Detecting Cybersecurity Threats by Integrating Explainable AI with SHAP Interpretability and Strategic Data Sampling

TL;DR

This paper presents an integrated XAI framework for cybersecurity threat detection that combines strategic data sampling, automated data leakage prevention, and SHAP-based interpretability to improve transparency, efficiency, and trustworthiness.

Contribution

It introduces a novel framework that unifies sampling, data integrity, and explainability techniques for more trustworthy AI in cybersecurity.

Findings

Maintains detection accuracy while reducing computational costs.

Provides clear, actionable explanations for security analysts.

Ensures data integrity through automated leakage prevention.

Abstract

The critical need for transparent and trustworthy machine learning in cybersecurity operations drives the development of this integrated Explainable AI (XAI) framework. Our methodology addresses three fundamental challenges in deploying AI for threat detection: handling massive datasets through Strategic Sampling Methodology that preserves class distributions while enabling efficient model development; ensuring experimental rigor via Automated Data Leakage Prevention that systematically identifies and removes contaminated features; and providing operational transparency through Integrated XAI Implementation using SHAP analysis for model-agnostic interpretability across algorithms. Applied to the CIC-IDS2017 dataset, our approach maintains detection efficacy while reducing computational overhead and delivering actionable explanations for security analysts. The framework demonstrates that explainability, computational efficiency, and experimental integrity can be simultaneously achieved, providing a robust foundation for deploying trustworthy AI systems in security operations centers where decision transparency is paramount.