Explainable Artificial Intelligence (XAI) has become a widely discussed topic, the related technologies facilitate better understanding of conventional black-box models like Random Forest, Neural Networks and etc. However, domain-specific applications of XAI are still insufficient. To fill this gap, this research analyzes various machine learning models to the tasks of binary and multi-class classification for intrusion detection from network traffic on the same dataset using occlusion sensitivity. The models evaluated include Linear Regression, Logistic Regression, Linear Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Random Forest, Decision Trees, and Multi-Layer Perceptrons (MLP). We trained all models to the accuracy of 90\% on the UNSW-NB15 Dataset. We found that most classifiers leverage only less than three critical features to achieve such accuracies, indicating that effective feature engineering could actually be far more important for intrusion detection than applying complicated models. We also discover that Random Forest provides the best performance in terms of accuracy, time efficiency and robustness. Data and code available at https://github.com/pcwhy/XML-IntrusionDetection.git

翻译：可解释人工智能（XAI）已成为广泛讨论的议题，其相关技术有助于更好地理解随机森林、神经网络等传统黑盒模型。然而，XAI在特定领域的应用仍显不足。为填补这一空白，本研究采用遮挡敏感度方法，在同一数据集上针对网络流量入侵检测的二分类与多分类任务，分析了多种机器学习模型。评估模型包括线性回归、逻辑回归、线性支持向量机（SVM）、K近邻算法（KNN）、随机森林、决策树以及多层感知机（MLP）。所有模型均在UNSW-NB15数据集上训练至90%准确率。研究发现，多数分类器仅依赖不足三个关键特征即可达到该准确率，这表明对于入侵检测任务，有效的特征工程可能远比采用复杂模型更为重要。同时，我们发现随机森林在准确率、时间效率与鲁棒性方面均表现最佳。数据与代码详见：https://github.com/pcwhy/XML-IntrusionDetection.git