Threat Detection Based on Explainable AI (XAI) and Hybrid Learning
Article Sidebar
Main Article Content
Abstract
The proliferation of IoT networks has necessitated advanced botnet intrusion detection systems beyond conventional security measures. This research addresses the critical challenge of "black box" machine learning models in network security by integrating explainable AI (XAI) with hybrid learning approaches. We developed and evaluated three hybrid ML classifiers—XGBoost, decision tree, and random forest—using the UNSW-NB15 dataset to distinguish between benign and malicious network traffic patterns. The performance metrics demonstrated that our classifier-comparison methodology effectively enhanced botnet detection capabilities within organizational network streams. By implementing XAI techniques through Scikit-Learn, LIME, ELI5, and SHAP libraries, we transformed opaque ML models into interpretable systems with clear decision rationales. The results confirm that XAI integration is both feasible and beneficial, offering network security professionals transparent insights into threat detection processes while maintaining high performance. This research bridges the gap between advanced ML detection capabilities and the interpretability requirements essential for practical security implementations.
Reason for Expression of Concern:
The Editors wish to alert readers to potential concerns regarding the reliability of the findings reported in “Threat Detection Based on Explainable AI (XAI) and Hybrid Learning”. The journal has initiated an additional editorial assessment of the article’s methodology, data provenance, and reported outcomes to confirm their reliability and reproducibility. This notice is issued to ensure transparency while the review is ongoing. The Expression of Concern does not constitute a final determination regarding the validity of the work. The journal will update readers once the assessment is completed and will take any necessary editorial action in accordance with the journal’s policies and COPE guidance.
See expression of concern available at:
https://doi.org/10.58496/2026/006
https://mesopotamian.press/journals/index.php/CyberSecurity/article/view/1029
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, D. Breitenbacher, A. Shabtai, and Y. Elovici, “N-BaIoT: Network-based detection of IoT botnet attacks using deep autoencoders”, IEEE Pervasive Computing, vol. 17, no. 3, pp. 12–22, Jul.-Sep. 2018.
[2] S. Garcia, M. Grill, H. Stiborek, and A. Zunino, “An empirical comparison of botnet detection methods”, Computers &. Security, vol. 45, pp. 100–123, Sep. 2014.
[3] W. Ren, X. Tong, J. Du et al., “Privacy-preserving using homomorphic encryption in mobile IoT systems”, Computer Communications, vol. 165, pp. 105–111, Jan. 2021.
[4] A. A. Abd El-Latif, B. Abd-El-Atty, S. E. Venegas-Andraca et al., “Providing end-to-end security using quantum walks in IoT networks”, IEEE Access, vol. 8, pp. 92687–92696, 2020.
[5] M. M. Ogonji, G. Okeyo, and J. M. Wafula, “A survey on privacy and security of Internet of Things” Computer Science Review, vol. 38, Art. no. 100312, Nov. 2020.
[6] G. De La Torre Parra, P. Rad, K.-K. R. Choo, and N. Beebe, “Detecting Internet of Things attacks using distributed deep learning”, Journal of Network and Computer Applications, vol. 163, Aug. 2020.
[7] I. Ali, A. I. A. Ahmed, A. Almogren et al., “Systematic literature review on IoT based botnet attack”, IEEE Access, vol. 8, pp. 212220–212232, 2020.
[8] A. Marzano, D. Alexander, O. Fonseca et al., “The Evolution of Bashlite and Mirai IoT Botnets”, IEEE Symposium on Computers and Communications (ISCC), Natal, Brazil, pp. 813–818, Jun. 2018.
[9] R. Kour, “Cybersecurity issues and challenges in Industry 4.0”, Applications and Challenges of Maintenance and Safety Engineering in Industry 4.0, Hershey, PA, USA: IGI Global, pp. 84–101, 2020.
[10] J. Prinsloo, S. Sinha, and B. von Solms, “A review of Industry 4.0 manufacturing process security risks”, Applied Sciences, vol. 9, no. 23, Dec. 2019.
[11] S. Dange and M. Chatterjee, “IoT botnet: The largest threat to the IoT network”, Data Communication and Networks: Advances in Intelligent Systems and Computing, Springer, Singapore, vol. 1049, pp. 137–157, 2020.
[12] L. Gupta, T. Salman, A. Ghubaish, D. Unal, A. K. Al-Ali, and R. Jain, “Cybersecurity of multi-cloud healthcare systems: A hierarchical deep learning approach”, Applied. Soft Computing, vol. 118, Mar. 2022.
[13] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine learning in IoT security: Current solutions and future challenges”, IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1686–1721, 3rd Quart. 2020.
[14] D. Krishnan and P. Babu, “Imbalanced classification for botnet detection in Internet of Things”, Next Generation of Internet of Things: Lecture Notes in Networks and Systems, Springer, vol. 201, pp. 595–605, 2021.
[15] S. Bagui and K. Li, “Resampling imbalanced data for network intrusion detection datasets”, Journal of Big Data, vol. 8, no. 1, Jan. 2021.
[16] T. N. Ghorsad and A. V. Zade, “Optimal feature picking for intrusion detection on the basis of explainable artificial intelligence”, Advances in Nonlinear Variational Inequalities, vol. 12, no. 11, pp. 1377–1385, 2024.
[17] B. Hariharan, S. V. N. Vishwanathan, and M. Varma, “Efficient max-margin multilabel classification with applications to zero-shot learning”, Machine Learning, vol. 88, no. 1-2, pp. 127–155, Jul. 2012.
[18] W. K. Mohammed, M. A. Taha, and S. M. Mohammed, “A novel hybrid fusion model for intrusion detection systems using benchmark checklist comparisons”, Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 216–232, Dec. 2024.
[19] A. M. Mahmood and İ. Avcı, “Cybersecurity defence mechanism against DDoS attack with explainability”, Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 278–290, Dec. 2024.
[20] T. Ali Abdalkareem, K. A. Zidan, and A. S. Albahri, “A systematic review of adversarial machine learning and deep learning applications”, Al-Iraqia Journal for Scientific Engineering Research, vol. 3, no. 4, pp. 14–40, Dec. 2024.
[21] B. M. Nema and S. J. Mohammed, “Secure location privacy transmitting information on cellular networks”, Iraqi Journal of Science, vol. 63, no. 11, pp. 5004–5014, Nov. 2022.