Explainable AI supported hybrid deep learnig method for layer 2 intrusion detection

With rapidly developing technology, digitalization environments are also expanding. Although this situation has many positive effects on daily life, the security vulnerabilities brought about by digitalization continue to be a major concern. There is a large network structure behind many applications provided to users by organizations. A substantial network infrastructure exists behind numerous applications made available to users by organisations. It is imperative that these extensive network infrastructures, which often contain sensitive data including personal, commercial, financial and security information, possess the capability to impede cyberattacks. This study proposes the creation of a Comprehensive Layer 2 - IDS (CL2-IDS) dataset for the development of IDS systems utilised in the local network structures of organisations, in conjunction with a hybrid deep learning (DL) model for the detection of attack vectors in the proposed dataset. The proposed hybrid model is obtained by using CNN (Convolutional Neural Networks) and Bi-LSTM (Bidirectional Long Short-Term Memory) models, which are widely used in areas such as image analysis and time series data. The proposed hybrid DL model achieved an accuracy of 95.28% in the classification of the CL2-IDS dataset. It is observed that the combination of these two deep learning models, which complement each other in various ways, yields successful results in the classification of the proposed CL2-IDS dataset. In the last part of the study, the effect of the features in the CL2IDS dataset on the classification is interpreted with SHapley Additive exPlanations (SHAP), an Explainable Artificial Intelligence (XAI) method. The study, CL2-IDS dataset and hybrid DL model, combinations of CNN and Bi-LSTM algorithms, facilitates the intrusion detection and exemplifies how DL models and XAI techniques can be used to support IDS systems.