Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Human-Centered Explainable AI for Security Enhancement: A Deep Intrusion Detection Framework

Md Muntasir Jahid Ayan, Md. Shahriar Rashid, Tazzina Afroze Hassan, Hossain Md. Mubashshir Jamil, Mahbubul Islam, Lisan Al Amin, Rupak Kumar Das, Farzana Akter, Faisal Quader

TL;DR

A novel IDS framework that integrated Explainable Artificial Intelligence (XAI) to enhance transparency in deep learning models was presented, demonstrating superior performance compared to traditional IDS and black-box deep learning models.

Abstract

The increasing complexity and frequency of cyber-threats demand intrusion detection systems (IDS) that are not only accurate but also interpretable. This paper presented a novel IDS framework that integrated Explainable Artificial Intelligence (XAI) to enhance transparency in deep learning models. The framework was evaluated experimentally using the benchmark dataset NSL-KDD, demonstrating superior performance compared to traditional IDS and black-box deep learning models. The proposed approach combined Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) networks for capturing temporal dependencies in traffic sequences. Our deep learning results showed that both CNN and LSTM reached 0.99 for accuracy, whereas LSTM outperformed CNN at macro average precision, recall, and F-1 score. For weighted average precision, recall, and F-1 score, both models scored almost similarly. To ensure interpretability, the XAI model SHapley Additive exPlanations (SHAP) was incorporated, enabling security analysts to understand and validate model decisions. Some notable influential features were srv_serror_rate, dst_host_srv_serror_rate, and serror_rate for both models, as pointed out by SHAP. We also conducted a trust-focused expert survey based on IPIP6 and Big Five personality traits via an interactive UI to evaluate the system's reliability and usability. This work highlighted the potential of combining performance and transparency in cybersecurity solutions and recommends future enhancements through adaptive learning for real-time threat detection.

Human-Centered Explainable AI for Security Enhancement: A Deep Intrusion Detection Framework

TL;DR

A novel IDS framework that integrated Explainable Artificial Intelligence (XAI) to enhance transparency in deep learning models was presented, demonstrating superior performance compared to traditional IDS and black-box deep learning models.

Abstract

The increasing complexity and frequency of cyber-threats demand intrusion detection systems (IDS) that are not only accurate but also interpretable. This paper presented a novel IDS framework that integrated Explainable Artificial Intelligence (XAI) to enhance transparency in deep learning models. The framework was evaluated experimentally using the benchmark dataset NSL-KDD, demonstrating superior performance compared to traditional IDS and black-box deep learning models. The proposed approach combined Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) networks for capturing temporal dependencies in traffic sequences. Our deep learning results showed that both CNN and LSTM reached 0.99 for accuracy, whereas LSTM outperformed CNN at macro average precision, recall, and F-1 score. For weighted average precision, recall, and F-1 score, both models scored almost similarly. To ensure interpretability, the XAI model SHapley Additive exPlanations (SHAP) was incorporated, enabling security analysts to understand and validate model decisions. Some notable influential features were srv_serror_rate, dst_host_srv_serror_rate, and serror_rate for both models, as pointed out by SHAP. We also conducted a trust-focused expert survey based on IPIP6 and Big Five personality traits via an interactive UI to evaluate the system's reliability and usability. This work highlighted the potential of combining performance and transparency in cybersecurity solutions and recommends future enhancements through adaptive learning for real-time threat detection.
Paper Structure (18 sections, 4 figures, 3 tables)

This paper contains 18 sections, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Project Overview
  5. Model Description
  6. Convolutional Neural Network (CNN)
  7. Long Short-Term Memory (LSTM)
  8. SHapley Additive exPlanations (SHAP)
  9. Dataset Description
  10. Preprocessing and Feature Engineering
  11. Performance Evaluation Metrics
  12. Result Analysis
  13. CNN and LSTM Model Performance
  14. Explainable AI Performance
  15. SHAP results for CNN
  16. ...and 3 more sections

Figures (4)

  • Figure 1: Our Proposed Framework for Trustworthy and Explainable Deep Learning-Based Network Intrusion Detection System and User Interface Driven Expert Verification Method.
  • Figure 2: Deep Learning Model Results for Intrusion Detection: (a) Confusion Matrix for CNN, (b) Confusion Matrix for LSTM, (c) ROC Curve for CNN, and (d) ROC Curve for LSTM.
  • Figure 3: SHAP Results for Deep Learning Models: (a) SHAP Results for CNN, (b) SHAP Results for LSTM.
  • Figure 4: Summary of user survey responses on a 5-point Likert scale