Visible to the public Unveiling MIMETIC: Interpreting Deep Learning Traffic Classifiers via XAI Techniques

TitleUnveiling MIMETIC: Interpreting Deep Learning Traffic Classifiers via XAI Techniques
Publication TypeConference Paper
Year of Publication2021
AuthorsNascita, Alfredo, Montieri, Antonio, Aceto, Giuseppe, Ciuonzo, Domenico, Persico, Valerio, Pescapè, Antonio
Conference Name2021 IEEE International Conference on Cyber Security and Resilience (CSR)
Date PublishedJuly 2021
PublisherIEEE
ISBN Number978-1-6654-0285-9
KeywordsDeep Learning, encrypted traffic, explainable artificial intelligence, Internet, law enforcement, learning (artificial intelligence), Limiting, mobile applications, Mobile handsets, Multimodal learning, pubcrawl, resilience, Resiliency, Scalability, Traffic classification, xai
AbstractThe widespread use of powerful mobile devices has deeply affected the mix of traffic traversing both the Internet and enterprise networks (with bring-your-own-device policies). Traffic encryption has become extremely common, and the quick proliferation of mobile apps and their simple distribution and update have created a specifically challenging scenario for traffic classification and its uses, especially network-security related ones. The recent rise of Deep Learning (DL) has responded to this challenge, by providing a solution to the time-consuming and human-limited handcrafted feature design, and better clas-sification performance. The counterpart of the advantages is the lack of interpretability of these black-box approaches, limiting or preventing their adoption in contexts where the reliability of results, or interpretability of polices is necessary. To cope with these limitations, eXplainable Artificial Intelligence (XAI) techniques have seen recent intensive research. Along these lines, our work applies XAI-based techniques (namely, Deep SHAP) to interpret the behavior of a state-of-the-art multimodal DL traffic classifier. As opposed to common results seen in XAI, we aim at a global interpretation, rather than sample-based ones. The results quantify the importance of each modality (payload- or header-based), and of specific subsets of inputs (e.g., TLS SNI and TCP Window Size) in determining the classification outcome, down to per-class (viz. application) level. The analysis is based on a publicly-released recent dataset focused on mobile app traffic.
URLhttps://ieeexplore.ieee.org/document/9527948
DOI10.1109/CSR51186.2021.9527948
Citation Keynascita_unveiling_2021