Detection of Malicious Network Traffic with Two-Stage XAI Framework
摘要
In the face of increasingly sophisticated flooding and DDoS attacks in cloud environments, traditional intrusion detection systems (IDS) that rely on signature matching and deep packet inspection struggle to cope with un-known variants. Meanwhile, purely machine learning-based models, despite their high detection accuracy, suffer from a lack of interpretability, hindering security teams from validating model decisions. To address these challenges, this study proposes an explainable artificial intelligence-based intrusion detection system (XAI IDS) featuring a two-stage detection architecture. The system integrates SHAP for global interpretation, LIME for local interpretation, and decision path visualization to reveal both overall feature contributions and individual inference processes. The experimental findings indicate that the proposed framework delivers strong results across key performance metrics, including accuracy, recall, and F1-score. Furthermore, the interpretability reports produced by the system help reduce the risks associated with black-box models, while also improving analysts’ confidence and comprehension of the model’s decision-making process.