Explainable AI-based intrusion detection in IoT systems

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-04-04 DOI:10.1016/j.iot.2025.101589

Sarah Bin hulayyil , Shancang Li , Neetesh Saxena

{"title":"Explainable AI-based intrusion detection in IoT systems","authors":"Sarah Bin hulayyil , Shancang Li , Neetesh Saxena","doi":"10.1016/j.iot.2025.101589","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) systems are highly vulnerable to cyber attacks due to limited and/or default security measurements. Machine learning (ML) techniques bring a powerful weapon against the insecurities of IoT systems, such as intelligent intrusion detection systems (IDSs), vulnerability/threats detection, and behavioral analysis. ML-based IDSs offer a significant improvement in IoT security, but they also bring technical challenges, e.g., false positives, evolving attacks, data quality and bias, explainability and transparency, etc. Explainable Artificial Intelligence (XAI) can address these challenges by offering interpretable and comprehensible insights into the ML-based IDS decision-making process. A novel framework for an explainable IDS-based vulnerable IoT devices related to the Ripple20 vulnerability and its associated attacks. The framework integrates ML classifiers and XAI techniques to provide comprehensive and interpretable explanations for the IDS decisions. We evaluated this framework on various datasets, including a dataset collected from the labs and other public datasets, using binary and multi-classification models. The experimental results demonstrate the efficiency and accuracy of the framework in detecting and categorizing IoT vulnerabilities. The framework also offers benefits over conventional IDS systems, such as facilitating comprehension and confidence among security experts, enhancing the precision and efficiency of the detection procedure, and adapting to the dynamic IoT environment.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"31 ","pages":"Article 101589"},"PeriodicalIF":6.0000,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525001027","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) systems are highly vulnerable to cyber attacks due to limited and/or default security measurements. Machine learning (ML) techniques bring a powerful weapon against the insecurities of IoT systems, such as intelligent intrusion detection systems (IDSs), vulnerability/threats detection, and behavioral analysis. ML-based IDSs offer a significant improvement in IoT security, but they also bring technical challenges, e.g., false positives, evolving attacks, data quality and bias, explainability and transparency, etc. Explainable Artificial Intelligence (XAI) can address these challenges by offering interpretable and comprehensible insights into the ML-based IDS decision-making process. A novel framework for an explainable IDS-based vulnerable IoT devices related to the Ripple20 vulnerability and its associated attacks. The framework integrates ML classifiers and XAI techniques to provide comprehensive and interpretable explanations for the IDS decisions. We evaluated this framework on various datasets, including a dataset collected from the labs and other public datasets, using binary and multi-classification models. The experimental results demonstrate the efficiency and accuracy of the framework in detecting and categorizing IoT vulnerabilities. The framework also offers benefits over conventional IDS systems, such as facilitating comprehension and confidence among security experts, enhancing the precision and efficiency of the detection procedure, and adapting to the dynamic IoT environment.

查看原文本刊更多论文

物联网系统中可解释的基于ai的入侵检测

由于有限和/或默认的安全措施，物联网（IoT）系统极易受到网络攻击。机器学习（ML）技术为对抗物联网系统的不安全性带来了强大的武器，例如智能入侵检测系统（ids），漏洞/威胁检测和行为分析。基于机器学习的入侵防御系统为物联网安全性提供了显著的改进，但它们也带来了技术挑战，例如误报、不断发展的攻击、数据质量和偏差、可解释性和透明度等。可解释人工智能（XAI）可以通过为基于ml的IDS决策过程提供可解释和可理解的见解来解决这些挑战。针对与Ripple20漏洞及其相关攻击相关的可解释的基于ids的易受攻击物联网设备的新框架。该框架集成了ML分类器和XAI技术，为IDS决策提供全面且可解释的解释。我们在不同的数据集上评估了这个框架，包括从实验室收集的数据集和其他公共数据集，使用二元和多重分类模型。实验结果证明了该框架在检测和分类物联网漏洞方面的有效性和准确性。该框架还提供了优于传统IDS系统的优点，例如促进安全专家的理解和信心，提高检测程序的精度和效率，并适应动态物联网环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.