TY - JOUR
T1 - Enhanced intrusion detection in cybersecurity through dimensionality reduction and explainable artificial intelligence
AU - Alamro, Hayam
AU - Alahmari, Sultan
AU - Nemri, Nadhem
AU - Aljebreen, Mohammed
AU - Alhashmi, Asma A.
AU - Alamro, Sulaiman
AU - Alqazzaz, Ali
AU - Al Duhayyim, Mesfer
N1 - Publisher Copyright:
© The Author(s) 2025.
PY - 2025/12
Y1 - 2025/12
N2 - Cybersecurity is one of the applications of controls, procedures, and technologies for protecting data, networks, programs, and systems from potential cyber threats. Malicious threats have become complex, and the leading task is to recognize obfuscated and mysterious malware, as the malware inventors utilize dissimilar evasion models for data covering to avert recognition by intrusion detection systems (IDSs). Artificial intelligence (AI) usage in cybersecurity is gradually becoming familiar, but the main task is the absence of interpretability and transparency of AI methods. Explainable AI (XAI) can tackle this problem by improving the understandability of AI techniques, permitting cyber-security experts to comprehend the decisions created by these methods and to recognize biases or errors. Recently, Machine learning (ML) and deep learning (DL) models have delivered automatic analytical intrusion detection procedures, providing numerous advantages. This study proposes an Enhanced Intrusion Detection in Cybersecurity through Dimensionality Reduction and Explainable Artificial Intelligence with Attention Mechanism in Deep Learning (EIDCDR-XAIADL) model. The main intention of the proposed EIDCDR-XAIADL model is to deliver a robust cybersecurity system that combines XAI to address the attacks. Initially, the proposed EIDCDR-XAIADL technique performs data normalization by using mean normalization to ensure uniform scaling of network traffic data. The multiverse optimization (MVO) technique selects the most appropriate and discriminative features. For the cybersecurity attack classification process, the hybrid of convolutional neural network (CNN), bi-directional gated recurrent unit (BiGRU), and attention mechanism (CNN-BiGRU-AM) technique is implemented. Moreover, the antlion optimization (ALO) technique adjusts the hyperparameter values of the CNN-BiGRU-AM method optimally and results in more excellent classification performance. Finally, Shapley Additive Explanations (SHAP) is utilized as an XAI technique to enhance threat detection and decision-making by providing trustworthy insights into AI-driven security systems. The experimental evaluation of the EIDCDR-XAIADL approach is examined under dual datasets. The experimental validation of the EIDCDR-XAIADL approach demonstrated a superior accuracy value of 99.19% and 99.12% under NSLKDD and CICIDS 2017 datasets.
AB - Cybersecurity is one of the applications of controls, procedures, and technologies for protecting data, networks, programs, and systems from potential cyber threats. Malicious threats have become complex, and the leading task is to recognize obfuscated and mysterious malware, as the malware inventors utilize dissimilar evasion models for data covering to avert recognition by intrusion detection systems (IDSs). Artificial intelligence (AI) usage in cybersecurity is gradually becoming familiar, but the main task is the absence of interpretability and transparency of AI methods. Explainable AI (XAI) can tackle this problem by improving the understandability of AI techniques, permitting cyber-security experts to comprehend the decisions created by these methods and to recognize biases or errors. Recently, Machine learning (ML) and deep learning (DL) models have delivered automatic analytical intrusion detection procedures, providing numerous advantages. This study proposes an Enhanced Intrusion Detection in Cybersecurity through Dimensionality Reduction and Explainable Artificial Intelligence with Attention Mechanism in Deep Learning (EIDCDR-XAIADL) model. The main intention of the proposed EIDCDR-XAIADL model is to deliver a robust cybersecurity system that combines XAI to address the attacks. Initially, the proposed EIDCDR-XAIADL technique performs data normalization by using mean normalization to ensure uniform scaling of network traffic data. The multiverse optimization (MVO) technique selects the most appropriate and discriminative features. For the cybersecurity attack classification process, the hybrid of convolutional neural network (CNN), bi-directional gated recurrent unit (BiGRU), and attention mechanism (CNN-BiGRU-AM) technique is implemented. Moreover, the antlion optimization (ALO) technique adjusts the hyperparameter values of the CNN-BiGRU-AM method optimally and results in more excellent classification performance. Finally, Shapley Additive Explanations (SHAP) is utilized as an XAI technique to enhance threat detection and decision-making by providing trustworthy insights into AI-driven security systems. The experimental evaluation of the EIDCDR-XAIADL approach is examined under dual datasets. The experimental validation of the EIDCDR-XAIADL approach demonstrated a superior accuracy value of 99.19% and 99.12% under NSLKDD and CICIDS 2017 datasets.
KW - Antlion optimization
KW - Cybersecurity
KW - Deep learning
KW - Explainable artificial intelligence
KW - Intrusion detection system
UR - https://www.scopus.com/pages/publications/105017755942
U2 - 10.1038/s41598-025-06761-9
DO - 10.1038/s41598-025-06761-9
M3 - Article
C2 - 41027964
AN - SCOPUS:105017755942
SN - 2045-2322
VL - 15
JO - Scientific Reports
JF - Scientific Reports
IS - 1
M1 - 33848
ER -