Leveraging explainable artificial intelligence for early detection and mitigation of cyber threat in large-scale network environments.

Journal: Scientific reports
Published Date: Jul 9, 2025

Abstract

Cybersecurity has often gained much popularity over the years in a fast-evolving discipline, as the number of cybercriminals and threats rises consistently to stay ahead of law enforcement. Recently, cybercriminals have become more complex with their approaches, though the underlying motives for conducting cyber threats remain largely the same. Classical cybersecurity solutions have become poor at identifying and alleviating evolving cyber threats. Machine learning (ML) plays a crucial role in cybersecurity by making malware detection more scalable, efficient, and automated, reducing reliance on conventional human intervention methods. The cybersecurity domain comprises ML challenges that require effective theoretical and methodical handling. Various statistical and ML approaches, like Bayesian classification, deep learning (DL), and support vector machines (SVM), have efficiently alleviated cyber threats. The insights and hidden trends detected from network data and the architecture of a data-driven ML to avoid this attack are essential to establishing an intelligent security system. This study develops a novel Leveraging Explainable Artificial Intelligence for Early Detection and Mitigation of Cyber Threats in Large-Scale Network Environments (LXAIDM-CTLSN) method. The projected LXAIDM-CTLSN method aims to recognize and classify cyber-attacks in achieving cybersecurity. Initially, the normalization is performed using Min-max normalization to standardize the data. The Mayfly Optimization Algorithm (MOA) is then utilized for feature selection, effectively mitigating computational complexity. A Sparse Denoising Autoencoder (SDAE) model recognizes and classifies cyber threats. Additionally, the Hiking Optimization Algorithm (HOA) is employed to fine-tune the hyperparameters of the SDAE model. Finally, the XAI method LIME is integrated to enhance the explainability and understanding of the Blackbox technique, ensuring superior classification of cyberattacks. Extensive experiments were conducted to evaluate the overall robustness of the proposed XAIDM-CTLSN method using the NSLKDD2015 and CICIDS2017 datasets. The experimental validation of the XAIDM-CTLSN method portrayed a superior accuracy value of 99.09% over other techniques.

Authors

  • G Nalinipriya
    Department of Information Technology, Saveetha Engineering College, Saveetha Nagar, Thandalam, Chennai, Tamil Nadu, 602105, India.
  • S Rama Sree
    Department of CSE, Aditya University, Surampalem, India.
  • K Radhika
    AI& DS Department, Chaitanya Bharathi Institute of Technology, Hyderabad, India.
  • E Laxmi Lydia
    Department of Computer Science and Engineering, Vignan's Institute of Engineering for Women, Visakhapatnam, 530046, India.
  • Faten Khalid Karim
    Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh 11671, Saudi Arabia.
  • Mohamad Khairi Ishak
    Department of Electrical and Computer Engineering, College of Engineering and Information Technology, Ajman University, Ajman, United Arab Emirates. m.ishak@ajman.ac.ae.
  • Samih M Mostafa
    Faculty of Computers and Information, South Valley University, Qena 83523, Egypt.

Keywords

No keywords available for this article.

External Resources

Popular Topics
Recent Journals