Intrusion Detection System: A Multimodal Analysis-based Machine Learning with Emphasis on Interpretability
DOI:
https://doi.org/10.12928/biste.v8i3.16024Keywords:
Intrusion Detection, Intrusion Detection System, Machine Learning, Interpretability, Multimodal AnalysisAbstract
Detecting persistent threats, whether APTs or nonAPTs, is a constant challenge in the field of cybersecurity due to the multiplicity of attacks, their stealthy nature, and their multi-stage targeting of information systems over extended periods. The rigor of intrusion detection system selection is measured by its ability to detect these threats in their early stages and by the fundamental characteristics of network traffic. However, due to the large number of characteristics, some may be unrelated or of limited importance in determining the severity of malicious activity. Accordingly, selecting and defining relevant and influential characteristics for intrusion detection has become a necessity, especially in resource-constrained environments. In this paper, a set of machine learning algorithms (XGBoost, Random Forest, Support Vector Machine, Hybrid Decision Tree) was adopted in conjunction with artificial intelligence pre-interpretation (XAI) techniques to develop an intrusion detection model in a resource-constrained environment. The datasets CICAPT-IIoT, CICIoT2023, IoT-23 were used after preprocessing. XAI techniques were employed in two phases: first, during preprocessing to identify key features of the selected datasets, and second, during post-processing for interpretation. A real-world application based on the proposed model was developed to validate its accuracy and applicability in intrusion detection. Extensive testing demonstrated the superiority of the (XGBoost) algorithm with its accuracy (the CICIoT2023 dataset, achieving an F1-score of 0.9925, precision of 0.9933, recall of 0.9920, and an almost perfect ROC-AUC of 0.9999. the CICAPT-IIoT dataset scoring 99.16%, 0.9810 F1 score. And on the IoT-23 dataset accuracy 99.69% and achieved balanced precision, recall and F1-score of 0.9969). The study was distinguished by its reduction of complexity and improved performance of the proposed model.
References
K. V. V. N. L. Sai Kiran, R. N. K. Devisetty, N. P. Kalyan, K. Mukundini, and R. Karthi, “Building a Intrusion Detection System for IoT Environment using Machine Learning Techniques,” Procedia Comput. Sci., vol. 171, no. 2019, pp. 2372–2379, 2020, https://doi.org/10.1016/j.procs.2020.04.257.
A. Verma and V. Ranga, “Machine Learning Based Intrusion Detection Systems for IoT Applications,” Wirel. Pers. Commun., vol. 111, no. 4, pp. 2287–2310, 2020, https://doi.org/10.1007/s11277-019-06986-8.
M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. Markakis, “A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues,” IEEE Commun. Surv. Tutorials, vol. 22, no. 2, pp. 1191–1221, 2020, https://doi.org/10.1109/COMST.2019.2962586.
M. ElKashlan, M. S. Elsayed, A. D. Jurcut, and M. Azer, “A Machine Learning-Based Intrusion Detection System for IoT Electric Vehicle Charging Stations (EVCSs),” Electron., vol. 12, no. 4, pp. 1–17, 2023, https://doi.org/10.3390/electronics12041044.
H. Jiang, Z. He, G. Ye, and H. Zhang, “Network Intrusion Detection Based on PSO-Xgboost Model,” IEEE Access, vol. 8, pp. 58392–58401, 2020, https://doi.org/10.1109/ACCESS.2020.2982418.
M. Mohammadi et al., “A comprehensive survey and taxonomy of the SVM-based intrusion detection systems,” J. Netw. Comput. Appl., vol. 178, no. January, p. 102983, 2021, https://doi.org/10.1016/j.jnca.2021.102983.
N. Elsayed, Z. S. Zaghloul, S. W. Azumah, and C. Li, “Intrusion Detection System in Smart Home Network Using Bidirectional LSTM and Convolutional Neural Networks Hybrid Model,” Midwest Symp. Circuits Syst., vol. 2021-Augus, pp. 55–58, 2021, https://doi.org/10.1109/MWSCAS47672.2021.9531683.
