Federated XAI IDS: An Explainable and Safeguarding Privacy Approach to Detect Intrusion Combining Federated Learning and SHAP ^†

Abstract

An intrusion detection system (IDS) is a crucial element in cyber security concerns. IDS is a safeguarding module that is designed to identify unauthorized activities in network environments. The importance of constructing IDSs has never been this significant with the growing number of attacks on network layers. This research work was intended to draw the attention of the authors to a different aspect of intrusion detection, considering privacy and the contribution of the features on attack classes. At present, the majority of the existing IDSs are designed based on centralized infrastructure, which raises serious concerns about security as the network data from one system are exposed to another system. This act of sharing the original network data with another server can worsen the current arrangement of protecting privacy within the network. In addition, the existing IDS models are merely a tool for identifying the attack categories without analyzing a further emphasis of the network feature on the attacks. In this article, we propose a novel framework, FEDXAIIDS, converging federated learning and explainable AI. The proposed approach enables IDS models to be collaboratively trained across multiple decentralized devices while ensuring that local data remain securely on edge nodes, thus mitigating privacy risks. The primary objectives of the proposed study are to reveal the privacy concerns of centralized systems and identify the most significant features to comprehend the contribution of the features to the final output. Our proposed model was designed, fusing federated learning (FL) with Shapley additive explanations (SHAPs), using an artificial neural network (ANN) as a local model. The framework has a server device and four client devices that have their own data set on their end. The server distributes the primary model constructed using an ANN among the local clients. Next, the local clients train their individual part of the data set, deploying the distributed model from the server, and they share their feedback with the central end. The central end then incorporates an aggregator model named FedAvg to assemble the separate results from the clients into one output. At last, the contribution of the ten most significant features is evaluated by incorporating SHAP. The entire research work was executed on CICIoT2023. The data set was partitioned into four parts and distributed among the four local ends. The proposed method demonstrated efficacy in intrusion detection, achieving 88.4% training and 88.2% testing accuracy. Furthermore, UDP has been found to be the most significant feature of the network layer from the SHAP analysis. Simultaneously, the incorporation of federated learning has ensured the safeguarding of the confidentiality of the network information of the individual ends. This enhances transparency and ensures that the model is both reliable and interpretable. Federated XAI IDS effectively addresses privacy concerns and feature interpretability issues in modern IDS frameworks, contributing to the advancement of secure, interpretable, and decentralized intrusion detection systems. Our findings accelerate the development of cyber security solutions that leverage federated learning and explainable AI (XAI), paving the way for future research and practical implementations in real-world network security environments.

1. Introduction

In the digital age, cyber security—the practice of safeguarding frameworks, networks, and confidential data from unwelcome inspection, distress, and emerging cyber hazards [1]—has become an essential battle line. Since people, organizations, and governments grow more interconnected and dependent on digital infrastructure, it is crucial to guarantee data availability, confidentiality, and integrity. In order to safeguard their valuable assets and lower risks, companies need to proactively create multilayer protection measures in response to evolving cyber threats. Within the ever-changing field of cyber security, safeguarding private data from a continuously increasing spectrum of cyber attacks is essential. In order to discover and prevent undesirable activity in network traffic, intrusion detection systems (IDS) are essential. They are the first line of defense against malicious attacks. An intrusion detection system (IDS) scans over malicious activity or unauthorized access through analysis of traffic dynamics, applications and session behavior, and signature-based features [2]. By emphasizing anomalies and recognized attack patterns, IDS alerts help organizations promptly address possible security risks.

In this new age of interconnected world, approximately 50% of startups disclose experiencing information theft, underscoring the urgency of robust IDS solutions in institutional security frameworks [3]. The integration of deep learning (DL) and machine learning (ML) along with IDS has acquired substantial traction due to their superior classification accuracy. Nonetheless, conventional machine learning-based intrusion detection systems encounter considerable privacy and security vulnerabilities, owing to their dependence on centralized data storage and transmission [4]. Additionally, The challenges of developing effective IDS systems include the substantial quantity of network information and the prevalence of imbalanced data sets, where minor yet critical attack types are often underrepresented [5]. The current advances in deep learning, particularly the use of the transformer technique, have demonstrated significant potential in identifying anomalies and interpreting the order for advanced performance in decoding complicated patterns [6], which significantly prevents complicated network intrusion in IDS.

However, there are serious concerns regarding confidentiality, with the use of deep learning-based IDS frameworks, especially when models are trained using private network traffic data. These issues can be effectively addressed via federated learning (FL), which permits for decentralized coordinated infrastructure refinement while maintaining the privacy and security of confidential information [7]. This research introduces a federated learning-based intrusion detection system that employs artificial neural networks as the local-end prediction system and incorporates Shapley additive explanations in order to enhance comprehensibility. The decentralized training approach guarantees confidentiality while facilitating visibility in detecting threats to networks. This piece of literature is the expanded version of the initial manuscript previously laid out in [8].

Explainable artificial intelligence (XAI) has significantly enhanced intrusion detection systems (IDSs) by providing accountability, understanding, and integrity in decision-making. Traditional IDS models, particularly those based on deep learning, frequently function as “black boxes”, complicating security analysts’ understanding of their predictions. Shapley additive explanations (SHAPs) have emerged as a powerful XAI approach, offering feature attribution scores that elucidate the influence of different input characteristics on the conclusions of the models. Employing SHAP in intrusion detection systems aids researchers and practitioners in identifying significant attack patterns, reducing false positives, and enhancing model robustness. Research, including [9], demonstrates that SHAP provides equitable and consistent feature importance ratings, making it an ideal method for enhancing the interpretability of IDS. Moreover, SHAP facilitates feature selection and optimization, hence enhancing generalization and efficiency in IDSs that are constructed deploying FL, where privacy preservation is paramount [10]. Utilizing SHAP in FL-based IDS confidentiality security insights while safeguarding raw data, hence maintaining user privacy and delivering actionable knowledge for cyber defense.

