This research presents an Explainable Deep Learning framework for Network Intrusion Detection, specifically designed to address the challenges of model transparency and extreme class imbalance. Using the CIC-IDS2017 dataset, the study implements a hybrid CNN-LSTM architecture to capture spatial and temporal feature dependencies in network traffic. Key Contributions: Imbalance Handling: Utilizes a hybrid resampling strategy (SMOTE and Random Undersampling) to significantly boost detection rates for rare attacks. High Performance: Achieved a test accuracy of 95.93% and a weighted F1-score of 0.97. Minority Class Improvement: Successfully increased the recall for the "Infiltration" attack category from 0% to 57%. Explainable AI (XAI): Integrates SHAP (SHapley Additive exPlanations) to provide transparent, feature-level justifications for every prediction, enabling cybersecurity analysts to trust and validate system alerts. This framework bridges the gap between complex black-box deep learning models and the practical need for actionable, interpretable insights in real-world cybersecurity environments.
Sushminthiran S (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: