Securing the Seas: XAI-Infused Zero-Trust Defense

By Muhammad OsamaReviewed by Susha Cheriyedath, M.Sc.Jan 10 2024

In an article published in the journal Electronics, researchers from the Republic of Korea presented a novel framework for detecting and preventing cyberattacks in marine communication networks using explainable artificial intelligence (XAI) and a zero-trust architecture (ZTA). They developed a deep neural network (DNN) model called a zero-trust network intrusion detection system (NIDS) to accurately classify several types of network intrusions and provide interpretable explanations for their predictions.

Background

Marine networks are important for the operation and management of marine vessels, ports, cargo, and navigation systems. These networks depend on the Internet of Things (IoT) and Internet of Underwater Things (IoUT) techniques that enable communication and data exchange among different nodes, such as sensors, buoys, satellites, and controllers. However, these technologies also introduce vulnerabilities that can be exploited by cybercriminals to launch attacks such as distributed denial of service (DDoS), ransomware, phishing, backdoor attacks, man-in-the-middle (MITM), and structured query language (SQL) injection. These attacks can cause severe damage to the marine infrastructure, operations, and reputation, as well as pose threats to the safety and security of the marine environment and personnel.

To address these threats, marine cyberdefense systems utilize effective and reliable methods to detect and prevent intrusions in real time. Artificial intelligence (AI) frameworks, such as DNNs, have been used to achieve high accuracy and speed in marine NIDS, due to their ability to capture the complex patterns and features of network traffic data. However, these AI models are often considered black boxes, meaning that their predictions are not transparent or interpretable to the human experts who need to verify and act upon them. This leads to a lack of trust and confidence in the AI models, as well as a high rate of false alarms that can reduce the efficiency and effectiveness of cyberdefense systems.

About the Research

This study aims to address the challenges of AI-based NIDS by proposing a zero-trust framework that integrates XAI into marine cyberdefense systems. This  framework is a paradigm shift that adopts the principle of “trust no one, verify everything,” and requires continuous evaluation and authentication of network users, devices, and resources. It also incorporates real-time threat monitoring and mitigation capabilities to enhance the resilience and security of marine networks.

The proposed DNN model combines a convolutional neural network (CNN) and a bidirectional long short-term memory (BiLSTM) network to perform multi-class classification of network traffic data. The model uses two modern datasets, namely the 2023 Edge-IIoTset and the 2023 CICIoT, which contain realistic and diverse cyberattacks targeting IoT and IoUT systems. It achieves an optimal Matthews correlation coefficient (MCC) score of 97.33% and an F1-score of 99% in a multi-class experiment, demonstrating its effectiveness in detecting distinct types of cyberattacks, such as DDoS, MITM, ransomware, and SQL injection.

The paper used two XAI methods, namely SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME), to provide visual and quantitative explanations for the model’s predictions. These methods aim to enhance the transparency and interpretability of the black-box model and to provide insight-driven feedback for the security experts.

The study uses visual plots, such as feature importance, decision impact, and confidence impact, to illustrate the influence of individual features on the model’s output, and to measure the certainty and reliability of the model’s decisions. Additionally, the decision and confidence impact ratio are used to evaluate the significance and quality of the XAI methods. Furthermore, the authors introduced two quantitative metrics, namely the decision impact ratio (DIR) and the confidence impact ratio (CIR), to assess the significance and reliability of the XAI methods.

Research Findings

The outcomes showed that the CNN-BiLSTM NIDS model achieved high accuracy, precision, recall, and F1-score in detecting several types of cyberattacks, such as DDoS, malware, and enumeration attacks, on both datasets. The model also achieved an optimal Matthews Correlation Coefficient (MCC) score, which is a reliable metric for evaluating the quality of binary and multi-class classifications, especially for imbalanced datasets.

The paper demonstrated that the SHAP and LIME XAI methods provided complementary and consistent explanations for the NIDS model’s predictions, highlighting the key features and probabilities that contributed to the classification outcomes.

Conclusion

In summary, the proposed framework is a promising step towards leveraging XAI for enhancing marine cyberdefense, as it addresses the challenges of transparency and reliability in complex black-box zero-trust NIDS models. This technique can detect a wide range of cyberattacks with high accuracy and efficiency. Furthermore, it can facilitate collaboration and feedback between AI systems and human experts to improve network security and resilience.

The authors indicated that the framework can be applied to other domains and scenarios that require secure and explainable NIDS, such as smart cities, smart grids, and smart healthcare. They acknowledged the limitations of their approach and suggested directions for future work, such as extending the framework to other types of XAI methods, incorporating human-in-the-loop interactions and evaluating the framework on real-world marine network data.