Trustable machine learning for intrusion detection systems
Abstract
Intrusion detection systems are essentiel components to defend our digital ecosystem. Recently, the advent of machine learning allowed to develop new types of intrusion detection systems, breaking away from the need to carefully craft more and more complex detection rules. These detection systems based on machine learning are able to autonomously learn to recognize different behaviors, given a sufficiently well designed dataset. The context of cybersecurity brings specific requirements to the task at hand, requirements that are different from machine learning’s most developed tasks: image recognition and natural language processing. This implies adapting the different mechanisms employed in machine learning to cater to these requirements. Being used in a high stake environment, intrusion detection systems should be used to help in decision-making, yet it is still fundamental to be able to trust them. Therefore, in this thesis, we first developed a new metric based on CVSS scores, allowing to integrate cybersecurity knowledge into the evaluation process of intrusion detection systems. We then focused on how to increase confidence in otherwise incomprehensible decisions. While explainability has yet to be mature enough to properly explain decisions, it can still allow to check the confidence in the decision in a more robust way, leading to investigate or correct mistakes. Finally, we endeavored to complement current approaches, by increasing the ability to detect and differentiate new cyberattacks, leveraging novel machine learning techniques. All these methods thus contribute in making intrusion detection systems based on machine learning more trustable.
Citation
Robin Duraz. Trustable machine learning for intrusion detection systems. Computer Science [cs]. Ecole nationale supérieure Mines-Télécom Atlantique, 2024. English. ⟨NNT : 2024IMTA0433⟩. ⟨tel-04929212⟩