G. Dorado, S. Gálvez, and M. del P. Dorado, “Computer firewalls: security and privacy protection for Mac—review,” Big Data Inf. Anal., vol. 6, no. 0, pp. 1–11, 2021, https://doi.org/10.3934/bdia.2021001.
M. A. Umar, Z. Chen, and Y. Liu, “A Hybrid Intrusion Detection with Decision Tree for Feature Selection,” Inf. Secur. An Int. J., pp. 1–16, 2021, https://doi.org/10.11610/isij.4901.
G. Kocher and G. Kumar, “Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges,” Soft Comput., vol. 25, no. 15, pp. 9731–9763, 2021, https://doi.org/10.1007/s00500-021-05893-0.
S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, vol. 7, no. 1, 2020, https://doi.org/10.1186/s40537-020-00379-6.
M. Asif, S. Abbas, M. A. Khan, A. Fatima, M. A. Khan, and S. W. Lee, “MapReduce based intelligent model for intrusion detection using machine learning technique,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 10, pp. 9723–9731, 2022, https://doi.org/10.1016/j.jksuci.2021.12.008.
A. Alrefaei and M. Ilyas, “Using Machine Learning Multiclass Classification Technique to Detect IoT Attacks in Real Time,” Sensors, vol. 24, no. 14, 2024, https://doi.org/10.3390/s24144516.
A. S. AL-Aamri, R. Abdulghafor, S. Turaev, I. Al-Shaikhli, A. Zeki, and S. Talib, “Machine Learning for APT Detection,” Sustain., vol. 15, no. 18, 2023, https://doi.org/10.3390/su151813820.
A. R. Gad, A. A. Nashat, and T. M. Barkat, “Intrusion Detection System Using Machine Learning for Vehicular Ad Hoc Networks Based on ToN-IoT Dataset,” IEEE Access, vol. 9, pp. 142206–142217, 2021, https://doi.org/10.1109/ACCESS.2021.3120626.
E. E. Abdallah, W. Eleisah, A. F. Otoom, and I. I. Ahmed, “Intrusion Detection Systems using Supervised Machine Learning Techniques : survey,” Procedia Comput. Sci., vol. 201, pp. 205–212, 2022, https://doi.org/10.1016/j.procs.2022.03.029.
J. Ables et al., “Eclectic Rule Extraction for Explainability of Deep Neural Network based Intrusion Detection Systems,” arXiv preprint arXiv:2401.10207, 2024, https://doi.org/10.1016/j.procs.2022.03.029.
P. Sharon Femi, K. Ashwini, A. Kala, and V. Rajalakshmi, “Explainable Artificial Intelligence for Cybersecurity,” Wirel. Commun. Cybersecurity, pp. 149–174, 2023, https://doi.org/10.1002/9781119910619.ch7.
S. A. Memon, U. K. Wiil, and M. Shaikh, “Explainable Intrusion Detection for Internet of Medical Things,” Int. Jt. Conf. Knowl. Discov. Knowl. Eng. Knowl. Manag. IC3K - Proc., vol. 3, no. Ic3k, pp. 40–51, 2023, https://doi.org/10.5220/0012210300003598.
I. Malashin, V. Tynchenko, A. Gantimurov, and V. Nelyub, “Support Vector Machines in Polymer Science: A Review,” Polymers, vol. 17, no. 4, p. 491, 2025, https://doi.org/10.3390/polym1740491.
M. Wang, K. Zheng, Y. Yang, and X. Wang, “An Explainable Machine Learning Framework for Intrusion Detection Systems,” IEEE Access, vol. 8, pp. 73127–73141, 2020, https://doi.org/10.1109/ACCESS.2020.2988359.
S. S. Dhaliwal, A. Al Nahid, and R. Abbas, “Effective intrusion detection system using XGBoost,” Inf., vol. 9, no. 7, 2018, https://doi.org/10.3390/info9070149.