The CICIoT2023 data set [11], a real-world data set with contemporary attack types, has been used for experiments. The system’s performance and generalizability in a range of intrusion scenarios, as well as its capacity to identify known and new network threats, have been the main areas of focus. In addition, the integration of explainable artificial intelligence (XAI) techniques, particularly SHAP, will provide essential transparency within the IDS framework. This comprehensibality constitutes an essential towards instilling assurance in AI-driven frameworks, specifically when legal and regulatory compliance is a factor in the deployment of network security solutions.

In this study, an artificial neural network (ANN) is incorporated as the local framework, as it is capable of adopting complicated, non-linear relationships within the high dimensional feature that is the nature of network traffic. Other ML frameworks such as support vector machines (SVMs), decision trees (DTs), and convolutional neural networks (CNNs) have been incorporated into IDS. However, several studies have demonstrated comparatively higher success rate in various IDS benchmarks [12]. On the other hand, SVM model can be impressively effective on high-dimensional spaces but can produce high computational costs for larger data sets, and it can struggle with highly complicated patterns compared to an ANN [13]. Though decision trees are interpretable frameworks, they can be vulnerable to overfitting and struggle with complicated trends like ANNs [14]. Furthermore, CNN models excel in handling spatial data, and they have been incorporated into IDS for transforming network traffic into image representations. However, ANNs, specifically RNNs and their classifications and feedforward neural networks, can perform more effectively than CNNs [15]. Moreover, we chose to incorporate a basic ANN into our proposed FEDXAIIDS to balance the computational complexity of the framework with training efficiency in a distributed system.

Additionally, we incorporated the CICIoT2023 data set, as it provides large coverage on attack classes extracted from a real-life IoT scenario [11]. This data set is more updated than the earlier edition of the IDS data set, CICIDS2017 and CICIDS2018, which did not encounter particular IoT attacks that may have represented the IoT network more accurately [16]. On the other hand, ToN-IoT did not cover the same margin of the device to enlist the attacks [17]. Thus, we came to the decision to use CICIoT2023 for our proposed architecture.

The new study builds on the foundations laid by focusing on explainable AI and federated learning, while the earlier work concentrated on these conventional approaches. The goal is to improve the privacy, efficacy, and interpretability of IDS solutions. This research builds upon prior work with the CIC_IDS_2018 data set, where the challenge of imbalanced data sets was addressed by developing an IDS using balanced data and exploring unorthodox categorization methods incorporating the Dendritic Cell Algorithm (DCA) [18].

In order to improve transparency and interpretability and facilitate a more thorough comprehension of model decisions, explainable artificial intelligence (XAI) approaches can be incorporated into the IDS framework. By elucidating the reasoning behind certain results, this transparency contributes to the development of trust in AI-driven frameworks, which is crucial for fulfilling legal and regulatory obligations.

This research attempts to tackle important network security issues by designing and deploying a sophisticated intrusion detection system (IDS) that integrates explainable artificial intelligence (XAI), federated learning (FL), and machine learning (ML). This study aims to achieve the following goals:

• To assess the efficacy of an intrusion detection system utilizing cutting-edge machine learning methodologies, federated learning for decentralized training, and explainable artificial intelligence for enhanced interpretability and transparency.
• To minimize computational overhead by utilizing federated learning, which allows decentralized data processing and eliminates the need for central data aggregation.
• To reduce the dangers of single points of failure and centralized data breaches by implementing a distributed, node-based architecture in federated learning.
• To ensure the reliability and trustworthiness of IDS predictions by employing explainable AI, which provides insights into model decisions and fosters greater user trust in automated systems.

This research work was structured in the following manner: Section 2 highlights relevant research on XAI, federated learning, and IDS. Section 3 details the proposed methodology, including model architecture and SHAP-based interpretability. Section 4 discusses the experimental setup, along with the results and analysis. Section 5 discusses key findings, and Section 6 finishes with contributions and future study directions.

2. Literature Review

This section analyzes a number of significant research works that paved the way for the proposed framework. The growing popularity of Internet of Things (IoT) networks has generated considerable security concerns, prompting the creation of effective IDSs. Recent improvements in FL represent a viable approach, facilitating decentralized learning while safeguarding data privacy. This section examines current research initiatives that combine FL with DL. Several research works and their limitations with performance evaluation of the federated learning based architecture have been presented in the

Table 1. A tabular representation of the FL-based infrastructure and its corresponding challenges.

