An interpretable deep learning framework for intrusion detection in industrial Internet of Things

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-07-02 DOI:10.1016/j.iot.2025.101681

Jawad Ahmad , Shahid Latif , Imdad Ullah Khan , Mohammed S. Alshehri , Muhammad Shahbaz Khan , Nada Alasbali , Weiwei Jiang

{"title":"An interpretable deep learning framework for intrusion detection in industrial Internet of Things","authors":"Jawad Ahmad , Shahid Latif , Imdad Ullah Khan , Mohammed S. Alshehri , Muhammad Shahbaz Khan , Nada Alasbali , Weiwei Jiang","doi":"10.1016/j.iot.2025.101681","DOIUrl":null,"url":null,"abstract":"<div><div>The Industrial Internet of Things (IIoT) has revolutionized smart industries by optimizing industrial operations and accelerating the decision-making process. However, its inherently distributed architecture presents complex and evolving security threats. Traditional machine learning (ML) and deep learning (DL)-based intrusion detection systems (IDSs) often lack interpretability, which undermines their trustworthiness in critical IIoT environments. To overcome these limitations, we propose XGRU-IDS, an explainable hybrid DL-based IDS that combines the strengths of the Extra Trees Classifier (ETC) for feature selection and Gated Recurrent Units (GRU) for sequential attack detection. The ETC enhances model input quality by identifying the most influential features, while the GRU processes temporal dependencies to detect sophisticated intrusion patterns. Explainability is ensured through SHapley Additive exPlanations (SHAP), which offer class-wise insights via summary plots, feature importance scores, and force plots. XGRU-IDS is evaluated on the multiclass CICIoT2023 dataset, which covers all 34 attack types. It achieves 97.56% accuracy, outperforming recent state-of-the-art DL and explainable IDS approaches. This work demonstrates that high detection accuracy can coexist with transparency, providing a robust and trustworthy IDS solution for resource-constrained IIoT networks.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101681"},"PeriodicalIF":6.0000,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525001957","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Industrial Internet of Things (IIoT) has revolutionized smart industries by optimizing industrial operations and accelerating the decision-making process. However, its inherently distributed architecture presents complex and evolving security threats. Traditional machine learning (ML) and deep learning (DL)-based intrusion detection systems (IDSs) often lack interpretability, which undermines their trustworthiness in critical IIoT environments. To overcome these limitations, we propose XGRU-IDS, an explainable hybrid DL-based IDS that combines the strengths of the Extra Trees Classifier (ETC) for feature selection and Gated Recurrent Units (GRU) for sequential attack detection. The ETC enhances model input quality by identifying the most influential features, while the GRU processes temporal dependencies to detect sophisticated intrusion patterns. Explainability is ensured through SHapley Additive exPlanations (SHAP), which offer class-wise insights via summary plots, feature importance scores, and force plots. XGRU-IDS is evaluated on the multiclass CICIoT2023 dataset, which covers all 34 attack types. It achieves 97.56% accuracy, outperforming recent state-of-the-art DL and explainable IDS approaches. This work demonstrates that high detection accuracy can coexist with transparency, providing a robust and trustworthy IDS solution for resource-constrained IIoT networks.

查看原文本刊更多论文

面向工业物联网入侵检测的可解释深度学习框架

工业物联网（IIoT）通过优化工业运营和加速决策过程，彻底改变了智能工业。然而，其固有的分布式体系结构带来了复杂和不断发展的安全威胁。传统的基于机器学习（ML）和深度学习（DL）的入侵检测系统（ids）通常缺乏可解释性，这破坏了它们在关键的工业物联网环境中的可信度。为了克服这些限制，我们提出了XGRU-IDS，这是一种可解释的基于dl的混合IDS，它结合了额外树分类器（ETC）用于特征选择和门控循环单元（GRU）用于顺序攻击检测的优势。ETC通过识别最具影响力的特征来提高模型输入质量，而GRU通过处理时间依赖性来检测复杂的入侵模式。可解释性是通过SHapley加性解释（SHAP）来确保的，它通过总结图、特征重要性分数和力图提供了类明智的见解。XGRU-IDS在CICIoT2023多类数据集上进行了评估，该数据集涵盖了所有34种攻击类型。它达到了97.56%的准确率，优于最近最先进的深度学习和可解释的IDS方法。这项工作表明，高检测精度可以与透明度共存，为资源受限的IIoT网络提供了强大且值得信赖的IDS解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.