Explainable AI for intrusion detection systems: A model development and experts’ evaluation.

Abstract

This study sought to develop a transparent machine learning model for network intrusion detection that domain experts would trust for security decision-making. Intrusion detection systems using machine learning have shown promise but often lack interpretability, undermining user trust and deployment. A hybrid Random Forest/XGBoost classifier achieved over 99% accuracy and F1 score, outperforming previous literature. Post-hoc LIME explanations provided feature effect transparency. Nine domain experts from technical roles then evaluated the model’s reliability, explainability, and trustworthiness through a standardised process. While over half found the model reliable, one-third expressed uncertainty. Responses on performance explanations and trustworthiness assessments also varied thus suggesting opportunities to strengthen reliability communications and consolidate diverse perspectives. To optimise user confidence and model deployment, refinements targeting consistent explainability across audiences were proposed. Overall, high predictive performance validated effectiveness, but variable viewpoints from evaluations indicated the need to bolster reliability and trust explanations. With continued iterative evaluation and enhancements, this research framework holds promise for developing interpretable machine learning solutions trusted for complex security decision-making.