Designing an Explainable Intrusion Detection System (X-Ids) Using Machine Learning: A Framework for Transparency and Trust

Traditional machine learning-based Intrusion Detection Systems (IDS) operate as black boxes, creating critical challenges in cybersecurity. The opacity of models like deep neural networks erodes analyst trust, complicates incident response, and introduces compliance risks due to unexplainable threat classifications. The purpose of this works is to design an Explainable IDS (X-IDS) framework that integrates interpretable AI (XAI) with ML-driven detection and reduced time required to generate explanations per prediction, hence improve transparency and trust. The system features Multi-model architecture (Random Forest, SVM, DNN) with SHAP/LIME explanations, Real-time dashboard providing global feature importance and local prediction justifications and Human-centric design co-developed with security professionals. The Method includes the use of NSL-KDD and CICIDS2017 datasets, processed though Synthetic Minority Oversampling Technique (SMOTE) for imbalance correction. We did comparative analysis of interpretable (Decision Trees) vs. high-accuracy (DNN) models. Explainability through the use of SHAP for global feature attribution and LIME for instance-level explanations was introduced. The quantitative evaluation metrics (F1-score, latency) and human evaluation (15 security experts) were used. The Trust Enhancement which was 4.5/5 trustworthiness rating from analysts implies reduction of false positive dismissals by 78%. From NSL-KDD dataset, the Balanced Performance was 97% F1-score with 4.8miliseconds XAI overhead - optimal for Security Operation Centre (SOC) operations. The Mean incident triage time was observed to reduce from 18.7 to 6.2 minutes via intuitive explanations which implies improved actionable transparency. The system is Open Framework - Publicly available implementation that bridges accuracy-explainability gaps in ML in cybersecurity. This work demonstrates that strategic XAI integration transforms IDS from opaque alert generators into collaborative defence tools, enabling human-AI teamwork against evolving cyber threats.