| In the field of intrusion detection,with the continuous development of machine learning technology,the model structure of machine learning models has become more and more complex,which also invisibly increases the challenge of understanding the learning model.At the same time,governments and enterprises are increasingly paying attention to the safety and reliability of artificial intelligence models in the areas of national security,information security,and legal compliance.The research of this paper focuses on the field of intrusion detection,studying the interpretability and interpretation verification of the relatively complex integrated learning model applied in this field.It not only studies the solution of optimizing the previous interpretation research,but also proposes a new interpretation validation system and combine the existing network security technology to construct a new application scheme.In the algorithm design stage,through theoretical research,this article abstracted out the basic demands of interpretive research and some quantitative relationships that it should satisfy.Based on the quantitative relationship and through the idea of controlling variables,this article proposed two theoretical frameworks of validation systems: the theoretical framework of the identical mapping validation system and the theoretical framework of the identical measure-space validation system.In addition,since there is no recognized consensus validation scheme in the current field,this article have also discussed the strategy of integrating the validation results,even if a new validation theory is proposed;In terms of system construction,this article have proposed an Interpretation validation system which contains the function of interpretation and verification.At the same time,this article also combined the existing network security technology,and put forward the ”machine learning interpretation and validation artificially assisted intrusion detection system” in order to further explore the value of the validation system in this paper in the network topology.The intrusion detection system in this article is the cornerstone supporting the continuous updating and upgrading of the ”machine learning interpretation and validation manual assisted intrusion detection system”;In the experimental analysis stage,based on the interpretation test system proposed in Chapter 4,the feasibility verification of the system was completed under the bagging method feedforward neural network model and the XGBoost model,and the sampling method was used to reduce the complexity of the SHAP interpretation process.The methods were compared and analyzed to verify the influence of the sampling method under different algorithms;In addition,based on the algorithm design in Chapter 3,this paper also applies the same mapping test theoretical system framework and the same metric test system theoretical framework on the random forest model.Through the tests of the two frameworks,this article concludes that Saabas’ interpretation results are better than those of SHAP.In summary,this paper verifies the theoretical framework and interpretation validation system proposed in this paper in the experimental stage.The experiment also explores the method for optimizing the SHAP interpretation process.This article focuses on explanatory research in the field of intrusion detection,combining theory,system and experiment,trying to solve the current researcher’s need to compare the interpretation results.At the same time,this article also covers and verifies aspects of integrating validation results,construction of safety networks,and optimization of existing interpretation models.The research in this article aims to provide readers with more explanations methods in the security field,and help researchers to further develop a more secure and credible network system. |
PDF Full Text Request