A Novel Explainable AI Framework for Real-Time Cybersecurity Threat Detection and Mitigation

Abdelhady, Ghada

doi:10.21608/ijtec.2025.354111.1008

A Novel Explainable AI Framework for Real-Time Cybersecurity Threat Detection and Mitigation

نوع المستند : الدراسات والبحوث العلمية.

المؤلف

Ghada Abdelhady

General Systems Engineering Faculty of Engineering October University for Modern Sciences and Arts

10.21608/ijtec.2025.354111.1008

المستخلص

Cybersecurity remains a critical challenge as cyberattacks grow increasingly sophisticated and diverse. This paper presents a novel Explainable AI (XAI) framework for real-time detection and mitigation of cyber threats, including Distributed Denial of Service (DDoS) attacks, Shellcode exploitation, Reconnaissance, and Worm propagation. The framework employs advanced feature engineering and class-specific techniques to enhance detection accuracy, particularly for overlapping categories like DoS and Exploits. It integrates visual explainability tools, automates incident response processes, and seamlessly connects with Security Information and Event Management (SIEM) systems to support operational decision-making. Using eXtreme Gradient Boost (XGBoost) combined with SHapley Additive exPlanations (SHAP) for explainability, the system achieves both high detection accuracy and transparency. Additionally, a comparative analysis with Random Forest (RF) and Support Vector Machine (SVM) highlights the proposed framework's superior performance. Experimental results demonstrate an accuracy of 89% and an F1-score of 0.88, with strong detection capabilities for high-priority threats like Generic and Shellcode while maintaining high precision across all classes. This research underscores the potential of the framework to transform real-time cybersecurity by ensuring precise, transparent, and actionable threat detection

الكلمات الرئيسية