@inproceedings{435cb24d49984c048ebeaee7aa815ccd,
title = "Enhancing IoT Botnet Attack Detection in SOCs with an Explainable Active Learning Framework",
abstract = "The widespread use of Internet of Things (IoT) devices has raised the threat of botnet attacks, presenting significant challenges for security operations centres (SOCs). While machine learning techniques have shown promising results in detecting these attacks, their effectiveness is often limited by the lack of labeled data and the need for greater transparency in the decision-making process of labeling. We propose an explainable active learning framework incorporating post-hoc explainability methods, such as LIME and SHAP, into the active learning process for detecting IoT botnet attacks in a multi-class classification setting. Our framework enables SOC analysts to provide informed annotations, while the explainability methods offer insights into the model's decision-making process. We employ uncertainty sampling and query-by-committee strategies to select the most informative instances for labeling, and we evaluate the quality of the explanations using various quantitative metrics. Experimental results demonstrate that our explainable active learning framework achieves high detection performance while enhancing the trust and transparency between the SOC analysts and the learning model.",
keywords = "Active learning, Explainable AI, IoT Botnet, LIME, Post-Hoc explainability, SHAP, SOC",
author = "Rajesh Kalakoti and Sven Nomm and Hayretdin Bahsi",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 5th IEEE Annual World AI IoT Congress, AIIoT 2024 ; Conference date: 29-05-2024 Through 31-05-2024",
year = "2024",
doi = "10.1109/AIIoT61789.2024.10578957",
language = "English (US)",
series = "2024 IEEE 5th World AI IoT Congress, AIIoT 2024",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "265--272",
editor = "Rajashree Paul and Arpita Kundu and Rupsha Bhattacharyya",
booktitle = "2024 IEEE 5th World AI IoT Congress, AIIoT 2024",
}