How Explainable Artificial Intelligence (XAI) Models Can Be Used Within Intrusion Detection Systems (IDS) to Enhance an Analyst's Trust and Understanding

An intrusion detection system (IDS) is a fundamental tool when deploying cyber defence within an organisation. The ever-evolving landscape of cyber threats has pushed an advancement in the application of artificial intelligence (AI) within such tools to pioneer more sophisticated detection techniques (Wang et al. in IEEE Access 8:73,127–73,141, 2020). Cyber security analysts rely on these technologies to make critical decisions and correctly identify and prevent malicious threats to their organisation. It is therefore imperative that analysts can understand, trust, and have confidence in the IDS decisions (Neupane et al. in “Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities”, arXiv, Ithaca, NY, 2022). However, the advancement of these technologies has led to complex AI systems that lack transparency and are difficult for human analysts to comprehend. This research explores how these issues can be elevated by using explainable AI (XAI) to help make complex AI models more understandable (Kelley and George, “How to solve the Black Box AI problem through transparency,” 16 August 2021. [Online]. Available: https://www.techtarget.com/searchenterpriseai/feature/How-to-solve-the-black-box-AI-problem-through-transparency) and add clarity and context to their decisions. Ways in which trust can be measured, and the factors affecting trust, are identified through this research to analyse how the perceived ease-of-use, trust, and confidence of an analyst can be increased through the adoption of XAI. Key findings from this have been demonstrated through a recommended implementation approach for an XAI model, and proof-of-concept user-interface (UI) design. This research brings recognition to the need for explainability within IDSs and provides a user-centric approach to doing so.