Authors	FL Technique Used (Yes/No)	Framework	Limitation	Performance Evaluation
Sinh-Ngoc et al. [19]	No	Employed CNN architecture for categorization.	This study entirely focused on detecting only the DoS type of malicious activities	Achieved a 99.8% detection rate.
Bertoli et al. [20]	Yes	Constructed a multilayered autonomous FL architecture that integrates an autoencoder with an energy flow classifier, enabling enhanced feature extraction and classification performance while maintaining privacy in a distributed learning environment.	A new privacy concern was generated	90% success rate on CICIDS2018.
Toldinas et al. [21]	No	The initial processing technique that combines a predetermined number of network flow feature records. Three independent ML methodologies, federated transfer learning, traditional transfer learning, and federated learning, were used on NIDS, employing deep learning for image classification.	Focused on detecting DDoS attack	99.7% success rate.
Markovic et al. [22]	Yes	Implemented a federated learning (FL) model that utilizes the shared model incorporating RF, enabling learning across multiple consumers collaboratively while safeguarding the privacy of information.	This framework does not perform well while implemented on an entire data set	91.7% accurateness on CICIDS2017
Lazzarini et al. [23]	Yes	Developed an IDS incorporating FL, a shallow ANN, as the regional framework and FedAvg as the aggregation method.	Computationally expensive, as MLP, DNN, CNN, and LSTM were integrated in the proposed framework	98.7% success rate on CICIDS2017.

.

Torre et al. [24] initiated an IDS built on FL adopting a 1D convolutional neural network (CNN) to secure IoT networks. This framework enhances privacy through Diffie–Hellman key exchange, dynamic security, and homomorphic cryptography. Almadhor et al. [25] introduced a federated deep neural network (FDNN) for detecting and preventing distributed denial-of-service (DDoS) integrating explainable artificial intelligence (XAI) in IoT networks. Their methodology employed FDNNs trained across three client devices over multiple rounds without sharing raw data. Furthermore, XGBoost was used with Shapley additive explanations (SHAPs) to select features, which improved model comprehensibility. This method successfully preserved robustness, scalability, and confidentiality while obtaining high detection accuracy. To further optimize FL-based IDSs, Alsaleh et al. [26] offered a semi-distributed FL model that clusters IoT devices and assigns a cluster head to reduce communication overhead. The model incorporated bidirectional LSTM (BiLSTM), long short-term memory (LSTM), and Wasserstein generative adversarial networks (WGANs) to enhance intrusion detection, particularly focusing on DDoS attacks in scenarios with scarce resources. Their evaluation implementing the CICIoT2023 data set revealed BiLSTM as the most efficient model due to its optimized size. Testing on WUSTL-IIoT-2021, Edge-IIoTset, and BoT-IoT further confirmed its superior detection accuracy. An unorthodox secure and authenticated structure built on federated learning employing Blockchain (SA-FLIDS) was initiated by Bensaid et al. [27] to enhance security in advanced healthcare systems that are enabled via fog-IoMT. Experimental results using the CICIoT2023 and EdgeIIoTset data sets demonstrated the framework’s strong resilience against adversarial attacks while preserving the confidentiality of the data and deducting the expenses of communication. Sun et al. [28] addressed the dilemma of attack-class dispersion in FL-based IDSs by proposing FedMADE, an adaptive collaborative framework. FedMADE groups IoT gadgets based on the trends on the traffic and incorporates local approaches according to their significance to the entire evaluation. This approach significantly improved the accuracy of minority attacks’ classification to 71.07% compared to existing FL methods for non-IID data. Additionally, FedMADE exhibited robustness against poisoning attacks while incurring only a 4.7% latency overhead (5.03 s per iteration) contrasting with FedAvg, without uploading computational weigh on IoT gadgets. These research works collectively underline the efficacy of FL-based IDSs in intensifying cyber security within IoT networks. The combination of deep learning simulations, privacy-preserving techniques, and blockchain technology shows great promise for protecting modern IoT systems. However, issues such as communication overhead, data disparity, and adversarial resilience remain critical areas for further research and optimization.

Deep learning (DL) and machine learning (ML) have become foundational approaches to constructing IDS, significantly improving network confidentiality by spotting various attacks and anomalies. Several ML techniques are widely used for their robustness and efficiency. Support vector machines (SVMs) are valued for handling high-dimensional data, while decision trees (DTs) offer simplicity and interpretability. Random forest (RF), an association of decision trees, amplifies efficacy and deduces overfitting. Naive Bayes (NB) provides probabilistic classification with efficiency in large data sets, and K-nearest neighbors (KNNs) excel in instance-based learning for classification tasks. In DL, CNNs are highly efficient at pooling out complex hierarchical patterns from structured data, while gradient boosting (GB) and another updated version of GB, extreme gradient boosting (XGB), iteratively improve weak learners for superior predictive performance. These techniques [19,29,30] have demonstrated considerable success in advancing IDS capabilities. However, evolving cyber threats pose ongoing challenges, including scalability, real-time detection, and addressing imbalanced data, which require further research and innovation to enhance future IDS frameworks.

Apart from traditional techniques, bio-inspired frameworks have been quite effective for IDS. Though there have been fewer works in this genre, some have proved the significance of bio-inspired techniques, particularly in anomaly detection. In an article [31], a bi-layer structure, with the initial stage eliminating recursive patterns and incorporating RF-based methodology (RF-RFE) and optimization approaches that are inspired by a biological style, is employed in the following layer. In an article [32], the support vector machine was optimized using Whale Optimization (WO), Grey Wolf Optimization (GWO), and Firefly Optimization (FO) algorithms. However, the detection rates of the irregularities using the optimized methodologies did not demonstrate optimal efficiency. In an article [33], a novel combination of deep learning and the Dendritic Cell Algorithm (DeepDCA) was integrated into the framework alongside a neural network that normalizes itself (SNN). However, the implementation utilized a relatively outdated and less diverse data set.

In addition to traditional methods, FL has become a popular architecture for developing intrusion detection systems (IDSs), offering distributed training without allowing access to original data. Various studies have explored different FL-based approaches, including RF-based federated learning [22], shallow artificial neural networks (ANNs) with FedAvg for aggregation [23], CNNs and RNNs [34], and combinations of a multi-layer perceptron (MLP) with a CNN [35].

