Explainable artificial intelligence for web application threat detection: a systematic review
摘要
Web applications have become integral to critical sectors such as finance, healthcare, and e-commerce, making them prime targets for cyberattacks. Traditional security mechanisms, including Web Application Firewalls (WAFs) and signature-based Intrusion Detection Systems (IDS), struggle to detect zero-day exploits and context-aware attacks, creating the need for more adaptive and intelligent solutions. This survey provides a comprehensive review of Artificial Intelligence (AI)-driven approaches for web application threat detection, with a focus on prevalent attacks such as SQL Injection (SQLi) and Cross-Site Scripting (XSS). The paper systematically analyzes machine learning, deep learning, and transformer-based models, while highlighting the growing importance of Explainable AI (XAI) techniques like SHAP and LIME in improving transparency and analyst trust. We compare state-of-the-art models across widely used datasets (e.g., CSIC 2010, CICIDS2017, UNSW-NB15), evaluate their performance using standard metrics, and identify key limitations such as dataset constraints, high computational overhead, and lack of real-world deployment. Building on this analysis, the survey outlines open research challenges and proposes a future roadmap toward lightweight, scalable, and explainable IDS frameworks. By bridging accuracy with interpretability, this work aims to guide the development of next-generation AI-based systems capable of robustly defending modern web applications against evolving threats.