Designing an Explainable Intrusion Detection System (X-Ids) Using Machine Learning: A Framework for Transparency and Trust
Article Sidebar
Main Article Content
Abstract
Traditional machine learning-based Intrusion Detection Systems (IDS) operate as black boxes, creating critical challenges in cybersecurity. The opacity of models like deep neural networks erodes analyst trust, complicates incident response, and introduces compliance risks due to unexplainable threat classifications. The purpose of this works is to design an Explainable IDS (X-IDS) framework that integrates interpretable AI (XAI) with ML-driven detection and reduced time required to generate explanations per prediction, hence improve transparency and trust. The system features Multi-model architecture (Random Forest, SVM, DNN) with SHAP/LIME explanations, Real-time dashboard providing global feature importance and local prediction justifications and Human-centric design co-developed with security professionals. The Method includes the use of NSL-KDD and CICIDS2017 datasets, processed though Synthetic Minority Oversampling Technique (SMOTE) for imbalance correction. We did comparative analysis of interpretable (Decision Trees) vs. high-accuracy (DNN) models. Explainability through the use of SHAP for global feature attribution and LIME for instance-level explanations was introduced. The quantitative evaluation metrics (F1-score, latency) and human evaluation (15 security experts) were used. The Trust Enhancement which was 4.5/5 trustworthiness rating from analysts implies reduction of false positive dismissals by 78%. From NSL-KDD dataset, the Balanced Performance was 97% F1-score with 4.8miliseconds XAI overhead - optimal for Security Operation Centre (SOC) operations. The Mean incident triage time was observed to reduce from 18.7 to 6.2 minutes via intuitive explanations which implies improved actionable transparency. The system is Open Framework - Publicly available implementation that bridges accuracy-explainability gaps in ML in cybersecurity. This work demonstrates that strategic XAI integration transforms IDS from opaque alert generators into collaborative defence tools, enabling human-AI teamwork against evolving cyber threats.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
References
Engineer, T. U. (2024). The Hidden crisis in cybersecurity: Why 94% of modern attacks evade traditional intrusion detection systems.Retrieved May 29 2025, [Online]. Available:https://timothy-urista.medium.com/the-hidden-crisis-in-cybersecurity-why-94-of-modern-attacks-evade-traditional-intrusion-detection-41b5e6857b2c
Cisomag. (2021). Importance of intrusion detection system in cybersecurity. CISO MAG | Cyber Security Magazine. Retrieved May 29 2025,[Online]. Available:https://cisomag.com/importance-of-intrusion-detection-system-in-cybersecurity/
Koorsen, F. (2024). Machine learning and artificial intelligence in intrusion detection. Koorsen Fire & Security Headquarters.Retrieved May 29 2025,[Online]. Available:http://blog.koorsen.com/machine-learning-and-artificial-intelligence-in-intrusion-detection
Talukder, M.A., Islam, M.M. & Uddin, M.A. (2024). Machine learning-based network intrusion detectionfor big and imbalanced data using oversampling, stacking feature embedding and feature extraction. J Big Data 11, 33, https://doi.org/10.1186/s40537-024-00886-w
Dini, P., Elhanashi, A., Begni, A., Saponara, S., Zheng, Q.& Gasmi, K. (2023). Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity. Applied Sciences, 13(13), 7507. https://doi.org/10.3390/app13137507
Kantharaju, V., Suresh, H., Niranjanamurthy, M., Ansarullah, S. I., Amin, F.& Alabrah, A. (2024). Machine learning based intrusion detection framework for detecting security attacks in internet of things. Scientific Reports, 14(1), 1-10, https://doi.org/10.1038/s41598-024-81535-3
Diana, L., Dini, P.& Paolini, D. (2025). Overview on Intrusion Detection Systems for Computers Networking Security. Computers, 14(3), 87, https://doi.org/10.3390/computers14030087