Euclides et al. introduced the CICIoT2023 data set, which has been widely used in experiments involving ML algorithms for classification [11]. Notable studies include [36], which proposed a convoluted structure depending on LSTM for attack detection, and Fray et al., who explored DL models with different stages and functions that activate the model [37]. Maryam et al. deployed unbiased ML algorithms to detect irregularities, and [38] emphasized fairness and accuracy in model predictions. These efforts highlight the evolution of IDS using FL and advanced machine learning techniques.

Although there exist advanced FL-based IDSs, these systems have their limitations, such as most of the infrastructure focusing only on identifying one type of malicious action, such as DDoS [25] or DoS [26], some being computationally costly [23,26,27], and some not performing well when the data volume grows [22]. On the other hand, centralized ML or DL approaches have always been prone to vulnerability in maintaining confidentiality and sometimes result in overfitting. Additionally, bio-inspired approaches such as DeepDCA [33] or combined optimization techniques have proven themselves promising, but their scalability and compatibility with FL environments are still subject to skepticism. Furthermore, the implementation of XAI has been isolated, rather than combined with a model, and the experimental surface is still narrow. At present, the most urgent limitation is the lack of an architecture that can ensure privacy, explainability, and effective efficiency. Our study focused on this challenge and tried to build an architecture that can address these issues, implementing the CICIoT2023 data set.

3. Methodology

In this section of the article, the methodology of the entire research work is presented. This section highlights the research approach, encompassing data set compilation, data analysis, prior processing, and the proposed framework.

The section includes an illustration of the attack diversity in Figure 1, a visual representation of data preparation in Figure 2, an architectural depiction of the proposed framework in Figure 3, and the pictorial representation of local architecture in Figure 4.

3.1. Data Set Compilation

In this work, the CICIoT2023 [11] data set was used for the proposed model. The data set was created to meet the growing demand for reliable security analytics applications in real-world IoT contexts. The experimental setup comprises a complete IoT architecture with 105 networked devices that simulate a genuine operational environment. Within this network, 33 different cyberattacks were carried out, each meticulously planned to mirror the changing threat landscape of IoT security. We have distributed the data set in four parts containing 467,449 data at each end, containing 340,557 data of DDoS, 81,205 data of DoS, 26,268 data of Mirai, 3113 data of Recon, 11,011 Benign data, and 5275 data of other classes combined. In order to provide diversity and authenticity in attack situations, compromised IoT devices were intentionally used as hostile entities, attacking other IoT devices in the network. The data set encompasses a wide range of harmful activities, with the goal of serving as a standard for the research community in developing and assessing intrusion detection and mitigation solutions. The assault diversion is shown in Figure 1.

The recorded attacks are systematically categorized into seven major classes, each representing a fundamental aspect of IoT security threats:

I.

Distributed Denial of Service (DDoS): Large-scale flooding assaults meant to harm multiple IoT gadgets simultaneously to exhaust computational resources and disrupt network availability.

II.

Denial of service (DoS): single-source attack tactics designed to overwhelm a specific IoT device, making it unresponsive to valid queries.

III.

Reconnaissance (Recon): passive and active network scanning techniques are used to obtain information on vulnerable IoT devices, services, and network setups.

IV.

Web-based attacks: exploitation of IoT web interfaces using security holes in IoT web interfaces, including SQL infiltration, command insertion, and cross-website scripting to gain unauthorized access.

V.

Brute-force attacks: systematic password-guessing attacks targeting IoT authentication mechanisms to compromise credentials and gain illicit control over devices.

VI.

Spoofing attacks: identity forging techniques, such as ARP and IP spoofing, are used to masquerade as legitimate IoT organizations in order to eavesdrop or manipulate communications.

VII.

Mirai-based attacks: malware-driven attacks use the Mirai botnet to exploit vulnerabilities in IoT device security, allowing for large-scale infections and subsequent coordinated cyber attacks.

This data set is a crucial asset for cyber security research, allowing for the creation and testing of advanced machine learning models, intrusion detection systems, and anomaly detection approaches designed specifically for IoT security applications.

3.2. Data Investigation & Pre-Processing

At this level of the suggested approach, the data set is thoroughly inspected if the data are in an eligible format for use. In order to achieve an impactful work, the data sets were pre-processed in several steps.

Proper handling of missing values is important because they could result in errors during model building. In this study, no additional data cleaning technique was needed, as the data set was pre-processed during its generation to discard the incomplete packets that contained null feature values. Additionally, the timestamp feature was eliminated, as it adds no significance to network behavior and, rather, acts as ordering elements. Therefore, the remaining features were ready to be utilized to assess the efficacy of several machine learning models [11]. In our study, we opted for no balancing technique implemented, as we wanted to sustain the real-nature of network traffic. We wanted to observe the performance of the proposed framework in a real-life-like scenario. Apart from that, several researchers have pointed out different perspectives on using balancing techniques. For example, in the paper [39], the authors clarified that the significance of the balancing technique is hardly impactful in the resultant of the framework, specifically in binary class detection. Figure 2 is the step-by-step illustration of the techniques that were employed in this study. The details of the pre-processing is visually represented in Figure 2 and described below.

3.2.1. Data-Type Correcting

In order to ensure precise calculations, inconsistent data types (e.g., numeric columns erroneously saved as strings) were transformed into their correct formats.

a.

