Explainable artificial intelligence (XAI) methodologies can demystify the behavior of machine learning (ML) "black-box" models based on the individual impact each feature has on the model's output. In the cybersecurity domain, explanations of this type have been studied from the perspective of a humanin-the-loop, where they serve an essential role in building trust from stakeholders, as well as aiding practitioners in tasks such as feature selection and model debugging. However, another important but largely overlooked use case of explanations emerges when they are passed as inputs into other ML models. In this sense, the rich information encompassed by the explanations can be harnessed at a fine-grained level and used to subsequently enhance the performance of the system. In this work, we outline a general methodology whereby explanations of a front-end network intrusion detection system (NIDS) are leveraged alongside additional ML to automatically improve the system's overall performance. We demonstrate the robustness of our methodology by evaluating its performance across multiple intrusion datasets and perform an in-depth analysis to assess its generalizability under various conditions, such as unseen environments, varying types of front-end NIDS and XAI methodologies, etc. The overall results indicate the efficacy of our methodology to produce significant improvement gains (i.e., up to +36% gains achieved across the considered metrics and datasets) that exceed those achieved by other state-of-the-art intrusion models from the literature.

In this letter, we present a two-stage pipeline for robust network intrusion detection. First, we implement an extreme gradient boosting (XGBoost) model to perform supervised intrusion detection, and leverage the SHapley Additive exPlanation (SHAP) framework to devise explanations of our model. In the second stage, we use these explanations to train an auto-encoder to distinguish between previously seen and unseen attacks. Experiments conducted on the NSL-KDD dataset show that our solution is able to accurately detect new attacks encountered during testing, while its overall performance is comparable to numerous state-of-the-art works from the cybersecurity literature.

The growing complexity of wireless networks has sparked an upsurge in the use of artificial intelligence (AI) within the telecommunication industry in recent years. In network slicing, a key component of 5G that enables network operators to lease their resources to third-party tenants, AI models may be employed in complex tasks, such as short-term resource reservation (STRR). When AI is used to make complex resource management decisions with financial and service quality implications, it is important that these decisions be understood by a human-in-the-loop. In this paper, we apply state-of-the art techniques from the field of Explainable AI (XAI) to the problem of STRR. Using real-world data to develop an AI model for STRR, we demonstrate how our XAI methodology can be used to explain the real-time decisions of the model, to reveal trends about the model’s general behaviour, as well as aid in the diagnosis of potential faults during the model’s development. In addition, we quantitatively validate the faithfulness of the explanations across an extensive range of XAI metrics to ensure they remain trustworthy and actionable.