Multi-Granular Discretization for Interpretable Generalization in Precise Cyberattack Identification

TL;DR

This paper introduces Multi-Granular Discretization (IG-MD), a novel approach that enhances the precision of interpretable intrusion detection systems by representing features at multiple resolutions, enabling scalable and domain-agnostic cyberattack identification.

Contribution

It extends the Interpretable Generalization mechanism with multi-resolution feature discretization, significantly improving precision while maintaining transparency and domain scalability.

Findings

IG-MD increases precision by ≥4 percentage points on UKM-IDS20.

The approach maintains recall close to 1.0 across multiple splits.

It enables a single interpretable model to generalize across domains without tuning.

Abstract

Explainable intrusion detection systems (IDS) are now recognized as essential for mission-critical networks, yet most "XAI" pipelines still bolt an approximate explainer onto an opaque classifier, leaving analysts with partial and sometimes misleading insights. The Interpretable Generalization (IG) mechanism, published in IEEE Transactions on Information Forensics and Security, eliminates that bottleneck by learning coherent patterns - feature combinations unique to benign or malicious traffic - and turning them into fully auditable rules. IG already delivers outstanding precision, recall, and AUC on NSL-KDD, UNSW-NB15, and UKM-IDS20, even when trained on only 10% of the data. To raise precision further without sacrificing transparency, we introduce Multi-Granular Discretization (IG-MD), which represents every continuous feature at several Gaussian-based resolutions. On UKM-IDS20, IG-MD lifts precision by greater than or equal to 4 percentage points across all nine train-test splits while preserving recall approximately equal to 1.0, demonstrating that a single interpretation-ready model can scale across domains without bespoke tuning.