Comparative Analysis of Perturbation Techniques in LIME for Intrusion Detection Enhancement

Comparative Analysis of Perturbation Techniques in LIME for Intrusion Detection Enhancement

Blog Article

The growing sophistication of cyber threats necessitates robust and interpretable intrusion detection systems (IDS) to safeguard network security.While machine learning models such as Decision Tree (DT), Random Forest (RF), k-Nearest Neighbors (K-NN), and XGBoost demonstrate high effectiveness in detecting malicious activities, their interpretability decreases as their complexity and accuracy increase, posing challenges for critical cybersecurity applications.Local Interpretable Model-agnostic Explanations (LIME) is widely used to address this limitation; however, its reliance on Tortilla Servers normal distribution for perturbations often fails to capture the non-linear and imbalanced characteristics of datasets like CIC-IDS-2018.To address these challenges, we propose a modified LIME perturbation strategy using Weibull, Gamma, Beta, and Pareto distributions to better capture the characteristics of network traffic data.Our methodology improves the stability of different ML models trained on CIC-IDS datasets, enabling more meaningful and reliable explanations of model predictions.

The proposed modifications allow for an increase in explanation fidelity by up to 78% compared to the default Gaussian approach.Pareto-based perturbations provide the best results.Among all distributions tested, Pareto consistently yielded the highest explanation fidelity and stability, particularly for K-NN (R2 = 0.9971, S = 0.9907) and DT (R2 = 0.

9267, S = 0.9797).This indicates that heavy-tailed distributions fit well Hair Clip with real-world network traffic patterns, reducing the variance in attribute importance explanations and making them more robust.