Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks

Anne Borcherding, Anne Borcherding, Lukas Feldmann, Markus Karch, Ankush Meshram, Ankush Meshram, Jürgen Beyerer, Jürgen Beyerer, Jürgen Beyerer

2022

Abstract

It is crucial in an industrial network to understand how and why a intrusion detection system detects, classifies, and reports intrusions. With the ongoing introduction of machine learning into the research area of intrusion detection, this understanding gets even more important since the used systems often appear as a black-box for the user and are no longer understandable in an intuitive and comprehensible way. We propose a novel approach to understand the internal characteristics of a machine learning based network intrusion detection system. This approach includes methods to understand which data sources the system uses, to evaluate whether the system uses linear or non-linear classification approaches, and to find out which underlying machine learning model is implemented in the system. Our evaluation on two publicly available industrial datasets shows that the detection of the data source and the differentiation between linear and non-linear models is possible with our approach. In addition, the identification of the underlying machine learning model can be accomplished with statistical significance for non-linear models. The information made accessible by our approach helps to develop a deeper understanding of the functioning of a network intrusion detection system, and contributes towards developing transparent machine learning based intrusion detection approaches.

Download


Paper Citation


in Harvard Style

Borcherding A., Feldmann L., Karch M., Meshram A. and Beyerer J. (2022). Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 314-325. DOI: 10.5220/0010795900003120


in Bibtex Style

@conference{icissp22,
author={Anne Borcherding and Lukas Feldmann and Markus Karch and Ankush Meshram and Jürgen Beyerer},
title={Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={314-325},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010795900003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks
SN - 978-989-758-553-1
AU - Borcherding A.
AU - Feldmann L.
AU - Karch M.
AU - Meshram A.
AU - Beyerer J.
PY - 2022
SP - 314
EP - 325
DO - 10.5220/0010795900003120