Enhanced Network Intrusion Detection Systems With Explainable Artificial Intelligence for Network Security

ABSTRACT The increasing complexity of cyber threats has exposed the limitations of traditional network intrusion detection systems (NIDSs), which struggle to keep pace with sophisticated attacks. The reliance on opaque AI models in NIDS has further compounded the issue, as security analysts often find it difficult to trust and understand the reasoning behind the alerts generated by these systems. This lack of transparency and interpretability undermines the effectiveness of NIDS and poses a challenge for organizations seeking to safeguard their digital infrastructure. To address these challenges, this study introduces XAINIDS, an advanced NIDS framework that incorporates explainable artificial intelligence (XAI) techniques, specifically local interpretable model‐agnostic explanations (LIME) and SHapley Additive exPlanations (SHAP). These techniques aim to demystify the AI decision‐making process, providing clear and understandable explanations for each detected threat. By doing so, XAINIDS enhances the trust and confidence of security analysts in the system's alerts. The proposed XAINIDS model processes network traffic data with a focus on critical features such as port number, received/sent packets, bytes, port alive duration, packet errors, and connection points. The integration of XAI into the NIDS framework has led to a significant improvement in interpretability without compromising accuracy. The model achieves a high accuracy rate of 96.10% on the UNRIDD dataset, outperforming traditional algorithms such as SVM, DT, kNN, RF, GB, XGB, and CatBoost. This marks a substantial advancement in network security solutions by offering a transparent view of AI‐driven decisions and paving the way for more reliable cybersecurity solutions.