Data standardizing: Standardizing the data is a transformation process that increases the integrity and quality of the data that is used in future calculations. For this study, we used Z-index standardization shown in Equation (1). This method normalizes the data to have zero mean and unit variance.

$$Z={\displaystyle \frac{X-\mu }{\sigma }}$$

(1)

Here:

• Z denotes the standardized merit,
• X signifies the initial data instance,
• $\mu$ represents the mean value of the data,
• $\sigma$ indicates the standard deviation of the results.

b.

Categorical encoding: Any machine learning algorithm requires numerical input to perform mathematical operations, so categorical encoding converts categorical data, which contains arbitrary labels or discrete components, into a numerical format. For the encoding technique, we used label encoding in this study to convert the attack classes labels to numeric values, such as converting label DDoS to class “0”. Unlike one-hot encoding, label encoding preserves the ordinal nature of categorical variables, allowing for interaction between dummy variables while providing a meaningful numeric representation of the synonyms. It treats categorical features as a variable to keep the categorical variables’ interpretability and thus helps in efficient data processing, such as the given in Equation (2).

$$f\left(x_i\right)=y_i$$

(2)

Here,

• $f\left(x_i\right)$ denotes the function for encoding categorical values to numeric values;
• $x_i$ represents the set of categorical data;
• $y_i$ represents the set of converted numerical data.

3.2.2. Class-Conversion

A robust representation of class conversion is essential in machine learning, as it simplifies the model derived from complex data sets, enhances model performance, and facilitates improved interpretability. The data are simplified and expedited for training due to consolidating classes, which aggregates like assault types. This approach addresses data imbalance by integrating minor attack types into a more significant segment. Moreover, it decreases bias and enhances generalization. Simultaneously, it aligns with the purpose of real-world intrusion detection and increases the significance of cyber-security. In the proposed study, CICIoT2023 was classified into Benign with 1101 data, DDoS with 340,557 data, DoS with 1205 data, Mirai with 26,268 data, Recon with 3113 data, and Other, which consisted of 5275 data after the above mentioned pre-processing steps.

3.2.3. Data Set Splitting

At the last step of pre-processing, the selected data sets were partitioned into two segments. One part was for training, consuming 80 percent of the data, and another part was for an evaluation test, consuming 20 percent of the data.

3.3. Proposed Framework

Our extensive research work experimented with ML frameworks in a prior study with another data set, CIC_IDS_2018 and DL, in conjugation with FL and XAI with the CICIoT2023 data set in this study. We implemented an explainable AI-based DL model on the CICIoT2023 data set. The description of the models is given below. The illustration of Figure 3 depicts the process of a federated learning model. It specifies the procedure of initializing a server, disseminating the global framework to local end nodes, changing the model regionally, and transmitting revisions back to the server. The server subsequently incorporates the updates with the federated averaging (FedAvg) mechanism. The diagram illustrates the allocation of models and upgrades to features between the server and remote nodes, where multiple users (Client-1, Client-2, Client-3, and Client-4) utilize their data sets to enhance the effectiveness of the models. The remainder of this section will proceed to explore the suggested framework in greater depth. The conceptualization of the proposed framework was developed based on our earlier work [8]. The following contents provide a detailed, step-by-step discussion of Figure 3.

FedXAIIDS

The proposed federated learning (FL) model for intrusion detection leverages a distributed architecture, incorporating the devices attached to the local end. These gadgets regionally implement the frameworks on their particular data set. Later, the computing device at the server end integrates these trained schemes. For this study, the CICIoT2023 data set was distributed across four clients to simulate a federated environment. The following stages define the operation of the proposed model.

• Initialization: In FL, initialization implies the procedure of establishing the initial universal model prior to the commencement with instruction across various client endpoints. Our experiments started with this initialization; a centralized computer establishes a global architecture and disseminates it to all collaborating peers.
• Local model training: In our next step, each client initiates local training utilizing their specific data upon acquiring the global framework. At this stage, every collaborating client autonomously trains a replica of the global framework on its own data set prior to transmitting updates to the central server. The depiction of the regional architecture is shown in Figure 4. Every client develops a distinct ANN architecture and explains its results utilizing SHAP. ANN is modeled after the architecture of the human brain, utilizing layers of interconnected neurons. In this work, the ANN framework is fabricated as follows:

  (a)

  Input layer: The input layer in an artificial neural network (ANN) with 64 neurons representing the 64 features of the data set, where each neuron processes a corresponding feature. Using the activation strategy of ReLU (3),

  $$f\left(X\right)=max(0,X)$$

  (3)

  It passes only positive values, ensuring efficient learning and faster convergence. Each feature has calculated weighted inputs while making negative inputs are 0. Due to its simplicity and non-linearity, ReLU allows for sparse activation and, therefore, scalability, making it suitable for more complicated tasks such as intrusion detection.

  (b)

  Dropout layer: Two dropout layers with a fifty percent reduction in rate are utilized, and that helps reduce overfitting by randomly adjusting fifty percent of the units used for input to zero throughout each training iteration. This technique minimizes reliance on single neurons, allowing the network to learn more robust properties.

  (c)

  Hidden layer: The model has two hidden layers to improve learning and feature abstraction. The first hidden layer is made up of 128 neurons with ReLU activation, which allows the network to record complicated patterns using non-linear transformations. The second hidden layer has 64 neurons and uses ReLU activation to reduce dimensionality while retaining abstraction for better computational efficiency. This layered structure strikes a compromise between learning capacity and processing speed, allowing for deeper pattern identification and more effective generalization.

