An trustworthy intrusion detection framework enabled by ex-post-interpretation-enabled approach

An enormous number of machine learning models have been recently proposed for intrusion detection. Among these models, the complex models stand out as a prominent approach for intrusion detection in network security. In contrast with the simple models, the complex models are powerful in that it learns the complex abstraction between input and output under the premise of the loss of the transparency. This lack of interpretability hinders the landing of the complex model in the field of intrusion detection. To balance the model interpretability and performance, a novel trustworthy intrusion detection framework (TIDF) combining machine learning and ex-post-interpretation method is proposed in this paper. The proposed framework TIDF achieves 82% prediction accuracy. In the contrast experiment, TIDF outperforms the junior Network Security Manages Engineer (NSME). With the proposed framework, we achieve a good prediction performance and improve the model interpretability in the intrusion detection. Thus, the proposed framework may act as a potential useful tool in the intrusion detection system.