Rabih Amhaz

Metrics for evaluating interface explainability models for cyberattack detection in IoT data

By Amani Abou Rida, Rabih Amhaz, Pierre Parrend

2023-04-01

In Complex computational ecosystems 2023 (CCE’23)

Abstract

The importance of machine learning (ML) in detecting cyberattacks lies in its ability to efficiently process and analyze large volumes of IoT data, which is critical in ensuring the security and privacy of sensitive information transmitted between connected devices. However, the lack of explainability of ML algorithms has become a significant concern in the cybersecurity community. Therefore, explainable techniques are developed to make ML algorithms more transparent, thereby improving trust in attack detection systems by its ability to allow cybersecurity analysts to understand the reasons for model predictions and to identify any limitation or error in the model. One of the key artifacts of explainability is interface explainability models such as impurity and permutation feature importance analysis, Local Interpretable Model-agnostic Explanations (LIME), and SHapley Additive exPlanations (SHAP). However, these models are not able to provide enough quantitative information (metrics) to build complete trust and confidence in the explanations they generate. In this paper, we propose and evaluate metrics such as reliability and latency to quantify the trustworthiness of the explanations and to establish confidence in the model’s decisions to accurately detect and explain cyberattacks in IoT data during the ML process.

Continue reading

Anomaly detection on static and dynamic graphs using graph convolutional neural networks

By Amani Abou Rida, Rabih Amhaz, Pierre Parrend

2022-03-01

In Robotics and AI for cybersecurity and critical infrastructure in smart cities

Abstract

Anomalies represent rare observations that vary significantly from others. Anomaly detection intended to discover these rare observations has the power to prevent detrimental events, such as financial fraud, network intrusion, and social spam. However, conventional anomaly detection methods cannot handle this problem well because of the complexity of graph data (e.g., irregular structures, relational dependencies, node/edge types/attributes/directions/multiplicities/weights, large scale, etc.) [1]. Thanks to the rise of deep learning in solving these limitations, graph anomaly detection with deep learning has obtained an increasing attention from many scientists recently. However, while deep learning can capture unseen patterns of multi-dimensional Euclidean data, there is a huge number of applications where data are represented in the form of graphs. Graphs have been used to represent the structural relational information, which raises the graph anomaly detection problem - identifying anomalous graph objects (i.e., vertex, edges, sub-graphs, and change detection). These graphs can be constructed as a static graph, or a dynamic graph based on the availability of timestamp. Recent years have observed a huge efforts on static graphs, among which Graph Convolutional Network (GCN) has appeared as a useful class of models. A challenge today is to detect anomalies with dynamic structures. In this chapter, we aim at providing methods used for detecting anomalies in static and dynamic graphs using graph analysis, graph embedding, and graph convolutional neural networks. For static graphs we categorize these methods according to plain and attribute static graphs. For dynamic graphs we categorize existing methods according to the type of anomalies that they can detect. Moreover, we focus on the challenges in this research area and discuss the strengths and weaknesses of various methods in each category. Finally, we provide open challenges for graph anomaly detection using graph convolutional neural networks on dynamic graphs.

Continue reading

Evaluation of anomaly detection for cybersecurity using inductive node embedding with convolutional graph neural networks

By Amina Abou Rida, Pierre Parrend, Rabih Amhaz

2021-10-01

In Complex network 2021

Abstract

In the face of continuous cyberattacks, many scientists have proposed machine learning-based network anomaly detection methods. While deep learning effectively captures unseen patterns of Euclidean data, there is a huge number of applications where data are described in the form of graphs. Graph analysis have improved detecting anomalies in non-Euclidean domains, but it suffered from high computational cost. Graph embeddings have solved this problem by converting each node in the network into low dimensional representation, but it lacks the ability to generalize to unseen nodes. Graph convolution neural network methods solve this problem through inductive node embedding (inductive GNN). Inductive GNN shows better performance in detecting anomalies with less complexity than graph analysis and graph embedding methods.

Continue reading

Search

Tags