Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions

The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and confidence to the inner workings of state-of-the-art deep learning models. However, XAI-enhanced cybersecurity measures in the Internet of Thing...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE Communications surveys and tutorials Jg. 25; H. 3; S. 1775 - 1807
Hauptverfasser: Moustafa, Nour, Koroniotis, Nickolaos, Keshk, Marwa, Zomaya, Albert Y., Tari, Zahir
Format: Journal Article
Sprache:Englisch
Veröffentlicht: IEEE 01.01.2023
Schlagworte:
Artificial intelligence
artificial intelligence (AI)
Biological system modeling
Computer crime
Computer security
Cyber defence
explainable AI (XAI)
Internet of Things
Internet of Things (IoT)
intrusion detection system (IDS)
Soft sensors
Surveys
ISSN:2373-745X
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and confidence to the inner workings of state-of-the-art deep learning models. However, XAI-enhanced cybersecurity measures in the Internet of Things (IoT) and its sub-domains, require further investigation to provide effective discovery of attack surfaces, their corresponding vectors, and interpretable justification of model outputs. Cyber defence involves operations conducted in the cybersecurity field supporting mission objectives to identify and prevent cyberattacks using various tools and techniques, including intrusion detection systems (IDS), threat intelligence and hunting, and intrusion prevention. In cyber defence, especially anomaly-based IDS, the emerging applications of deep learning models require the interpretation of the models' architecture and the explanation of models' prediction to examine how cyberattacks would occur. This paper presents a comprehensive review of XAI techniques for anomaly-based intrusion detection in IoT networks. Firstly, we review IDSs focusing on anomaly-based detection techniques in IoT and how XAI models can augment them to provide trust and confidence in their detections. Secondly, we review AI models, including machine learning (ML) and deep learning (DL), for anomaly detection applications and IoT ecosystems. Moreover, we discuss DL's ability to effectively learn from large-scale IoT datasets, accomplishing high performances in discovering and interpreting security events. Thirdly, we demonstrate recent research on the intersection of XAI, anomaly-based IDS and IoT. Finally, we discuss the current challenges and solutions of XAI for security applications in the cyber defence perspective of IoT networks, revealing future research directions. By analysing our findings, new cybersecurity applications that require XAI models emerge, assisting decision-makers in understanding and explaining security events in compromised IoT networks.
AbstractList The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and confidence to the inner workings of state-of-the-art deep learning models. However, XAI-enhanced cybersecurity measures in the Internet of Things (IoT) and its sub-domains, require further investigation to provide effective discovery of attack surfaces, their corresponding vectors, and interpretable justification of model outputs. Cyber defence involves operations conducted in the cybersecurity field supporting mission objectives to identify and prevent cyberattacks using various tools and techniques, including intrusion detection systems (IDS), threat intelligence and hunting, and intrusion prevention. In cyber defence, especially anomaly-based IDS, the emerging applications of deep learning models require the interpretation of the models' architecture and the explanation of models' prediction to examine how cyberattacks would occur. This paper presents a comprehensive review of XAI techniques for anomaly-based intrusion detection in IoT networks. Firstly, we review IDSs focusing on anomaly-based detection techniques in IoT and how XAI models can augment them to provide trust and confidence in their detections. Secondly, we review AI models, including machine learning (ML) and deep learning (DL), for anomaly detection applications and IoT ecosystems. Moreover, we discuss DL's ability to effectively learn from large-scale IoT datasets, accomplishing high performances in discovering and interpreting security events. Thirdly, we demonstrate recent research on the intersection of XAI, anomaly-based IDS and IoT. Finally, we discuss the current challenges and solutions of XAI for security applications in the cyber defence perspective of IoT networks, revealing future research directions. By analysing our findings, new cybersecurity applications that require XAI models emerge, assisting decision-makers in understanding and explaining security events in compromised IoT networks.
Author Tari, Zahir
Moustafa, Nour
Koroniotis, Nickolaos
Keshk, Marwa
Zomaya, Albert Y.
