EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

XI2S-IDS: An Explainable Intelligent 2-Stage Intrusion Detection System

Maiada M. Mahmoud, Yasser Omar Youssef () and Ayman A. Abdel-Hamid
Additional contact information
Maiada M. Mahmoud: College of Computing and Information Technology, Arab Academy for Science, Technology, and Maritime Transport, Cairo P.O. Box 2033, Egypt
Yasser Omar Youssef: School of Library and Information Studies, University of Oklahoma, Norman, OK 73019, USA
Ayman A. Abdel-Hamid: College of Computing and Information Technology, Arab Academy for Science, Technology, and Maritime Transport, Alexandria P.O. Box 1029, Egypt

Future Internet, 2025, vol. 17, issue 1, 1-28

Abstract: The rapid evolution of technologies such as the Internet of Things (IoT), 5G, and cloud computing has exponentially increased the complexity of cyber attacks. Modern Intrusion Detection Systems (IDSs) must be capable of identifying not only frequent, well-known attacks but also low-frequency, subtle intrusions that are often missed by traditional systems. The challenge is further compounded by the fact that most IDS rely on black-box machine learning (ML) and deep learning (DL) models, making it difficult for security teams to interpret their decisions. This lack of transparency is particularly problematic in environments where quick and informed responses are crucial. To address these challenges, we introduce the XI2S-IDS framework—an Explainable, Intelligent 2-Stage Intrusion Detection System. The XI2S-IDS framework uniquely combines a two-stage approach with SHAP-based explanations, offering improved detection and interpretability for low-frequency attacks. Binary classification is conducted in the first stage followed by multi-class classification in the second stage. By leveraging SHAP values, XI2S-IDS enhances transparency in decision-making, allowing security analysts to gain clear insights into feature importance and the model’s rationale. Experiments conducted on the UNSW-NB15 and CICIDS2017 datasets demonstrate significant improvements in detection performance, with a notable reduction in false negative rates for low-frequency attacks, while maintaining high precision, recall, and F1-scores.

Keywords: IDS; XAI; SHAP; LSTM; UNSW-NB15; CICIDS2017; deep learning (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/1/25/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/1/25/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:1:p:25-:d:1562283

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:25-:d:1562283