Cyber threats are evolving rapidly, necessitating advanced and interpretable detection mechanisms. Traditional machine learning models, while effective, often lack explainability and struggle with generalizing to unseen attacks. In this paper, a novel cyber threat detection framework is proposed that integrates Particle Swarm Optimization (PSO) for feature selection, Random Forest (RF) for classification, TreeSHAP for explainability in Gradient Boosted Decision Trees (GBDTs), and Zero-Shot Inference (ZSI) for detecting novel cyber threats. This work evaluates the approach using the UNSW-NB15 and ToN-IoT datasets, demonstrating that PSO reduces feature dimensionality, improving classification accuracy and computational efficiency. TreeSHAP provides insights into feature importance, aiding security analysts in understanding threat patterns. The ZSI model generalizes well to unseen attacks, achieving maximum accuracy on unknown threats. Comparative analysis shows proposed method outperforms traditional classifiers, achieving maximum accuracy and higher AUC-ROC. The proposed framework enhances cyber defense by improving accuracy, interpretability, and adaptability, making it a robust solution for real-world security applications.
Harish et al. (Tue,) studied this question.