PANACEA: a neural model ensemble for cyber-threat detection

Ensemble learning is a strategy commonly used to fuse different base models by creating a model ensemble that is expected more accurate on unseen data than the base models. This study describes a new cyber-threat detection method, called PANACEA, that uses ensemble learning coupled with adversarial...

Full description

Saved in:
Bibliographic Details
Published in:Machine learning 2024-08, Vol.113 (8), p.5379-5422
Main Authors: AL-Essa, Malik, Andresini, Giuseppina, Appice, Annalisa, Malerba, Donato
Format: Article
Language:English
Subjects:
Artificial Intelligence
Computer Science
Control
Machine Learning
Mechatronics
Natural Language Processing (NLP)
Robotics
Simulation and Modeling
Special Issue on Emerging Applications and Frontiers for Data Science (DSAA 2023)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ensemble learning is a strategy commonly used to fuse different base models by creating a model ensemble that is expected more accurate on unseen data than the base models. This study describes a new cyber-threat detection method, called PANACEA, that uses ensemble learning coupled with adversarial training in deep learning, in order to gain accuracy with neural models trained in cybersecurity problems. The selection of the base models is one of the main challenges to handle, in order to train accurate ensembles. This study describes a model ensemble pruning approach based on eXplainable AI (XAI) to increase the ensemble diversity and gain accuracy in ensemble classification. We base on the idea that being able to identify base models that give relevance to different input feature sub-spaces may help in improving the accuracy of an ensemble trained to recognise different signatures of different cyber-attack patterns. To this purpose, we use a global XAI technique to measure the ensemble model diversity with respect to the effect of the input features on the accuracy of the base neural models combined in the ensemble. Experiments carried out on four benchmark cybersecurity datasets (three network intrusion detection datasets and one malware detection dataset) show the beneficial effects of the proposed combination of adversarial training, ensemble learning and XAI on the accuracy of multi-class classifications of cyber-data achieved by the neural model ensemble.
ISSN:0885-6125
1573-0565
DOI:10.1007/s10994-023-06470-2