-
A Critical Assessment of Interpretable and Explainable Machine Learning for Intrusion Detection
Authors:
Omer Subasi,
Johnathan Cree,
Joseph Manzano,
Elena Peterson
Abstract:
There has been a large number of studies in interpretable and explainable ML for cybersecurity, in particular, for intrusion detection. Many of these studies have significant amount of overlapping and repeated evaluations and analysis. At the same time, these studies overlook crucial model, data, learning process, and utility related issues and many times completely disregard them. These issues in…
▽ More
There has been a large number of studies in interpretable and explainable ML for cybersecurity, in particular, for intrusion detection. Many of these studies have significant amount of overlapping and repeated evaluations and analysis. At the same time, these studies overlook crucial model, data, learning process, and utility related issues and many times completely disregard them. These issues include the use of overly complex and opaque ML models, unaccounted data imbalances and correlated features, inconsistent influential features across different explanation methods, the inconsistencies stemming from the constituents of a learning process, and the implausible utility of explanations. In this work, we empirically demonstrate these issues, analyze them and propose practical solutions in the context of feature-based model explanations. Specifically, we advise avoiding complex opaque models such as Deep Neural Networks and instead using interpretable ML models such as Decision Trees as the available intrusion datasets are not difficult for such interpretable models to classify successfully. Then, we bring attention to the binary classification metrics such as Matthews Correlation Coefficient (which are well-suited for imbalanced datasets. Moreover, we find that feature-based model explanations are most often inconsistent across different settings. In this respect, to further gauge the extent of inconsistencies, we introduce the notion of cross explanations which corroborates that the features that are determined to be impactful by one explanation method most often differ from those by another method. Furthermore, we show that strongly correlated data features and the constituents of a learning process, such as hyper-parameters and the optimization routine, become yet another source of inconsistent explanations. Finally, we discuss the utility of feature-based explanations.
△ Less
Submitted 4 July, 2024;
originally announced July 2024.
-
The Landscape of Modern Machine Learning: A Review of Machine, Distributed and Federated Learning
Authors:
Omer Subasi,
Oceane Bel,
Joseph Manzano,
Kevin Barker
Abstract:
With the advance of the powerful heterogeneous, parallel and distributed computing systems and ever increasing immense amount of data, machine learning has become an indispensable part of cutting-edge technology, scientific research and consumer products. In this study, we present a review of modern machine and deep learning. We provide a high-level overview for the latest advanced machine learnin…
▽ More
With the advance of the powerful heterogeneous, parallel and distributed computing systems and ever increasing immense amount of data, machine learning has become an indispensable part of cutting-edge technology, scientific research and consumer products. In this study, we present a review of modern machine and deep learning. We provide a high-level overview for the latest advanced machine learning algorithms, applications, and frameworks. Our discussion encompasses parallel distributed learning, deep learning as well as federated learning. As a result, our work serves as an introductory text to the vast field of modern machine learning.
△ Less
Submitted 5 December, 2023;
originally announced December 2023.
-
Toward Automated Quantum Variational Machine Learning
Authors:
Omer Subasi
Abstract:
In this work, we address the problem of automating quantum variational machine learning. We develop a multi-locality parallelizable search algorithm, called MUSE, to find the initial points and the sets of parameters that achieve the best performance for quantum variational circuit learning. Simulations with five real-world classification datasets indicate that on average, MUSE improves the detect…
▽ More
In this work, we address the problem of automating quantum variational machine learning. We develop a multi-locality parallelizable search algorithm, called MUSE, to find the initial points and the sets of parameters that achieve the best performance for quantum variational circuit learning. Simulations with five real-world classification datasets indicate that on average, MUSE improves the detection accuracy of quantum variational classifiers 2.3 times with respect to the observed lowest scores. Moreover, when applied to two real-world regression datasets, MUSE improves the quality of the predictions from negative coefficients of determination to positive ones. Furthermore, the classification and regression scores of the quantum variational models trained with MUSE are on par with the classical counterparts.
△ Less
Submitted 3 December, 2023;
originally announced December 2023.
-
The Impact of Logical Errors on Quantum Algorithms
Authors:
Omer Subasi,
Sriram Krishnamoorthy
Abstract:
In this work, we explore the impact of logical stochastic Pauli and coherent Z-rotation errors on quantum algorithms. We evaluate six canonical quantum algorithms' intrinsic resilience to the logical qubit and gate errors by performing the Monte Carlo simulations guided by the quantum jump formalism. The results suggest that the resilience of the studied quantum algorithms decreases as the number…
▽ More
In this work, we explore the impact of logical stochastic Pauli and coherent Z-rotation errors on quantum algorithms. We evaluate six canonical quantum algorithms' intrinsic resilience to the logical qubit and gate errors by performing the Monte Carlo simulations guided by the quantum jump formalism. The results suggest that the resilience of the studied quantum algorithms decreases as the number of qubits and the depth of the algorithms' circuits increase for both Pauli and Z-rotation errors. Our results also suggest that the algorithms split into two different groups in terms of algorithmic resilience. The evolution of Hamiltonian, Simon and the quantum phase estimation algorithms are less resilient to logical errors than Grover's search, Deutsch-Jozsa and Bernstein-Vazirani algorithms.
△ Less
Submitted 11 December, 2023; v1 submitted 5 November, 2021;
originally announced November 2021.
-
Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions
Authors:
Omer Subasi,
Joseph Manzano,
Kevin Barker
Abstract:
Denial-of-Service (DoS) attacks are one of the most common and consequential cyber attacks in computer networks. While existing research offers a plethora of detection methods, the issue of achieving both scalability and high detection accuracy remains open. In this work, we address this problem by developing a differential method based on generalized entropy progression. In this method, we contin…
▽ More
Denial-of-Service (DoS) attacks are one of the most common and consequential cyber attacks in computer networks. While existing research offers a plethora of detection methods, the issue of achieving both scalability and high detection accuracy remains open. In this work, we address this problem by developing a differential method based on generalized entropy progression. In this method, we continuously fit the line of best fit to the entropy progression and check if the derivative, that is, the slope of this line is less than the negative of the dynamically computed standard deviation of the derivatives. As a result, we omit the usage of the thresholds and the results with five real-world network traffic datasets confirm that our method outperforms threshold-based DoS attack detection by two orders of magnitude on average. Our method achieves false positive rates that are up to 7% where the arithmetic mean is 3% with Tsallis entropy and only 5% sampling of the total network flow. Moreover, since the main computation cost of our method is the entropy computation, which is linear in the volume of the unit-time network flow and it uses integer only operations and a small fraction of the total flow, it is therefore lightweight and scalable.
△ Less
Submitted 3 December, 2023; v1 submitted 17 September, 2021;
originally announced September 2021.
