Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks

Rajesh Kalakoti; Sven Nomm; Hayretdin Bahsi

doi:10.1109/ICMLA61862.2024.00179

Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks

Rajesh Kalakoti, Sven Nomm, Hayretdin Bahsi

Informatics, Computing, and Cyber Systems, School of

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Internet of Medical Things (IoMT) systems have brought transformative benefits to patient monitoring and remote diagnosis in healthcare. However, these systems are prone to various cyber attacks that have a high impact on security and privacy. Detecting such attacks is crucial for implementing timely and effective countermeasures. Machine learning methods have been applied for intrusion detection tasks in various networks, but explaining the reasons for detection decisions remains an obstacle for security analysts. In this paper, we demonstrate that Transformer architecture, the core of the recent revolutionary large language models, constitutes a promising solution for intrusion detection in IoMT networks. We utilized a comprehensive dataset, CICIoMT2024, recently released specifically for these networks. We created a binary classification model for discriminating attacks from benign traffic and a multi-class model for the identification of specific attack types. We applied Explainable AI (XAi) methods such as LIME and SHAP to generate posthoc explanations for the model decisions. We evaluated and compared the quality of explanations based on three metrics: faithfulness, sensitivity, and complexity. Our findings demonstrate that the applied XAI methods enhance transparency in the predictions of Transformer-based intrusion detection models for IoMT networks, proving that both transparency and high performance can be achieved simultaneously.

Original language	English (US)
Title of host publication	Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024
Editors	M. Arif Wani, Plamen Angelov, Feng Luo, Mitsunori Ogihara, Xintao Wu, Radu-Emil Precup, Ramin Ramezani, Xiaowei Gu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1164-1169
Number of pages	6
ISBN (Electronic)	9798350374889
DOIs	https://doi.org/10.1109/ICMLA61862.2024.00179
State	Published - 2024
Event	23rd IEEE International Conference on Machine Learning and Applications, ICMLA 2024 - Miami, United States Duration: Dec 18 2024 → Dec 20 2024

Publication series

Name	Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024

Conference

Conference	23rd IEEE International Conference on Machine Learning and Applications, ICMLA 2024
Country/Territory	United States
City	Miami
Period	12/18/24 → 12/20/24

Keywords

Evaluation of Explainable AI Intrusion detection
Health Care IoMT Intrusion detection
IoT
Transformer

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications
Computer Vision and Pattern Recognition
Modeling and Simulation

Access to Document

10.1109/ICMLA61862.2024.00179

Cite this

Kalakoti, R., Nomm, S., & Bahsi, H. (2024). Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks. In M. A. Wani, P. Angelov, F. Luo, M. Ogihara, X. Wu, R.-E. Precup, R. Ramezani, & X. Gu (Eds.), Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024 (pp. 1164-1169). (Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICMLA61862.2024.00179

Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks. / Kalakoti, Rajesh; Nomm, Sven; Bahsi, Hayretdin.
Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024. ed. / M. Arif Wani; Plamen Angelov; Feng Luo; Mitsunori Ogihara; Xintao Wu; Radu-Emil Precup; Ramin Ramezani; Xiaowei Gu. Institute of Electrical and Electronics Engineers Inc., 2024. p. 1164-1169 (Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kalakoti, R, Nomm, S & Bahsi, H 2024, Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks. in MA Wani, P Angelov, F Luo, M Ogihara, X Wu, R-E Precup, R Ramezani & X Gu (eds), Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024. Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024, Institute of Electrical and Electronics Engineers Inc., pp. 1164-1169, 23rd IEEE International Conference on Machine Learning and Applications, ICMLA 2024, Miami, United States, 12/18/24. https://doi.org/10.1109/ICMLA61862.2024.00179

Kalakoti R, Nomm S, Bahsi H. Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks. In Wani MA, Angelov P, Luo F, Ogihara M, Wu X, Precup RE, Ramezani R, Gu X, editors, Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 1164-1169. (Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024). doi: 10.1109/ICMLA61862.2024.00179

Kalakoti, Rajesh ; Nomm, Sven ; Bahsi, Hayretdin. / Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks. Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024. editor / M. Arif Wani ; Plamen Angelov ; Feng Luo ; Mitsunori Ogihara ; Xintao Wu ; Radu-Emil Precup ; Ramin Ramezani ; Xiaowei Gu. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 1164-1169 (Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024).

