ENIXMA: ENsemble of EXplainable Methods for detecting network Attack

The Internet has become an integral societal component, with its accessibility being imperative. However, malicious actors strive to disrupt internet services and exploit service providers. Countering such challenges necessitates robust methods for identifying network attacks. Yet, prevailing approaches often grapple with compromised precision and limited interpretability. In this paper, we introduce a pioneering solution named ENIXMA, which harnesses a fusion of machine learning classifiers to enhance attack identification. We validate ENIXMA using the CICDDoS2019 dataset. Our approach achieves a remarkable 90% increase in attack detection precision on the balanced CICDDoS2019 dataset, signifying a substantial advancement compared to antecedent methodologies that registered a mere 3% precision gain. We employ diverse preprocessing and normalization techniques, including z-score, to refine the data. To surmount interpretability challenges, ENIXMA employs SHAP, LIME, and decision tree methods to pinpoint pivotal features in attack detection. Additionally, we scrutinize pivotal scenarios within the decision tree. Notably, ENIXMA not only attains elevated precision and interpretability but also showcases expedited performance in contrast to prior techniques.