Explainable Anomaly and Intrusion Detection Intelligence for Platform Information Technology Using Dimensionality Reduction and Ensemble Learning

Abstract

Intrusion Detection Systems (IDS) for Platform Information Technology (PIT) Systems are deficient in capturing information, studies, assessments, research, and data for effectiveness. An IDS utilizes machine learning techniques to monitor cyber health, learn from malicious versus normal types of traffic, and implement automated protection measures for PIT systems. Ensemble learning is used for anomaly detection, malware detection, intrusion detection, and subtle or substantial changes in hardware or software. Ensemble learning can be used to differentiate static and dynamic commands, directives, and processes that are normal or abnormal by clustering similarities. This method assists with identification of abnormalities and grouping them. Dimensionality reduction minimizes the number of features currently being evaluated for selection. Principal Component Analysis (PCA) and Independent Component Analysis (ICA) is used to highlight the feature that is atypical in the test systems hardware and software baseline. These methods can be used for predictive and cyber health monitoring. Anomaly detection, identification, and discovery of PIT software resources, commands, and directives that have malicious intent. Ensemble learning and dimensionality reduction provide the foundation for an adaptable IDS that changes based on known (supervised) and unknown (unsupervised) environments, processes, programs, data, labels, and traffic. This paper proposes PCA, ICA, and ensemble learning methods for systematic use with PIT systems anomaly and intrusion detection intelligence. The trained IDS and cyber health model provides a software baseline for similar PIT systems. The IDS and preventative cyber health monitoring will be agnostic of the PIT system focusing on automatic test technology. Training the IDS and cyber health monitoring software on multiple PIT systems will provide research, data, and information that can be applied to these unique systems. The blending of normal and malicious behavior, processes, resources, and traffic provides information and data for changes in a PIT systems baseline configuration for even subtle deviations or changes in a systems hardware, software, or firmware. The continuous training, learning, and testing of the common agnostic intelligent anomaly detection and prevention tools provide system readiness to automatic test technology, cybersecurity health monitoring, and thorough detection of the slightest changes in normal system behavior. The application is expanded to include types of artificial neural networks, reinforcement learning, policy iteration, and value iteration in the future to advance the research and products for PIT systems.