Mohale, V. Z.& Obagbuwa, I. C. (2025). Evaluating machine learning-based intrusion detection systems with explainable AI: enhancing transparency and interpretability. Frontiers in Computer Science, 7. Htpps://doi.org/10.3389/fcomp.2025.1520741
Subasi, O., Cree, J., Manzano, J.& Peterson, E. (2024). A critical assessment of interpretable and explainable machine learning for intrusion detection. arXiv (Cornell University). https://doi.org/10.48550/arxiv.2407.04009
Mtrue. (2024). AI & Machine Learning for Security Intrusion Detection. True Home Protection.Retrieved May 29 2025,[Online]. Available:https://www.truehomeprotection.com/leveraging-ai-and-machine-learning-for-advanced-intrusion-detection-in-commercial-security-systems/
Bold, R., Al-Khateeb, H.& Ersotelos, N. (2022). Reducing False Negatives in Ransomware Detection: A Critical Evaluation of Machine Learning Algorithms. Applied Sciences, 12(24), 12941. https://doi.org/10.3390/app122412941
Mohamed, N. (2025). Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms. Knowledge and Information Systems, 67, 6969-7055. https://doi.org/10.1007/s10115-025-02429-y
Murikah, W., Nthenge, J. K.& Musyoka, F. M. (2024). Bias and ethics of AI systems applied in auditing - A systematic review. Scientific African, 25, e02281, https://doi.org/10.1016/j.sciaf.2024.e02281
Loshin, P. (2019). Which is better: anomaly-based IDS or signature-based IDS? Search Security.Retrieved May 29 2025, [Online]. Available: https://www.techtarget.com/searchsecurity/tip/IDS-Signature-versus-anomaly-detection
CIS. (2021). Election Security Spotlight – Signature-Based vs Anomaly-Based Detection.Retrieved May 29 2025, [Online]. Available: https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-signature-based-vs-anomaly-based-detection /
N-able. (2021). Intrusion Detection System (IDS): Signature vs. Anomaly-Based.Retrieved May 29 2025,[Online]. Available:https://www.n-able.com/blog/intrusion-detection-system
Espinosa, C. & Espinosa, C. (2024). Signature vs. Anomaly-Based Detection: Which Is More Effective? - Blue Goat Cyber. Retrieved May 29 2025,[Online]. Available: https://bluegoatcyber.com/blog/signature-vs-anomaly-based-detection-which-is-more-effective/
Robinette, D. (2024). What are the Three Types of IDS?Retrieved May 29 2025, [Online]. Available: https://www.stamus-networks.com/blog/what-are-the-three-types-of-ids
Khoei, T. T.& Kaabouch, N. (2023). A comparative analysis of supervised and unsupervised models for detecting attacks on the intrusion detection systems. Information, 14(2), 103, https://doi.org/10.3390/info14020103
Wu, E. (2019). Supervised vs. Unsupervised ML for Threat Detection.Retrieved May 29 2025, [Online]. Available: https://www.extrahop.com/blog/supervised-vs-unsupervised-machine-learning-for-network-threat-detection
Milvus. (2025). What are the types of Explainable AI methods?Retrieved May 29 2025, [Online]. Available:https://milvus.io/ai-quick-reference/what-are-the-types-of-explainable-ai-methods
Samed A, &Seref S. (2025). Explainable artificial intelligence models in intrusion detection systems. Engineering Applications of Artificial Intelligence. 144, 110145, ISSN 0952-1976, https://doi.org/10.1016/j.engappai.2025.110145
Mohale, V. Z., & Obagbuwa, I. C. (2025b). A systematic review on the integration of explainable artificial intelligence in intrusion detection systems to enhancing transparency and interpretability in cybersecurity. Frontiers in Artificial Intelligence, 8. https://doi.org/10.3389/frai.2025.1526221.
Pawlicki, M., Pawlicka, A., Kozik, R., & Choraś, M. (2024). The survey on the dual nature of xAI challenges in intrusion detection and their potential for AI innovation. Artificial Intelligence Review, 57(12). https://doi.org/10.1007/s10462-024-10972-3
Larriva-Novo X, Pérez Miguel L, Villagra VA, Álvarez-Campana M, Sanchez-Zas C.&Jover Ó. (2024). Post-Hoc Categorization Based on Explainable AI and Reinforcement Learning for Improved Intrusion Detection. Applied Sciences. 14(24), 11511. https://doi.org/10.3390/app142411511
Tavallaee M., Bagheri E., Lu W. & Ghorbani A. A. (2009). A detailed analysis of the KDD CUP 99 data set. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 1-6. doi: 10.1109/CISDA.2009.5356528.
