Toward Enhanced Attack Detection and Explanation in Intrusion Detection System-Based IoT Environment Data

Securing the Internet of Things (IoT) against cyber threats is a formidable challenge, and Intrusion Detection Systems (IDS) play a critical role in this effort. However, the lack of transparent explanations for IDS decisions remains a significant concern. In response, we introduce a novel approach that leverages a blending model for attack classification and integrates counterfactual and Local Interpretable Model-Agnostic Explanations (LIME) techniques to enhance explanations. To assess the effectiveness of our approach, we conducted experiments using the recently introduced CICIoT2023 and IoTID20 datasets. These datasets are real-time and large-scale benchmark datasets for IoT environment attacks, offering a realistic and challenging scenario that captures the intricacies of intrusion detection in dynamic IoT environments. Our experimental results demonstrate significant improvements in attack detection accuracy compared to conventional IDS methods. Furthermore, our proposed approach provides clear and interpretable insights into the factors influencing classification decisions, empowering users to make informed security choices. Integrating blending model classification and explanation techniques enhances the security and reliability of IoT systems. Therefore, this work represents a significant advancement in IoT intrusion detection, offering a robust and transparent defense against large-scale cyber-attacks of IoT environment data.