Y. Hosain and M. Çakmak, “XAI-XGBoost: an innovative explainable intrusion detection approach for securing internet of medical things systems,” Sci. Rep., vol. 15, no. 1, pp. 0–17, 2025, https://doi.org/10.1038/s41598-025-07790-0.
S. Hizal, U. Cavusoglu, and D. Akgun, “A novel deep learning-based intrusion detection system for IoT DDoS security,” Internet of Things (Netherlands), vol. 28, 2024, https://doi.org/10.1016/j.iot.2024.101336.
B. Xu, L. Sun, X. Mao, R. Ding, and C. Liu, “IoT Intrusion Detection System Based on Machine Learning,” Electron., vol. 12, no. 20, 2023, https://doi.org/10.3390/electronics12204289.
V. Malele and T. E. Mathonsi, “Testing the performance of Multi-class IDS public dataset using Supervised Machine Learning Algorithms,” arXiv preprint arXiv:2302.14374, 2023, https://doi.org/10.48550/arXiv.2302.14374.
N. Y. Jien, M. Tahir, M. Dabbagh, Y. K. Meng, and A. Farooq, “Performance Evaluation of Machine Learning Algorithms for Intrusion Detection in IoT Applications,” 4th IEEE Int. Conf. Artif. Intell. Eng. Technol. IICAIET 2022, pp. 1–6, 2022, https://doi.org/10.1109/IICAIET55139.2022.9936863.
Y. M. Banadaki, “Evaluating the performance of machine learning algorithms for network intrusion detection systems in the internet of things infrastructure,” J. Adv. Comput. Sci. Technol., vol. 9, no. 1, pp. 14–20, 2020, https://doi.org/10.14419/jacst.v9i1.30992.
S. Akram, M. A. Iqbal, M. Rashid, M. S. Bhatti, and B. Fida, “A Hybrid Deep Learning Framework for Early-Stage Alzheimer’s Disease Classification From Neuro-Imaging Biomarkers,” IEEE Access, vol. 13, pp. 101662–101680, 2025, https://doi.org/10.1109/ACCESS.2025.3574039.
A. M. Banaamah and I. Ahmad, “Intrusion Detection in IoT Using Deep Learning,” Sensors, vol. 22, no. 21, 2022, https://doi.org/10.3390/s22218417.
M. Bacevicius, A. Paulauskaite-Taraseviciene, G. Zokaityte, L. Kersys, and A. Moleikaityte, “Comparative Analysis of Perturbation Techniques in LIME for Intrusion Detection Enhancement,” Mach. Learn. Knowl. Extr., vol. 7, no. 1, pp. 1–18, 2025, https://doi.org/10.3390/make7010021.
H. Ghani, S. Salekzamankhani, and B. Virdee, “Statistical and Multivariate Analysis of the IoT-23 Dataset : A Comprehensive Approach to Network Traffic Pattern Discovery,” vol. 2028, pp. 1–22, 2025, https://doi.org/10.3390/jcp5040112.
T. Chen and C. Guestrin, “Xgboost: A scalable tree boosting system,” In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pp. 785-794, 2016, https://doi.org/10.1145/2939672.2939785.
H. A. Salman, A. Kalakech, and A. Steiti, “Random Forest Algorithm Overview,” Babylonian Journal of Machine Learning, vol. 2024, pp. 69–79, 2024, https://doi.org/10.58496/BJML/2024/007.
A. Khanan, Y. Abdelgadir Mohamed, A. H. H. M. Mohamed, and M. Bashir, “From Bytes to Insights: A Systematic Literature Review on Unraveling IDS Datasets for Enhanced Cybersecurity Understanding,” IEEE Access, vol. 12, pp. 59289–59317, 2024, https://doi.org/10.1109/ACCESS.2024.3392338.
A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi, and R. Ahmad, “Machine Learning and Deep Learning Approaches for CyberSecurity: A Review,” IEEE Access, vol. 10, pp. 19572–19585, 2022, https://doi.org/10.1109/ACCESS.2022.3151248.
