Explainable Artificial Intelligence (XAI) has become a widely discussed topic, the related technologies facilitate better understanding of conventional black-box models like Random Forest, Neural Networks and etc. However, domain-specific applications of XAI are still insufficient. To fill this gap, this research analyzes various machine learning models to the tasks of binary and multi-class classification for intrusion detection from network traffic on the same dataset using occlusion sensitivity. The models evaluated include Linear Regression, Logistic Regression, Linear Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Random Forest, Decision Trees, and Multi-Layer Perceptrons (MLP). We trained all models to the accuracy of 90\% on the UNSW-NB15 Dataset. We found that most classifiers leverage only less than three critical features to achieve such accuracies, indicating that effective feature engineering could actually be far more important for intrusion detection than applying complicated models. We also discover that Random Forest provides the best performance in terms of accuracy, time efficiency and robustness. Data and code available at https://github.com/pcwhy/XML-IntrusionDetection.git

翻译：可解释人工智能已成为广泛讨论的话题，其相关技术有助于更好地理解随机森林、神经网络等传统黑盒模型。然而，可解释人工智能在特定领域的应用仍然不足。为填补这一空白，本研究采用遮挡敏感度方法，在同一数据集上针对网络流量入侵检测的二分类与多分类任务，分析了多种机器学习模型。评估的模型包括线性回归、逻辑回归、线性支持向量机、K近邻算法、随机森林、决策树和多层感知机。所有模型均在UNSW-NB15数据集上训练至90%的准确率。研究发现，大多数分类器仅依赖少于三个关键特征即可达到该准确率，这表明有效的特征工程对于入侵检测的实际重要性可能远超过应用复杂模型。我们还发现随机森林在准确率、时间效率和鲁棒性方面均表现最佳。数据与代码可通过https://github.com/pcwhy/XML-IntrusionDetection.git获取。