Over the years, cyber-attacks have increased drastically, and their execution changed with time. One of the targets of cyber criminals is trying to obtain sensitive information from mobile, cloud, or generally IoT devices. To avoid those risks, different countermeasures have been developed and implemented. For instance, the IEC 60870-5-104 protocol was developed to define the systems used for remote control in electrical engineering and power system automation applications. Starting from these considerations, in this paper, we propose an intrusion detector based on explainable Deep Learning (DL) that is able to detect possible attacks. In a nutshell, we consider several DL models, i.e., AlexNet, DenseNet, EfficientNet, Inception, LeNet, MobileNet, ResNet50, Standard CNN, VGG16, and VGG19 to understand whether a network trace (stored in a PCAP file) is related to an attack. Moreover, to explain of the model attack prediction, we resort to two different Class Activation Mapping algorithms available in the literature: Grad-CAM++ and Score-CAM. As the last step, we also calculated the IF/IM-SSIM index to strengthen the robustness of the top-performing model and evaluate the similarity between the two CAM algorithms. Experimental results show the effectiveness of the proposed method, and we obtained an accuracy equal to 0.900 with the DenseNet. In conclusion, we applied the exact steps to a new dataset to confirm that the proposed methodology is scalable and applicable to other datasets and achieved promising results.