@inproceedings{b1ff05c403d24de6a1c64826d8b815b1,

title = "Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks",

abstract = "Internet of Medical Things (IoMT) systems have brought transformative benefits to patient monitoring and remote diagnosis in healthcare. However, these systems are prone to various cyber attacks that have a high impact on security and privacy. Detecting such attacks is crucial for implementing timely and effective countermeasures. Machine learning methods have been applied for intrusion detection tasks in various networks, but explaining the reasons for detection decisions remains an obstacle for security analysts. In this paper, we demonstrate that Transformer architecture, the core of the recent revolutionary large language models, constitutes a promising solution for intrusion detection in IoMT networks. We utilized a comprehensive dataset, CICIoMT2024, recently released specifically for these networks. We created a binary classification model for discriminating attacks from benign traffic and a multi-class model for the identification of specific attack types. We applied Explainable AI (XAi) methods such as LIME and SHAP to generate posthoc explanations for the model decisions. We evaluated and compared the quality of explanations based on three metrics: faithfulness, sensitivity, and complexity. Our findings demonstrate that the applied XAI methods enhance transparency in the predictions of Transformer-based intrusion detection models for IoMT networks, proving that both transparency and high performance can be achieved simultaneously.",

keywords = "Evaluation of Explainable AI Intrusion detection, Health Care IoMT Intrusion detection, IoT, Transformer",

author = "Rajesh Kalakoti and Sven Nomm and Hayretdin Bahsi",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 23rd IEEE International Conference on Machine Learning and Applications, ICMLA 2024 ; Conference date: 18-12-2024 Through 20-12-2024",

year = "2024",

doi = "10.1109/ICMLA61862.2024.00179",

language = "English (US)",

series = "Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1164--1169",

editor = "Wani, {M. Arif} and Plamen Angelov and Feng Luo and Mitsunori Ogihara and Xintao Wu and Radu-Emil Precup and Ramin Ramezani and Xiaowei Gu",

booktitle = "Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024",

}

TY - GEN

T1 - Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks

AU - Kalakoti, Rajesh

AU - Nomm, Sven

AU - Bahsi, Hayretdin

PY - 2024

Y1 - 2024

N2 - Internet of Medical Things (IoMT) systems have brought transformative benefits to patient monitoring and remote diagnosis in healthcare. However, these systems are prone to various cyber attacks that have a high impact on security and privacy. Detecting such attacks is crucial for implementing timely and effective countermeasures. Machine learning methods have been applied for intrusion detection tasks in various networks, but explaining the reasons for detection decisions remains an obstacle for security analysts. In this paper, we demonstrate that Transformer architecture, the core of the recent revolutionary large language models, constitutes a promising solution for intrusion detection in IoMT networks. We utilized a comprehensive dataset, CICIoMT2024, recently released specifically for these networks. We created a binary classification model for discriminating attacks from benign traffic and a multi-class model for the identification of specific attack types. We applied Explainable AI (XAi) methods such as LIME and SHAP to generate posthoc explanations for the model decisions. We evaluated and compared the quality of explanations based on three metrics: faithfulness, sensitivity, and complexity. Our findings demonstrate that the applied XAI methods enhance transparency in the predictions of Transformer-based intrusion detection models for IoMT networks, proving that both transparency and high performance can be achieved simultaneously.

AB - Internet of Medical Things (IoMT) systems have brought transformative benefits to patient monitoring and remote diagnosis in healthcare. However, these systems are prone to various cyber attacks that have a high impact on security and privacy. Detecting such attacks is crucial for implementing timely and effective countermeasures. Machine learning methods have been applied for intrusion detection tasks in various networks, but explaining the reasons for detection decisions remains an obstacle for security analysts. In this paper, we demonstrate that Transformer architecture, the core of the recent revolutionary large language models, constitutes a promising solution for intrusion detection in IoMT networks. We utilized a comprehensive dataset, CICIoMT2024, recently released specifically for these networks. We created a binary classification model for discriminating attacks from benign traffic and a multi-class model for the identification of specific attack types. We applied Explainable AI (XAi) methods such as LIME and SHAP to generate posthoc explanations for the model decisions. We evaluated and compared the quality of explanations based on three metrics: faithfulness, sensitivity, and complexity. Our findings demonstrate that the applied XAI methods enhance transparency in the predictions of Transformer-based intrusion detection models for IoMT networks, proving that both transparency and high performance can be achieved simultaneously.

KW - Evaluation of Explainable AI Intrusion detection

KW - Health Care IoMT Intrusion detection

KW - IoT

KW - Transformer

UR - http://www.scopus.com/inward/record.url?scp=105000985973&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=105000985973&partnerID=8YFLogxK

U2 - 10.1109/ICMLA61862.2024.00179

DO - 10.1109/ICMLA61862.2024.00179

M3 - Conference contribution

AN - SCOPUS:105000985973

T3 - Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024

SP - 1164

EP - 1169

BT - Proceedings - 2024 International Conference on Machine Learning and Applications, ICMLA 2024

A2 - Wani, M. Arif

A2 - Angelov, Plamen

A2 - Luo, Feng

A2 - Ogihara, Mitsunori

A2 - Wu, Xintao

A2 - Precup, Radu-Emil

A2 - Ramezani, Ramin

A2 - Gu, Xiaowei

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 23rd IEEE International Conference on Machine Learning and Applications, ICMLA 2024

Y2 - 18 December 2024 through 20 December 2024

ER -

Explainable Transformer-based Intrusion Detection in Internet of Medical Things (IoMT) Networks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this