IoT-based intrusion detection system using explainable multi-class deep learning approaches

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-03-28 DOI:10.1016/j.compeleceng.2025.110256

Sapna Sadhwani, Ameya Navare, Alan Mohan, Raja Muthalagu, Pranav M. Pawar

{"title":"IoT-based intrusion detection system using explainable multi-class deep learning approaches","authors":"Sapna Sadhwani, Ameya Navare, Alan Mohan, Raja Muthalagu, Pranav M. Pawar","doi":"10.1016/j.compeleceng.2025.110256","DOIUrl":null,"url":null,"abstract":"<div><div>With the surge in Internet of Things (IoT) across various domains and the rise in security threats, researchers have developed Intrusion Detection Systems (IDS) attacks in networks. These Machine Learning (ML) and Deep Learning (DL) models are powerful in detecting and classifying attacks; however, they have a black-box nature and lack interpretability. Explainable Artificial Intelligence (XAI) works towards this and improves the model's transparency and trustworthiness with research in XAI increasing significantly. However, its application within cybersecurity and IoT Intrusion Detection, particularly, requires more work to interpret various IDS models and provide explanations on how various cyber-attacks occur. This work proposes various DL-based IDS trained on four datasets: NSL-KDD, UNSW-NB15, TON-IoT and X-IIoTID and applies XAI using Shapely Additive Explanations (SHAP) to interpret these models. Utilizing four datasets captures diverse network environments to thoroughly evaluate and interpret the model. Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) and Bidirectional LSTM (Bi-LSTM) based models were trained for multi-class classification. The best model (based on performance and training time) was chosen for each dataset and SHAP was applied to it. Furthermore, a novel set of 15 features, which impacted the model's decisions the most, were extracted using explanations generated from SHAP. The models trained on these reduced features required less training time without significant impact on training time and achieving a higher performance in comparison to peer models. This work achieves model accuracies of 98.21 % in NSL-KDD, 97.80 % in TON-IoT, 92.9 % in UNSW-NB15 and 98.09 % in X-IIoTID dataset using a CNN-based model, CNN-X and using a subset of only 15 features in each dataset. This work achieves high model performances, while improving the efficiency and interpretability of IDS.</div><div>© 2017 Elsevier Inc. All rights reserved.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"123 ","pages":"Article 110256"},"PeriodicalIF":4.0000,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625001995","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the surge in Internet of Things (IoT) across various domains and the rise in security threats, researchers have developed Intrusion Detection Systems (IDS) attacks in networks. These Machine Learning (ML) and Deep Learning (DL) models are powerful in detecting and classifying attacks; however, they have a black-box nature and lack interpretability. Explainable Artificial Intelligence (XAI) works towards this and improves the model's transparency and trustworthiness with research in XAI increasing significantly. However, its application within cybersecurity and IoT Intrusion Detection, particularly, requires more work to interpret various IDS models and provide explanations on how various cyber-attacks occur. This work proposes various DL-based IDS trained on four datasets: NSL-KDD, UNSW-NB15, TON-IoT and X-IIoTID and applies XAI using Shapely Additive Explanations (SHAP) to interpret these models. Utilizing four datasets captures diverse network environments to thoroughly evaluate and interpret the model. Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) and Bidirectional LSTM (Bi-LSTM) based models were trained for multi-class classification. The best model (based on performance and training time) was chosen for each dataset and SHAP was applied to it. Furthermore, a novel set of 15 features, which impacted the model's decisions the most, were extracted using explanations generated from SHAP. The models trained on these reduced features required less training time without significant impact on training time and achieving a higher performance in comparison to peer models. This work achieves model accuracies of 98.21 % in NSL-KDD, 97.80 % in TON-IoT, 92.9 % in UNSW-NB15 and 98.09 % in X-IIoTID dataset using a CNN-based model, CNN-X and using a subset of only 15 features in each dataset. This work achieves high model performances, while improving the efficiency and interpretability of IDS.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.