Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks

Industrial networks are vulnerable to various cyber threats that can compromise their Confidentiality, Integrity, and Availability (CIA). To counter the increasing frequency of such threats, we designed and developed an Explainable Artificial Intelligence (XAI) integrated Deep Learning (DL)-based threat detection system (XDLTDS). We first employ a Long-Short Term Memory-AutoEncoder (LSTM-AE) to encode IIoT data and mitigate inference attacks. Then, we introduce an Attention-based Gated Recurrent Unit (AGRU) with softmax for multiclass threat classification in IIoT networks. To address the black-box nature of DL-based IDS, we use the Shapley Additive Explanations (SHAP) mechanism to provide transparency and trust for the system’s decisions. This interpretation helps SOC analysts understand why specific events are flagged as malicious by the XDLTDS framework. Our approach reduces the risk of sensitive data and reputation loss. We also present a Software-Defined Networking (SDN)-based deployment architecture for the XDLTDS framework. Extensive experiments with the N-BaIoT, Edge-IIoTset, and CIC-IDS2017 datasets confirm the effectiveness of XDLTDS against existing frameworks in addressing modern cybersecurity challenges and protecting industrial networks.