  (d)

  Output layer: The layer that is designed to provide outcomes, contains six neuronal cells, each corresponding to one of the six categories of interest in the classifying task. The activation function of softmax is employed, transforming the output into the distribution of probabilities among every category. The softmax function guarantees the sum of probabilities is 1 and enables the model to simply make the most likely class prediction and give more probability to whatever output is more relevant, which makes it popular for multi-class classification problems.

  (e)

  Loss function: This framework employs a loss function approach that is known as categorical cross-entropy, quantifying the disparity between the actual label distribution and the projected distribution of probabilities. This method is used when there is multi-class classification, and it penalizes when the prediction is neither close to the labels nor close to the class by solving a loss of negative log likelihood of the actual class. Preventing this loss can help tune the model so that it is more left-leaning or right-leaning, which improves its accuracy, resulting in predicted probability aligning better with actual labels.

  (f)

  Optimizer: This model employs Adam optimizing techniques with a primary learning ratio of 0.001 to take advantage of momentum and adaptation rates for improved training. Adam adapts the learning rates for each individual parameter, which leads to quicker convergence and resilient performance across different types of issues, making it frequently employed in deep learning models.

• Global aggregator: The centralized computer consolidates modifications to the model from each client to formulate a unified framework utilizing federated averaging (FedAvg) (4). This method involves the server systematically calculating a weighted average of the parameters (weights) that are achieved from client models according to the magnitude of their local data. The method has shown its efficacy in several fields, for example, a mobile healthcare application [40], IoT-based intrusion detection [41], and picture categorization employing non-IID data [42]. FedAvg enhances the global model by integrating varied local insights while maintaining data privacy, establishing it as a fundamental technique in FL [43]. The calculation is as follows [43],

  $${\theta }^{(t+1)}=\sum _{k=1}^K{\displaystyle \frac{n_k}{N}}{\theta }_k^{\left(t\right)}$$

  (4)

  where
  • ${\theta }^{(t+1)}$ represents the new global model parameters;
  • K denotes the number of participating clients;
  • $n_k$ is the number of local training samples for client k;
  • $N={\sum }_{k=1}^K{n}_k$ is the total number of training samples across all selected clients;
  • ${\theta }_k^{\left(t\right)}$ represents the locally updated model parameters from client k at round t.
• Explainable AI (XAI) integration: Explainability is a crucial characteristic for analyzing different machine learning and deep learning models. In this experiment, the explainable AI technique SHAP was deployed on the global end of the framework, after combining all results from local frameworks. SHAP is a model-agnostic technique that leverages the interpretability of the implemented model in the experiment. SHAP incorporates the Shapely values, which are inspired by game theory, to calculate the contribution of each feature to the projected result [9]. In this study, each characteristic of the data set is represented as a player of a collaborative game, and the result of the proposed framework is considered as the outcome of that game. After that, the SHAP evaluated the Shapely value for all the features separately by calculating the average marginal significance among all possible combinations of features. Therefore, the library for SHAP was implemented to assess the SHAP values for the testing subset of the experimental data set, CICIoT2023. In this proposed framework, Kernel SHAP, an approach that was introduced in the article [9], was deployed to interpret predictions and represent the interpretability of CICIoT2023. This method enables us to achieve insights about the features that are prominently influencing the outcome of the proposed framework.

3.4. Evaluative Metric

The properties employed for the suggested framework in this investigation include precision, accuracy, and recall, alongside the F1-score.

Confusion matrix: The confusion matrix is an evaluation parameter that is used for classification models. It is represented as a table that summarizes the prediction by comparing real target values with the predicted values from the model. It comprises TP—true positive, TN—true negative, FP—false positive, and FN—false negative.

$$\mathrm{Confusion}\mathrm{Matrix}=\left[\begin{array}{cc}TP& FN\\ FP& TN\end{array}\right]$$

(5)

Accuracy: The metric that indicates how frequently an ML approach correctly projects an outcome is known as accuracy. The division of the number of correct predictions by the total estimation quantity is implemented to evaluate the accuracy.

$$ACCURACY={\displaystyle \frac{TP+TN}{FP+TP+FN+TN}}$$

(6)

Recall: The capacity to identify all pertinent instances within the data set is termed recall. It is defined as the ratio of actual positives to the total of true positives and false negatives in the genre of mathematics.

$$RECALL={\displaystyle \frac{TP}{FN+TP}}$$

(7)

Precision: The metric that represents the efficacy of an ML approach is known as precision. It reflects the accuracy of the algorithms’ positive predictions. It is the ratio of genuine successes to the total number of positive projections.

$$PRECISION={\displaystyle \frac{TP}{FP+TP}}$$

(8)

F1-score: the balanced average of accuracy and recall is termed the F1-score. Accuracy and recall are aggregated into a single statistic in order to enhance the comprehension of the efficacy of the suggested framework.

$$F1\mathit{-SCORE}={\displaystyle \frac{2\times RECALL\times PRECISION}{PRECISION+RECALL}}$$

(9)

Loss: A function called a loss function is a formula of algebra that quantifies the variance between the envisioned results derived from the computerized model and the actual target values. The loss function evaluates the degree to which the forecasts of the model align with the factual information.

$$\mathrm{Loss}=-\sum _{i=1}^n\sum _{c=1}^C{y}_{i,c}log\left({\widehat{y}}_{i,c}\right)$$

(10)

4. Experimental Result

The research experiment was conducted on a portable computer with the configuration features of a Core i5 processor, 4 GB of main memory, and 2.4 GHz of CPU momentum that was running Microsoft Windows 11. The programming environment utilized Jupyter Notebook and Kaggle Notebook, both with Python 3. Furthermore, the Colab at Google acted as a program framework to conduct the experiment. In the following section, the outputs are discussed and compared with other frameworks.

