CapsRule: Explainable Deep Learning for Classifying Network Attacks
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Despite the potential deep learning (DL) algorithms have shown, their lack of transparency hinders their widespread application. Extracting if-then rules from deep neural networks is a powerful explanation method to capture nonlinear local behaviors. However, existing rule extraction methods suffer from inefficiency, incomprehensibility, infidelity, and not scaling well. Concerning security applications, they are not optimized regarding the decision boundary, data types and ranges, classification tasks, and dataset size. In this article, we propose CapsRule, an effective and efficient rule-based DL explanation method dedicated to classifying network attacks. It extracts high-fidelity rules from the feed-forward capsule network that explains how an input sample is classified. Using precomputed coupling coefficients, the training phase overlaps the rule extraction process to increase efficiency. The activation vector of a capsule can represent semantic intelligence about the attributes of the input sample. The rules extracted from CapsRule address the major concerns of network attack detection. The rules: 1) approximate the nonlinear decision boundary of the underlying data; 2) reduce the number of false positives significantly; 3) increase transparency; and 4) help find errors and noise in the data. We evaluate CapsRule on the CICDDoS2019 dataset that contains over a million of the most advanced Distributed Denial-of-Service (DDoS) attacks. The extensive evaluation shows that it generates accurate, high-fidelity, and comprehensible rules. CapsRule achieves an average accuracy of 99.0% and a false positive rate of 0.70% for reflection- and exploitation-based attacks. We verify that the learned features from the rulesets match our domain-specific knowledge. They also help find flaws in the dataset generation process and erroneous patterns caused by attack simulators.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.003 | 0.000 |
| Scholarly communication | 0.001 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.001 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it