Enhancing Cybersecurity Through Explainable AI: A Hybrid CNN-Reinforcement Learning Framework for Intelligent Threat Detection
摘要
Modern cyber systems face unprecedented challenges where cyber threats are developing at increasingly higher rates and are causing losses exceeding US$10 billion every year. Signature-based intrusion detection systems (IDS) perform poorly against zero-day attacks. These systems are reactive and depend on predetermined patterns. Recent AI-driven IDS models offer enhanced detection performance, but they still exhibit crucial shortcomings. These include weakness in adapting to emerging trends, black-box processes that undermine operational trust, and lack of real-time learning. This paper proposes a hybrid deep learning framework. The system integrates CNNs for feature extraction with reinforcement learning for decision optimization. SHAP analysis provides model interpretability. Within this framework, CNN spatial pattern identifications are used to extract complicated threat patterns and RL algorithms are used to continuously improve detection strategies as threat patterns change. When compared against several benchmark cybersecurity datasets such as UNSW-NB15 and CSE-CIC-IDS2018, excellent performance is observed with 88.51% accuracy and 88.21% F1-score and a micro-average ROC–AUC of 0.9938. This integration of SHAP explanations helps give feature-level insight into model decisions, which proves highly consistent with cybersecurity professional threat assessment practices. The suggested framework, therefore, goes beyond the classic signature-based IDS and the existing AI based methods in providing a better detection accuracy, explainability in many aspects of its operation, and adaptive learning ability that scales with the ever-changing nature of the emergent threats. Future work will focus on integrating federated learning for collaborative threat intelligence and edge computing optimization for distributed security architectures.