FedXAIIDS

The envisioned infrastructure built on FL was allocated among four end-users along with the global framework. The findings were assembled from the local ends utilizing the aggregator strategy of FedAvg. The resultant products produced during the testing cycles are illustrated in Figure 5.

Figure 5 depicts the accuracy trends of a federated learning model across many clients over a number of repetitions of the local training and sharing of the feedback with a global server. The horizontal axis depicts the number of repetitions, indicating the advancement of training, and the vertical axis represents accuracy in percentage terms, representing the model’s performance. Every curve in the figure displays an individual client; the blue line denotes client-1, the orange line denotes client-2, the green line denotes client-3, and the red line represents another client, showcasing how their respective models improve over time. The accuracy deviations could be attributed to differences in data distributions, local model updates, or computing resources. The graph in Figure 5 illustrates the converging behavior of federated learning, demonstrating whether all clients attain equal performance levels or if there are differences because of disparities in data or system-related constraints. From Figure 5, we can observe that client-1 achieved 87.5% accuracy in its first time execution of the model; then, it grew gradually, by 88%, 88.06%, 88.18%, and 88.31%, in the second, third, fourth and fifth time executions, respectively. On the other hand, client-2 acquired 87.81%, 88.06%, 88.31%, 88.43%, and 88.5% in the first time execution to the fifth time execution, respectively. On the other hand, client-3 showed an efficacy of 88%, 88.31%, 88.5%, 88.56%, and 88.68% in each execution and also performed the best among all the local clients. Finally, client-4 achieved a success rate of 87.56% in the first execution of the model on its end, and then it achieved 88.18%, 88.37%, 88.5%, and 88.63% in its second, third, fourth, and fifth time runs on the model, respectively. In conclusion, we can state from Figure 5, that each local client performed better with each time execution of the model, and client-3 showed the highest efficacy growth over time. This approach is important in federated learning because it helps evaluate model consistency across clients, discover potential fairness issues, and ensure that no client suffers a great disadvantage during training. The detected trends can also be used to inform optimization tactics, such as modifying learning rates, enhancing aggregation approaches, and dealing with straggler effects.

The feature importance visualisations that were created using the SHAP framework are summarised in Figure 6. From Figure 7a, we can observe that the suggested method has an 88.4% achievement rate during the training session and an 88.2% achievement rate during the testing session. Furthermore, Figure 7b represents the loss calculation of the model after aggregating all models with a loss value of 26.6% in the training phase and a 27.7% loss value in the testing phase. In the suggested framework, SHAP was employed in order to clarify the significance of the attributes on the anticipated output. The proposed framework was trained with the Adam optimizer having a learning rate of 0.001, which adjusts the learning rates during training and enhances the convergence stability. On the other hand, the input features were standardized, incorporating the StandardScaler technique, and no missing or null values were discovered in the data set, which ensures a clean data set, providing less information loss with a balanced feature set for learning. Additionally, a categorical cross-entropy was incorporated as a loss function, which is suitable for multi-class categorization, promoting accurate probability estimation among all output categories. In addition, the dropout layers were employed in the framework, as it mitigates overfitting and contributes to the generalization capability of the proposed architecture. These parameters cooperated all together to achieve low loss values and efficient classification performance.

Moreover, the proposed framework achieved a precision of 0.886, a recall of 0.678, and an F1-Score of 0.698. During the testing phase, the model achieved consistent behavior with a precision of 0.8908, a recall of 0.684, and an F1-score of 0.705. The comparatively high precision indicates that, when the experimented structure detects an instance as intrusion, it is likely to be correct, minimizing the false positives. The average recall value indicates that the framework might miss some incidents of false negatives despite being cautious in identifying malicious behavior. On the other hand, the value of the F1-score indicates the balance between precision and recall, and it demonstrates a consistent generalization ability across observed and unseen components. The limitation of our model is the low output value, which indicates that this framework still needs fine-tuning, a parameter reset, and other appropriate techniques’ incorporation to enhance the output parameter values. However, the strength of the proposed model lies in discovering the most significant features while breaching the network. In the future, we can reduce the dimensionality of the data set, focusing only on the significant features that we enlisted by deploying the SHAP framework. Thus, we may obtain better output values than the current ones.

In Figure 6, a summary of the feature importance visualizations that were derived from the SHAP framework is shown. SHAP estimates the average influence of every feature on the overall dimension of the output of the model across all classes. On the x-axis, the mean “SHAP value” is demonstrated, which displays the average quantity of the contribution of a feature to the evaluation of the model. In our experiment, the features’ contribution is shown as a positive influence on the overall framework. This metric shows the overall effect of each feature on the projected accuracy of the model, providing a global measure of feature relevance. On the other hand, the y-axis enlists the characteristics of the data in a decreasing sequence, meaning a start from the most influenced class to the least influenced class. The classes are Class 0—DDoS, Class 1—DoS, Class 2—Mirai, Class 3—Benign, Class 4—Other, and Class 5—Recon. In the figure, the classes are represented by the following colors: DDoS—red, DoS—blue, Mirai—purple, Benign—magenta, Other—olive green, and Recon-dark teal. The width of each color represents the impact of that particular feature on each class. From Figure 6, we can observe that the 10 most significant features of CICIoT2023 are feature 28—UDP, 31—ICMP, 42—Magnitude, 27—TCP, 8—fin_flag_number, 3—Protocol type, 10—rst_flag_number, 15—ack_count, 17—fin_count, and 11—psh_flag_number. Furthermore, feature 28 has the most influence on identifying the attack classes on the CICIoT2023 data set.

