IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i1p25-d1562283.html
   My bibliography  Save this article

XI2S-IDS: An Explainable Intelligent 2-Stage Intrusion Detection System

Author

Listed:
  • Maiada M. Mahmoud

    (College of Computing and Information Technology, Arab Academy for Science, Technology, and Maritime Transport, Cairo P.O. Box 2033, Egypt)

  • Yasser Omar Youssef

    (School of Library and Information Studies, University of Oklahoma, Norman, OK 73019, USA)

  • Ayman A. Abdel-Hamid

    (College of Computing and Information Technology, Arab Academy for Science, Technology, and Maritime Transport, Alexandria P.O. Box 1029, Egypt)

Abstract

The rapid evolution of technologies such as the Internet of Things (IoT), 5G, and cloud computing has exponentially increased the complexity of cyber attacks. Modern Intrusion Detection Systems (IDSs) must be capable of identifying not only frequent, well-known attacks but also low-frequency, subtle intrusions that are often missed by traditional systems. The challenge is further compounded by the fact that most IDS rely on black-box machine learning (ML) and deep learning (DL) models, making it difficult for security teams to interpret their decisions. This lack of transparency is particularly problematic in environments where quick and informed responses are crucial. To address these challenges, we introduce the XI2S-IDS framework—an Explainable, Intelligent 2-Stage Intrusion Detection System. The XI2S-IDS framework uniquely combines a two-stage approach with SHAP-based explanations, offering improved detection and interpretability for low-frequency attacks. Binary classification is conducted in the first stage followed by multi-class classification in the second stage. By leveraging SHAP values, XI2S-IDS enhances transparency in decision-making, allowing security analysts to gain clear insights into feature importance and the model’s rationale. Experiments conducted on the UNSW-NB15 and CICIDS2017 datasets demonstrate significant improvements in detection performance, with a notable reduction in false negative rates for low-frequency attacks, while maintaining high precision, recall, and F1-scores.

Suggested Citation

  • Maiada M. Mahmoud & Yasser Omar Youssef & Ayman A. Abdel-Hamid, 2025. "XI2S-IDS: An Explainable Intelligent 2-Stage Intrusion Detection System," Future Internet, MDPI, vol. 17(1), pages 1-28, January.
  • Handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:25-:d:1562283
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/1/25/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/17/1/25/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Mahawish Fatima & Osama Rehman & Ibrahim M. H. Rahman & Aisha Ajmal & Simon Jigwan Park, 2024. "Towards Ensemble Feature Selection for Lightweight Intrusion Detection in Resource-Constrained IoT Devices," Future Internet, MDPI, vol. 16(10), pages 1-38, October.
    2. Khoa Dinh Nguyen Dang & Peppino Fazio & Miroslav Voznak, 2024. "A Novel Deep Learning Framework for Intrusion Detection Systems in Wireless Network," Future Internet, MDPI, vol. 16(8), pages 1-31, July.
    3. Konstantinos Psychogyios & Andreas Papadakis & Stavroula Bourou & Nikolaos Nikolaou & Apostolos Maniatis & Theodore Zahariadis, 2024. "Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data," Future Internet, MDPI, vol. 16(3), pages 1-16, February.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      More about this item

      Keywords

      IDS; XAI; SHAP; LSTM; UNSW-NB15; CICIDS2017; deep learning;
      All these keywords.

      JEL classification:

      Statistics

      Access and download statistics

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:25-:d:1562283. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.