Threat Detection Based on Explainable AI (XAI) and Hybrid Learning
Article Sidebar
Main Article Content
Abstract
The proliferation of IoT networks has necessitated advanced botnet intrusion detection systems beyond conventional security measures. This research addresses the critical challenge of "black box" machine learning models in network security by integrating explainable AI (XAI) with hybrid learning approaches. We developed and evaluated three hybrid ML classifiers—XGBoost, decision tree, and random forest—using the UNSW-NB15 dataset to distinguish between benign and malicious network traffic patterns. The performance metrics demonstrated that our classifier-comparison methodology effectively enhanced botnet detection capabilities within organizational network streams. By implementing XAI techniques through Scikit-Learn, LIME, ELI5, and SHAP libraries, we transformed opaque ML models into interpretable systems with clear decision rationales. The results confirm that XAI integration is both feasible and beneficial, offering network security professionals transparent insights into threat detection processes while maintaining high performance. This research bridges the gap between advanced ML detection capabilities and the interpretability requirements essential for practical security implementations.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, D. Breitenbacher, A. Shabtai, and Y. Elovici, “N-BaIoT: Network-based detection of IoT botnet attacks using deep autoencoders”, IEEE Pervasive Computing, vol. 17, no. 3, pp. 12–22, Jul.-Sep. 2018.
[2] S. Garcia, M. Grill, H. Stiborek, and A. Zunino, “An empirical comparison of botnet detection methods”, Computers &. Security, vol. 45, pp. 100–123, Sep. 2014.
[3] W. Ren, X. Tong, J. Du et al., “Privacy-preserving using homomorphic encryption in mobile IoT systems”, Computer Communications, vol. 165, pp. 105–111, Jan. 2021.
[4] A. A. Abd El-Latif, B. Abd-El-Atty, S. E. Venegas-Andraca et al., “Providing end-to-end security using quantum walks in IoT networks”, IEEE Access, vol. 8, pp. 92687–92696, 2020.
[5] M. M. Ogonji, G. Okeyo, and J. M. Wafula, “A survey on privacy and security of Internet of Things” Computer Science Review, vol. 38, Art. no. 100312, Nov. 2020.
[6] G. De La Torre Parra, P. Rad, K.-K. R. Choo, and N. Beebe, “Detecting Internet of Things attacks using distributed deep learning”, Journal of Network and Computer Applications, vol. 163, Aug. 2020.
[7] I. Ali, A. I. A. Ahmed, A. Almogren et al., “Systematic literature review on IoT based botnet attack”, IEEE Access, vol. 8, pp. 212220–212232, 2020.
[8] A. Marzano, D. Alexander, O. Fonseca et al., “The Evolution of Bashlite and Mirai IoT Botnets”, IEEE Symposium on Computers and Communications (ISCC), Natal, Brazil, pp. 813–818, Jun. 2018.
[9] R. Kour, “Cybersecurity issues and challenges in Industry 4.0”, Applications and Challenges of Maintenance and Safety Engineering in Industry 4.0, Hershey, PA, USA: IGI Global, pp. 84–101, 2020.
[10] J. Prinsloo, S. Sinha, and B. von Solms, “A review of Industry 4.0 manufacturing process security risks”, Applied Sciences, vol. 9, no. 23, Dec. 2019.
[11] S. Dange and M. Chatterjee, “IoT botnet: The largest threat to the IoT network”, Data Communication and Networks: Advances in Intelligent Systems and Computing, Springer, Singapore, vol. 1049, pp. 137–157, 2020.
[12] L. Gupta, T. Salman, A. Ghubaish, D. Unal, A. K. Al-Ali, and R. Jain, “Cybersecurity of multi-cloud healthcare systems: A hierarchical deep learning approach”, Applied. Soft Computing, vol. 118, Mar. 2022.
[13] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine learning in IoT security: Current solutions and future challenges”, IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1686–1721, 3rd Quart. 2020.
[14] D. Krishnan and P. Babu, “Imbalanced classification for botnet detection in Internet of Things”, Next Generation of Internet of Things: Lecture Notes in Networks and Systems, Springer, vol. 201, pp. 595–605, 2021.
[15] S. Bagui and K. Li, “Resampling imbalanced data for network intrusion detection datasets”, Journal of Big Data, vol. 8, no. 1, Jan. 2021.
[16] T. N. Ghorsad and A. V. Zade, “Optimal feature picking for intrusion detection on the basis of explainable artificial intelligence”, Advances in Nonlinear Variational Inequalities, vol. 12, no. 11, pp. 1377–1385, 2024.
[17] B. Hariharan, S. V. N. Vishwanathan, and M. Varma, “Efficient max-margin multilabel classification with applications to zero-shot learning”, Machine Learning, vol. 88, no. 1-2, pp. 127–155, Jul. 2012.
[18] W. K. Mohammed, M. A. Taha, and S. M. Mohammed, “A novel hybrid fusion model for intrusion detection systems using benchmark checklist comparisons”, Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 216–232, Dec. 2024.
[19] A. M. Mahmood and İ. Avcı, “Cybersecurity defence mechanism against DDoS attack with explainability”, Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 278–290, Dec. 2024.
[20] T. Ali Abdalkareem, K. A. Zidan, and A. S. Albahri, “A systematic review of adversarial machine learning and deep learning applications”, Al-Iraqia Journal for Scientific Engineering Research, vol. 3, no. 4, pp. 14–40, Dec. 2024.
[21] B. M. Nema and S. J. Mohammed, “Secure location privacy transmitting information on cellular networks”, Iraqi Journal of Science, vol. 63, no. 11, pp. 5004–5014, Nov. 2022.