International Journal of Innovative Research in Computer and Communication Engineering
ISSN Approved Journal | Impact factor: 8.771 | ESTD: 2013 | Follows UGC CARE Journal Norms and Guidelines
| Monthly, Peer-Reviewed, Refereed, Scholarly, Multidisciplinary and Open Access Journal | High Impact Factor 8.771 (Calculated by Google Scholar and Semantic Scholar | AI-Powered Research Tool | Indexing in all Major Database & Metadata, Citation Generator | Digital Object Identifier (DOI) |
| TITLE | From Intrusion Detection to Autonomous Breach Diagnosis Using Multi-Source Evidence Fusion |
|---|---|
| ABSTRACT | Network Intrusion Detection Systems are very good at detecting malicious network traffic; however, they do a poor job of providing analysts with the information to diagnose a breach or make decisions about what actions should be taken. This research describes an AI-based autonomous breach diagnostic system. The proposed autonomous breach diagnostic system uses machine learning algorithms, XGBoost and HistGradientBoosting, in combination with data from multiple sources, uncertainty-based classification, SHAP explanations, incident clustering/grouping, and corroborated evidence to determine which alerts may represent malicious activity. The proposed autonomous breach diagnostic system has been tested using three different datasets: CICIDS-2018, CICIDS-2017, and UNSW-NB15. On CICIDS-2018, the proposed model achieved F1 = 0.9892 and AUC-ROC = 0.9990. In addition, it reduced 405,032 raw detections down to 8,702 diagnosed breaches that included 499 high-priority alerts. |
| TITLE | |
| AUTHOR | SERHANI AYMANE PG Student, School of Computer Science, Nanjing University of Information Science & Technology, Nanjing, China |
| VOLUME | 184 |
| DOI | DOI: 10.15680/IJIRCCE.2026.1405001 |
| pdf/1_From Intrusion Detection to Autonomous Breach Diagnosis Using Multi-Source Evidence Fusion.pdf | |
| KEYWORDS | |
| References | [1] Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176. [2] Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5-32. [3] Chen, T., & Guestrin, C. (2016). XGBoost: A scalable tree boosting system. Proceedings of ACM SIGKDD, 785-794. [4] Friedman, J. H. (2001). Greedy function approximation: A gradient boosting machine. Annals of Statistics, 29(5), 1189-1232. [5] Chollet, F. (2017). Deep Learning with Python. Manning Publications. [6] Goodfellow, I., Bengio, Y., & Courville, A. (2016). Deep Learning. MIT Press. [7] Hamilton, W. L., Ying, R., & Leskovec, J. (2017). Inductive representation learning on large graphs. Advances in Neural Information Processing Systems, 1024-1034. [8] Lundberg, S. M., & Lee, S.-I. (2017). A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems, 4765-4774. [9] Ribeiro, M. T., Singh, S., & Guestrin, C. (2016). Why should I trust you? Explaining the predictions of any classifier. Proceedings of ACM SIGKDD, 1135-1144. [10] Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of ICISSP, 108-116. [11] Zeek Project. (n.d.). Zeek Network Security Monitor. https://zeek.org [12] Moustafa, N., & Slay, J. (2015). UNSW-NB15: A comprehensive data set for network intrusion detection systems. Proceedings of MilCIS, 1-6. [13] Paxson, V. (1999). Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24), 2435-2463. [14] Scapy Project. (n.d.). Scapy: Packet manipulation tool. https://scapy.net |