Sharafaldin, I., Lashkari, A. H. & Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization, Proceedings of the 4th International Conference on Information Systems Security and Privacy ICISSP, 1, 108-116. https://doi.org/10.5220/0006639801080116
Fernandez, A., Garcia, S., Herrera, F.& Chawla, N. V. (2018). SMOTE for Learning from Imbalanced Data: Progress and Challenges, Marking the 15-year Anniversary, Journal of Artificial Intelligence Research, 61, 863–905. https://doi.org/10.1613/jair.1.11192
Geron, A. (2019) Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow: Concepts, Tools, and Techniques to Build Intelligent Systems. 2nd Edition, O’Reilly Media, Inc., Sebastopol
Chandrashekar, G.& Sahin, F. (2014). A survey on feature selection methods. Computers & Electrical Engineering, 40(1), 16–28. https://doi.org/10.1016/j.compeleceng.2013.11.024
Breiman, L. (2001). Random Forests. Machine Learning 45, 5–32. https://doi.org/10.1023/A:1010933404324
Cortes, C. &Vapnik, V. (1995). Support-vector networks. Mach Learn 20, 273–297.https://doi.org/10.1007/BF00994018
Quinlan, J.R.(1986). Induction of Decision Trees. Machine Learning, 1,81-106.http://dx.doi.org/10.1007/BF00116251
Hosmer D.W. & Lemeshow, S. (2000) Applied Logistic Regression. 2nd Edition, Wiley, New York. https://doi.org/10.1002/0471722146 , https://onlinelibrary.wiley.com/doi/book/10.1002/0471722146
Lundberg, S.M. & Lee, S. I. (2017) A Unified Approach to Interpreting Model Predictions. Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 December 2017, 4766-4777. @inproceedings. 10.1145/2939672.2939778
Ribeiro, M. T., Singh, S. & Guestrin, C. (2026).Why Should I Trust You?": Explaining the Predictions of Any Classifier. Association for Computing Machinery New York, NY, USA. KDD '16. 1135–1144. https://doi.org/10.1145/2939672.2939778
Sokolova, M.& Lapalme, G. (2009). A Systematic Analysis of Performance Measures for Classification Tasks. Information Processing & Management, 45, 427-437. https://doi.org/10.1016/j.ipm.2009.03.002
Bradley, A.P. (1997). The Use of the Area under the ROC Curve in the Evaluation of Machine Learning Algorithms. Pattern Recognition, 30, 1145-1159. https://doi.org/10.1016/S0031-3203(96)00142-2
Guidotti, R., Monreale, A., Giannotti, F., Pedreschi, D., Ruggieri, S. & Turini. F. (2019). Factual and Counterfactual Explanations for Black Box Decision Making. IEEE Intelligent Systems, 34(6), 14-23. doi: 10.1109/MIS.2019.2957223.
Hoffman, R. R., Klein, G.& Mueller, S. T. (2018). Explaining Explanation For “Explainable Ai”. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 62(1), 197-201. https://doi.org/10.1177/1541931218621047
Snoek, J., Larochelle, H. & Adams, R. P. (2021). Practical Bayesian Optimization of Machine Learning Algorithms. https://doi.org/10.48550/arXiv.1206.2944
Verma, A.& Jain, A.(2024). Explainable Artificial Intelligence (XAI): Enhancing AI transparency. Retrieved may 29 2025, [Online]. Available: https://www.pickl.ai/blog/explainable-artificial-intelligence//
Nikiforidis, K., Kyrtsoglou, A., Vafeiadis, T., Kotsiopoulos, T., Nizamis, A., Ioannidis, D., Votis, K., Tzovaras, D.& Sarigiannidis, P. (2024). Enhancing transparency and trust in AI-powered manufacturing: A survey of explainable AI (XAI) applications in smart manufacturing in the era of industry 4.0/5.0. ICT Express. https://doi.org/10.1016/j.icte.2024.12.001