كوثر القيسي

Abstract Software-Defined Networking (SDN) is the best way to set up powerful, AI-powered Intrusion Detection Systems (IDS). But the high-performance deep learning models that are generally utilized for this job are usually "black boxes" that are hard to understan‎d. This makes operators less trusting an‎d makes it harder to use them in real life. This thesis tackles this important problem by creating, putting into action, an‎d testing a complete framework that combines a high-performance Deep Neural Network (DNN) with Explainable AI (XAI) methods. A DNN model was created using the NSL-KDD dataset, an‎d it was able to accurately detect 82.35% of the time. SHAP (SHapley Additive exPlanations) an‎d LIME (Local Interpretable Model-agnostic Explanations) were subsequently added to this model to give both global an‎d local, instance-level explanations for its predictions. The results show that the framework does a good job of making the modelʹs decision-making process clearer by giving security administrators specific, feature-level reasons that they can use. Case studies on DDoS an‎d Port Scan assaults demonstrate that these explanations can tell the difference between different types of threat behavior. A quantitative overhead analysis shows a big performance trade-off, with explainability especially when utilizing SHAP adding a lot of computational lag. This thesis supports a realistic approach for creating clear an‎d trustworthy Intrusion Detection Systems (IDS), presenting a useful assessment of the trade-off between accuracy-explainability-performance required for use in security-sensitive settings.

هوش مصنوعي توضيح‌پذير (XAI) , سيستم تشخيص نفوذ (IDS) , شبكه‌هاي مبتني بر نرم‌افزار (SDN)

Explainable AI (XAI) , Intrusion Detection System (IDS) , Software-Defined Networking (SDN)

Kawther Al-Qaysi

Dr. Nasser Mozayani