Author_xml – sequence: 1
  givenname: Nour
  orcidid: 0000-0001-6127-9349
  surname: Moustafa
  fullname: Moustafa, Nour
  email: nour.moustafa@unsw.edu.au
  organization: University of New South Wales at Canberra, Canberra, ACT, Australia
– sequence: 2
  givenname: Nickolaos
  orcidid: 0000-0002-8831-632X
  surname: Koroniotis
  fullname: Koroniotis, Nickolaos
  email: n.koroniotis@unsw.edu.au
  organization: University of New South Wales at Canberra, Canberra, ACT, Australia
– sequence: 3
  givenname: Marwa
  surname: Keshk
  fullname: Keshk, Marwa
  email: marwa.keshk@unsw.edu.au
  organization: University of New South Wales at Canberra, Canberra, ACT, Australia
– sequence: 4
  givenname: Albert Y.
  orcidid: 0000-0002-3090-1059
  surname: Zomaya
  fullname: Zomaya, Albert Y.
  email: albert.zomaya@sydney.edu.au
  organization: Centre for Distributed and High Performance Computing, School of Information Technologies, The University of Sydney, Sydney, NSW, Australia
– sequence: 5
  givenname: Zahir
  orcidid: 0000-0002-1235-9673
  surname: Tari
  fullname: Tari, Zahir
  email: zahir.tari@rmit.edu.au
  organization: Centre of Cyber Security Research and Innovation, School of Computing Technologies, RMIT University, Melbourne, VIC, Australia
BookMark eNotj81KAzEUhYMo2FZfQFzkBabeJDP5cSdj1UKli1ZwVzLTGxsZM0OSgn17W3V1DoePD86YnIc-ICE3DKaMgbmrl6-r9ZQDF1PBNZSyOiMjLpQoVFm9X5JxSp8AJS8NjIiffQ-d9cE2HdJ5yHGffB_oI2Zs86m5PtL60GA8bg5Di4n6QPPul8YYMNPe0fXOh490T5fD0Me8Dz77I2jDlq76bn8SpSty4WyX8Po_J-TtabauX4rF8nlePyyKlhuZi1YLg4ah0c46J0sQYqsbq61xUgtVgbJQlQhKG-TQCnV8qJpKbq0F2TomJuT2z-sRcTNE_2XjYcOACam5Ej-rQFgs
CitedBy_id crossref_primary_10_1007_s11082_024_06797_7
crossref_primary_10_1109_COMST_2024_3446585
crossref_primary_10_1016_j_eswa_2025_127414
crossref_primary_10_1109_ACCESS_2024_3395991
crossref_primary_10_3390_app15137479
crossref_primary_10_1080_19393555_2024_2362813
crossref_primary_10_3390_electronics13234611
crossref_primary_10_5753_jbcs_2025_5324
crossref_primary_10_1007_s10586_024_05065_3
crossref_primary_10_1109_JIOT_2023_3348117
crossref_primary_10_32604_cmc_2024_054836
crossref_primary_10_1109_ACCESS_2024_3421573
crossref_primary_10_3390_jcp5030068
crossref_primary_10_1007_s10586_024_04303_y
crossref_primary_10_1109_ACCESS_2024_3406939
crossref_primary_10_3390_electronics14050987
crossref_primary_10_1155_2024_7405217
crossref_primary_10_1016_j_engappai_2025_110143
crossref_primary_10_1109_ACCESS_2025_3594091
crossref_primary_10_1109_ACCESS_2024_3377561
crossref_primary_10_1145_3705724
crossref_primary_10_1016_j_comnet_2025_111218
crossref_primary_10_1016_j_iot_2025_101505
crossref_primary_10_1109_ACCESS_2023_3324657
crossref_primary_10_3390_app142411511
crossref_primary_10_1109_JIOT_2024_3360626
crossref_primary_10_3390_electronics13173497
crossref_primary_10_1016_j_iot_2025_101589
crossref_primary_10_1109_COMST_2024_3382470
crossref_primary_10_3390_math12131993
crossref_primary_10_3390_s23198107
crossref_primary_10_1145_3744745
crossref_primary_10_1109_TNSM_2024_3391250
crossref_primary_10_1109_ACCESS_2025_3561521
crossref_primary_10_1109_ACCESS_2025_3550392
crossref_primary_10_1186_s13677_024_00712_x
crossref_primary_10_1016_j_compeleceng_2024_109863
crossref_primary_10_1080_09540091_2025_2507180
crossref_primary_10_1007_s42979_025_04156_1
crossref_primary_10_1109_JIOT_2024_3511634
crossref_primary_10_1002_spy2_70026
crossref_primary_10_1038_s41598_025_05217_4
crossref_primary_10_3390_electronics14102057
crossref_primary_10_1109_TIFS_2024_3488967
crossref_primary_10_1002_dac_70092
