Abstract

Network intrusion detection systems (IDS) are crucial, but cybersecurity professionals have a difficult time trusting and acting on the predictions made by many IDS models based on machine learning owing to the lack of transparency in these models. Conventional models work well for attack detection, but their lack of transparency makes them unsuitable for incident response. This paper presents a novel hybrid approach to intrusion detection (ID). It integrates Random Forest (RF) for classification with Attention-Based Neural Networks (Ab-NNs) for more in-depth insights and interpretability at the feature level. Improved detection accuracy is a result of the attention-based model's ability to detect complex patterns in the data. In contrast, the RF model classifies network traffic as either an attack or not. This study meets the need for being able to explain things by using SHAP (SHapley Additive Explanation) along with LIME (Local Interpretable Model-Agnostic Explanations), which give the model's decisions both global as well as local meanings. Due to these visualisations, cybersecurity professionals could better understand the reasons behind detected attacks. Experimental results on datasets like NSL-KDD and CICIDS show that the proposed approach attains high detection performance (98% accuracy) and provides transparency (local decision reasons, feature importance).