A domain-agnostic explainable framework for network attack detection across diverse traffic datasets.
Journal:
Scientific reports
Published Date:
Jul 16, 2026
Abstract
The increasing complexity, scale, and diversity of cyber threats pose significant challenges to modern network security systems, particularly in heterogeneous network environments. Existing intrusion detection methods often rely on dataset-specific models that struggle to maintain consistent performance across different data distributions and typically lack interpretability, limiting their applicability in critical systems. In this paper, we present an explainable deep learning framework evaluated across multiple heterogeneous cyber attack datasets, including Kitsune (IoT traffic), Server-Based network data (enterprise logs), and Malware Traffic datasets. The proposed pipeline employs a consistent preprocessing strategy involving feature normalisation, encoding, and label alignment, followed by a multi-layer perceptron (MLP) classifier with dropout regularisation. Model training incorporates cosine learning-rate scheduling and early stopping, while explainability is achieved via SHAP-based global feature attribution and LIME-based instance-level explanation. Performance is evaluated using accuracy, ROC-AUC, and F1-score metrics. The model achieves 96.0% accuracy on the Kitsune dataset, 99.99% on the Server-Based dataset, and 99.58% on the Malware dataset, with ROC-AUC values approaching 1.00 across most classes. The results demonstrate the effectiveness of the proposed framework in handling heterogeneous network traffic while providing interpretable insights into model predictions.
Authors
Keywords
No keywords available for this article.