAIXID: (1) the pre-modeling explainability module that improves the quality of network traffic’s data through data cleaning; (2) the modeling module that provides explanations of the AI models to help analysts make sense of the model internals; (3) the post-modeling explainability module that provides additional explanations to enhance the understandability of the results produced by the AI models; (4) the attribution module that selects the appropriate explanations for the analysts according to their needs; and (5) the evaluation module that evaluates the explanations and collects feedback from analysts. FAIXID has been implemented and evaluated using experiments with real-world datasets. Evaluation of results demonstrates that the utilization of data cleaning and AI explainability techniques provide quality explanations to analysts depending on their expertise and backgrounds.

Hong Liu received her Ph.D. degree in Computer Science from Oklahoma State University. She is an Assistant Professor of Computer Science at Indiana University Kokomo. Her research interests include Data Cleaning, Data Quality Management, Artificial Intelligence, and Cybersecurity. Chen Zhong is an Assistant Professor of Cybersecurity in the Information and Technology Management Department at the University of Tampa. She received a Ph.D. degree in Information Sciences and Technology from the Pennsylvania State University. Her research interests include Intrusion Detection, Cybersecurity Situation Awareness, and Artificial Intelligence.

Awny Alnusair received a Ph.D. degree in Computer Science from the University of Wisconsin–Milwaukee. He is currently an Associate Professor of Informatics and Computer Science at Indiana University Kokomo. His research interests include Software Engineering, Data Mining in VANETs, Cloud Computing, Big Data Analytics, and Cybersecurity. Sheikh Rabiul Islam is an Assistant Professor of Computer Science at the University of Hartford. His notable research experiences are in the area of Explainable Artificial Intelligence (XAI), Data Mining and Big Data Analytics, and Cybersecurity. He is a member of AAAI and IEEE.photo.zip (446 KB)