crossref_primary_10_1007_s41314_025_00077_2
crossref_primary_10_1109_ACCESS_2024_3413600
crossref_primary_10_3390_systems11080436
crossref_primary_10_1016_j_cose_2024_104174
crossref_primary_10_3390_fi16030088
crossref_primary_10_1109_ACCESS_2024_3425472
crossref_primary_10_3390_s24175581
crossref_primary_10_1109_ACCESS_2024_3363469
crossref_primary_10_1038_s41598_024_80581_1
crossref_primary_10_1016_j_procs_2024_09_690
crossref_primary_10_1109_ACCESS_2024_3404778
crossref_primary_10_1109_ACCESS_2025_3551750
crossref_primary_10_1109_ACCESS_2025_3558623
crossref_primary_10_59717_j_xinn_life_2024_100079
crossref_primary_10_1007_s12559_023_10179_8
crossref_primary_10_1016_j_comnet_2025_111479
crossref_primary_10_1002_ett_70092
crossref_primary_10_3390_fi16100368
crossref_primary_10_1016_j_eswa_2025_128089
crossref_primary_10_1109_ACCESS_2025_3530931
crossref_primary_10_1109_ACCESS_2024_3429285
crossref_primary_10_1109_ACCESS_2025_3587114
crossref_primary_10_32604_cmc_2024_057877
crossref_primary_10_1007_s42979_024_02830_4
crossref_primary_10_1016_j_eswa_2025_126632
crossref_primary_10_1371_journal_pone_0331307
crossref_primary_10_1109_ACCESS_2023_3346299
crossref_primary_10_3390_s23198044
crossref_primary_10_1016_j_knosys_2025_113419
crossref_primary_10_1016_j_cosrev_2024_100697
crossref_primary_10_51173_ijds_v2i2_37
crossref_primary_10_1109_ACCESS_2024_3482876
crossref_primary_10_3390_fi17050191
crossref_primary_10_26634_jdf_2_1_21030
crossref_primary_10_1109_ACCESS_2025_3528114
crossref_primary_10_33003_fjs_2025_0905_3495
crossref_primary_10_1016_j_iot_2025_101713
crossref_primary_10_3390_electronics14163218
crossref_primary_10_1016_j_compeleceng_2025_110368
crossref_primary_10_1007_s42452_025_07071_5
ContentType Journal Article
DBID 97E
RIA
RIE
DOI 10.1109/COMST.2023.3280465
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2373-745X
EndPage 1807
ExternalDocumentID 10136827
Genre orig-research
GrantInformation_xml – fundername: Australian Research Council’s Discovery Early Career Researcher Award (DECRA)
  grantid: DE230100116
  funderid: 10.13039/501100000923
GroupedDBID 0R~
29I
2WC
4.4
5GY
5VS
6IK
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFO
ACIWK
AENEX
AETIX
AGQYO
AGSQL
AHBIQ
AIBXA
AKJIK
AKQYR
ALLEH
ALMA_UNASSIGNED_HOLDINGS
ATWAV
AZLTO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
EBS
EJD
HZ~
IES
IFIPE
IFJZH
IPLJI
JAVBF
LAI
O9-
OCL
P2P
RIA
RIE
RNS
ID FETCH-LOGICAL-c296t-c839e91e98faff64033d8ba8a9f6837507a054e0789e20c378047b56daa06cf13
IEDL.DBID RIE
ISICitedReferencesCount 119
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001059157100009&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate Wed Aug 27 02:48:56 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 3
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c296t-c839e91e98faff64033d8ba8a9f6837507a054e0789e20c378047b56daa06cf13
ORCID 0000-0001-6127-9349
0000-0002-1235-9673
0000-0002-3090-1059
0000-0002-8831-632X
PageCount 33
ParticipantIDs ieee_primary_10136827
PublicationCentury 2000
PublicationDate 2023-01-01
PublicationDateYYYYMMDD 2023-01-01
PublicationDate_xml – month: 01
  year: 2023
  text: 2023-01-01
  day: 01
PublicationDecade 2020
PublicationTitle IEEE Communications surveys and tutorials
PublicationTitleAbbrev COMST
PublicationYear 2023
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0042490
Score 2.6495774
Snippet The field of Explainable Artificial Intelligence (XAI) has garnered considerable research attention in recent years, aiming to provide interpretability and...
