Explainable and Interpretable AI
This project focuses on integrating Explainable and Interpretable AI (XAI) models into cybersecurity systems to improve transparency, trust, and decision-making for threat detection and mitigation. The goal was to bridge the gap between AI's powerful predictive capabilities and the need for human-understandable insights, ensuring that AI-driven security decisions could be verified and trusted.
-
Explainability in AI-based Threat Detection:
Implement AI models that provided clear, human-readable explanations for detecting cybersecurity threats. This involves creating interpretable models that revealed the factors and features contributing to predictions, such as abnormal user behavior, network traffic anomalies, or malicious code patterns.
- Develop post-hoc explanation methods like SHAP (Shapley Additive Explanations) and LIME (Local Interpretable Model-Agnostic Explanations) to break down AI model predictions.
- Implement attention mechanisms and saliency maps to visualize which data points the AI focuses during threat detection.
-
Interpretable Models for Decision Support:
Design interpretable machine learning models, such as decision trees and rule-based systems, for real-time cybersecurity monitoring. These models must offer transparent decision-making pathways, allowing security analysts to follow the logic behind threat detection results.
- Use inherently interpretable models such as decision trees and logistic regression, which naturally lend themselves to easier human interpretation.
- Provide detailed documentation on how AI-derived insights could be leveraged by analysts to prevent future threats.
-
Improving Trust in AI-Driven Cybersecurity:
Develop methods to build trust and reliability in AI-driven threat detection systems by making the underlying decision processes understandable to cybersecurity professionals. This increases the willingness of security teams to adopt AI solutions and act on the system's recommendations.
- Apply techniques that allows for traceability of AI decisions, mapping each step of the threat detection process back to explainable factors.
- Design evaluation metrics for explainability and interpretability to measure user satisfaction and confidence in AI decisions.
-
Adversarial Example Detection with Explainable AI:
Explore how XAI could assist in detecting adversarial attacks on machine learning models. By understanding how adversarial examples trick models, this project provides better defenses against such attacks in cybersecurity applications.
Skills Applied:
- Explainable AI: Use tools such as SHAP and LIME to decompose and explain AI decisions in cybersecurity applications.
- Interpretable AI Models: Design models like decision trees and rule-based systems to provide clear and interpretable threat detection pathways.
- Adversarial Defense: Apply explainable AI to detect adversarial examples and secure AI-driven systems against manipulation.
- Trust Building: Enhance user trust in AI-driven cybersecurity systems by improving transparency in decision-making.
This project showcase the importance of explainable and interpretable AI in modern cybersecurity, ensuring that AI models are not just powerful but also understandable and trustworthy for human operators in critical security environments.
Recommended Papers:
- A Survey on Explainable AI in Cybersecurity
- The Role of Machine Learning in Cybersecurity
- Explainability in Cybersecurity Data Science
- Towards More Practical Threat Models
- Machine Learning (In) Security
- Assessing Machine Learning Vulnerabilities on Public Models
- Industrial Practitioners Mental Models
Sanoop Mallissery, Ph.D.
Lecturer
School of Information Technology
My research interests include advancing dependable systems security, privacy preservation, and cybersecurity in Operational Technology (OT) and Industrial Control Systems (ICS).