Detecting Cybersecurity Threats by Integrating Explainable AI with SHAP Interpretability and Strategic Data Sampling
This work addresses the need for trustworthy AI in cybersecurity operations centers, offering an incremental improvement by combining existing techniques for efficiency and transparency.
The paper tackled the problem of deploying transparent and trustworthy machine learning for cybersecurity threat detection by integrating Explainable AI with SHAP interpretability and strategic data sampling, resulting in maintained detection efficacy on the CIC-IDS2017 dataset while reducing computational overhead and providing actionable explanations.
The critical need for transparent and trustworthy machine learning in cybersecurity operations drives the development of this integrated Explainable AI (XAI) framework. Our methodology addresses three fundamental challenges in deploying AI for threat detection: handling massive datasets through Strategic Sampling Methodology that preserves class distributions while enabling efficient model development; ensuring experimental rigor via Automated Data Leakage Prevention that systematically identifies and removes contaminated features; and providing operational transparency through Integrated XAI Implementation using SHAP analysis for model-agnostic interpretability across algorithms. Applied to the CIC-IDS2017 dataset, our approach maintains detection efficacy while reducing computational overhead and delivering actionable explanations for security analysts. The framework demonstrates that explainability, computational efficiency, and experimental integrity can be simultaneously achieved, providing a robust foundation for deploying trustworthy AI systems in security operations centers where decision transparency is paramount.