E. Altulaihan, M. A. Almaiah, and A. Aljughaiman, “Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms,” Sensors, vol. 24, no. 2, 2024, https://doi.org/10.3390/s24020713.
C. Do Xuan, “Detecting APT attacks based on network traffic using machine learning,” J. Web Eng., vol. 20, no. 1, pp. 171–190, 2021, https://doi.org/10.13052/jwe1540-9589.2019.
D. Upadhyay, J. Manero, M. Zaman, and S. Sampalli, “Intrusion Detection in SCADA Based Power Grids: Recursive Feature Elimination Model with Majority Vote Ensemble Algorithm,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 3, pp. 2559–2574, 2021, https://doi.org/10.1109/TNSE.2021.3099371.
B. R. Kikissagbe and M. Adda, “Machine Learning-Based Intrusion Detection Methods in IoT Systems: A Comprehensive Review,” Electron., vol. 13, no. 18, 2024, https://doi.org/10.3390/electronics13183601.
E. Alhajjar, P. Maxwell, and N. Bastian, “Adversarial machine learning in Network Intrusion Detection Systems,” Expert Syst. Appl., vol. 186, pp. 1–25, 2021, https://doi.org/10.1016/j.eswa.2021.115782.
A. Heidari and M. A. Jabraeil Jamali, “Internet of Things intrusion detection systems: a comprehensive review and future directions,” Cluster Comput., vol. 26, no. 6, pp. 3753–3780, 2023, https://doi.org/10.1007/s10586-022-03776-z.
T. R. Mahesh, V. Vivek, and V. Kumar, “Implementation of Machine Learning-Based Data Mining Techniques for IDS,” Int. J. Inf. Technol. Res. Appl., vol. 2, no. 1, pp. 7–13, 2023, https://doi.org/10.59461/ijitra.v2i1.23.
Y. K. Saheed and M. O. Arowolo, “Efficient Cyber Attack Detection on the Internet of Medical Things-Smart Environment Based on Deep Recurrent Neural Network and Machine Learning Algorithms,” IEEE Access, vol. 9, pp. 161546–161554, 2021, https://doi.org/10.1109/ACCESS.2021.3128837.
R. Younisse, A. Ahmad, and Q. Abu Al-Haija, “Explaining Intrusion Detection-Based Convolutional Neural Networks Using Shapley Additive Explanations (SHAP),” Big Data Cogn. Comput., vol. 6, no. 4, 2022, https://doi.org/10.3390/bdcc6040126.
V. Z. Mohale and I. C. Obagbuwa, “Evaluating machine learning-based intrusion detection systems with explainable AI: enhancing transparency and interpretability,” Front. Comput. Sci., vol. 7, pp. 1–23, 2025, https://doi.org/10.3389/fcomp.2025.1520741.
S. Neupane et al., “Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities,” IEEE Access, vol. 10, pp. 112392–112415, 2022, https://doi.org/10.1109/ACCESS.2022.3216617.
S. Narkedimilli, A. Sai, and S. D., “Enhancing IoT Network Security through Adaptive Curriculum Learning and XAI,” in Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’24), pp. 1–2, 2024, https://doi.org/10.1109/FNWF66845.2025.11317635.
K. S. Adewole, A. Jacobsson, and P. Davidsson, “Intrusion Detection Framework for Internet of Things with Rule Induction for Model Explanation,” Sensors, vol. 25, no. 6, pp. 1–27, 2025, https://doi.org/10.3390/s25061845.
M. A. Akif, I. Butun, A. Williams, and I. Mahgoub, “Hybrid Machine Learning Models for Intrusion Detection in IoT: Leveraging a Real-World IoT Dataset,” arXiv preprint arXiv:2502.12382, 2025, https://doi.org/10.1109/ISNCC62547.2024.10759058.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Tabark Nasser Abdul Hussein, Ayad Hameed Mousa

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This journal is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