SourceID ieee
SourceType Publisher
StartPage 1775
SubjectTerms Artificial intelligence
artificial intelligence (AI)
Biological system modeling
Computer crime
Computer security
Cyber defence
explainable AI (XAI)
Internet of Things
Internet of Things (IoT)
intrusion detection system (IDS)
Soft sensors
Surveys
Title Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions
URI https://ieeexplore.ieee.org/document/10136827
Volume 25
WOSCitedRecordID wos001059157100009&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwELVoxQADn0V8ywNrShKndsyGChUMtEgUqVvlj7PUxa3aFIl_z9lJEQwMbJGXSO_k3LvLvXeE3GDGBYWJPgGni6SwBu-cKsoEci2xnjAutzoumxDDYTmZyNdGrB61MAAQh8-gGx7jv3w7N-vQKsMbnjFe5qJFWkLwWqy1-ewWWEekG1VMKm_7o5e3cTcsB--yvMQqsPdrf0pMH4P9f774gOw1PJHe14E9JFvgj8juD_fAYzIL83ON-Ik--6CeQJDpA1RxvMpT5KO0_6lhiWcuzkvTmafI-GjdB4SKzh2tN3fe0dEiUPG1jxarVHlLv1tmHfI-eBz3n5Jmc0JicsmrxCDtAZmBLJ1yjhcpY7bUqlTScaxIkQMqpGoQrOYhTw0LLkRC97hVKuXGZeyEtP3cwymh0XFOM4v46gJEoVjqpIDMGpM6xewZ6QS8povaHGO6ger8j_MLshOCUncxLkkbwYErsm0-qtlqeR1D-gUiYKQU
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELagIAEDzyLeeGBNSWI3idlQoWpFH0gUia3y4yx1cavSIvHvOTspgoGBLfIS6Ts5993lvu8IucGMCxITfQRW8YgbjXdO8iKCVAmsJ7RNjQrLJvLBoHh7E8-VWD1oYQAgDJ9Bwz-Gf_lmqpe-VYY3PGFZkebrZKPJeRqXcq3Vh5djJRGvdDGxuG0N-y-jhl8P3mBpgXVg89cGlZBA2nv_fPU-2a2YIr0vQ3tA1sAdkp0f_oFHZOIn6Cr5E-06r59AmOkDLMKAlaPISGnrU8Ecz2yYmKYTR5Hz0bITCAs6tbTc3XlHhzNPxpcumKxS6Qz9bprVyWv7cdTqRNXuhEinIltEGokPiAREYaW1GY8ZM4WShRQ2w5oUWaBEsgbebB7SWDPvQ5SrZmakjDNtE3ZMam7q4ITQ4DmnmEF8FYecSxZbkUNitI6tZOaU1D1e41lpjzFeQXX2x_k12eqM-r1xrzt4OifbPkBlT-OC1BAouCSb-mMxeZ9fhfB-AdkFp1s
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Explainable+Intrusion+Detection+for+Cyber+Defences+in+the+Internet+of+Things%3A+Opportunities+and+Solutions&rft.jtitle=IEEE+Communications+surveys+and+tutorials&rft.au=Moustafa%2C+Nour&rft.au=Koroniotis%2C+Nickolaos&rft.au=Keshk%2C+Marwa&rft.au=Zomaya%2C+Albert+Y.&rft.date=2023-01-01&rft.pub=IEEE&rft.eissn=2373-745X&rft.volume=25&rft.issue=3&rft.spage=1775&rft.epage=1807&rft_id=info:doi/10.1109%2FCOMST.2023.3280465&rft.externalDocID=10136827