5. Discussion

In this section, the proposed model is compared with several frameworks that were implemented on CICIoT2023. In this study, we implemented FEDXAIIDS as the baseline model on CICIoT2023, and our comparison study focused on the performance of different frameworks on the CICIoT2023 data set. The findings in

Table 2. Comparison of the evaluation of Experiment-2 with current studies on CICIoT2023.

Ref	Year	Federated Learning Applied	Method	Data Set	Performance Metrics (Accuracy)
A. Adamova et al.	2025	Yes	Implemented federated learning on SQL injection and brute-force attacks.	CICIOT2023	100% accuracy in predicting SQL injection attacks and 98.25% accuracy for brute-force attacks [44].
R. Saadouni et al.	2025	No	Incorporated VGG16 along with BBinary Greylag Goose Optimization (BGGO) and Random Forest Classifier [45].	CICIOT2023	99.41% accuracy for multiclass classification and 99.83% for binary classification.
H. Chen et al.	2025	No	Proposed synaptic structures transformation from 1D to 3D. Additionally, imbalance categorization issue is mitigated implement a unique strategy for calculating loss.	CIC_IDS_2017, CICIOT2023	demonstrated a 88.48% on CICIDS2017 and a 97.69% on CICIoT2023 [46].
J. J. Shirley et al.	2025	No	Deployed autoencoder along with a feedforward neural network (AE-FNN) [47].	CICIOT2023	99.55% accuracy in binary classification and 90.91% in multiclass classification.
R. Ji et al.	2025	No	Introduced a hybrid IDS Cyber-Physical Systems (CPSs), integrating AdaBoost and RF techniques [48].	CICIOT2023	accuracy of 98.27%, with recall, precision, and F1-score all at 0.98 and a false detection rate of 0.0006, along with a testing time of 0.1563 s
Sabrina et al.	2025	Yes	Proposed a secure gradient-exchange algorithm utilizing FL and blockchain, incorporating CNN1D and multi-head attention.	CICIOT2023	accuracy of 79.92%, 77.41% identification percentage, and 2.55% of false detection rate [49].
Qawsar et al.	2025	Yes	Introduced a hybrid learning infrastructure integrating CNN, LSTM, GRU, and a capsule network [50].	CICIoT 2023 and UNSW_NB15	accuracy of 99.82% on CICIoT 2023 and 95.55% on UNSW_NB15.
Torre et al.	2025	Yes	Presented an FL-based using 1D-CNN incorporating differential privacy, Diffie–Hellman key exchange, and homomorphic encryption [24].	TONIoT, IoT23, BoTIoT, CICIoT2023, CICIoMT2024, RTIoT2022, and Edge-IIoT	The model achieved an estimated accurateness of 97.31%, across the various data sets.
Ahmad et al.	2024	Yes	This study proposes using federated deep neural networks (FDNNs) and explainable AI (XAI) [25].	DDoS-ICMP-Flood, DDoS-UDP-Flood, DDoS-TCP-Flood, DDoS-PSHACK-Flood, DDoS-SYN-Flood, DDoS-RSTFINFlood, DDoS-SynonymousIP-Flood, DoS-UDP-Flood, DoS-TCP-Flood, and DoS-SYN-Flood.	The model achieved 99.78% accuracy.
JiaMing et al.	2025	Yes	Proposed an NIDS-FGPA NIDS-FGPA with Paillier encryption for secure training and uses GSA to optimize updates and reduce overhead.	Edge-IIoTset and CICIoT2023	Edge-IIoTset and CICIoT2023 data sets exhibit accurateness of 94.5% and 99.2%, correspondingly [51].
FedXAIIDS	2025	Yes	Federated XAI IDS(FedXAIIDS) uses Federated Learning (FL) and SHAP for a privacy-preserving, explainable IDS. An ANN is distributed across four federated clients, aggregated with FedAvg on CICIoT2023.	CICIOT2023	SHAP enhances interpretability, and the model achieved 88.4% training and 88.2% testing accuracy, balancing security, privacy, and trustworthiness.

show that FedXAIIDS is effective in addressing major intrusion detection concerns, particularly in terms of privacy preservation, explainability, and decentralized learning. While the recommended framework attained a training efficacy of 88.4% and a testing efficacy of 88.2% on the CICIoT2023 data set, which are lower than some centralized approaches, its advantages in security, interpretability, and real-world applicability make it a superior choice for modern cyber security frameworks. FedXAIIDS, unlike standard IDS models, uses federated learning (FL) to ensure that sensitive network data are dispersed across edge devices. This considerably decreases the danger of data breaches and ensures compliance with severe privacy requirements such as the GDPR (General Data Protection Regulation).

In an article [44], the proposed framework achieved impressive efficacy of 100% for sql injection attacks and a 98.25% success rate for brute-force attacks, but the limitation of this work was that it only focused on identifying two attacks. The majority of works have prioritized evaluating accuracy, ignoring the need for a justification of the gained accuracy, while FEDXAIIDS properly justifies the achieved accuracy by evaluating feature contribution utilizing SHAP. Despite yielding high accuracy, 99.41% for multi-attack and 99.83% for binary classification, the proposed model of the article [45] is computationally expensive for using multiple techniques in a single architecture. Similarly, ref. [46] implies a 1D to 3D synaptic transformation on a large data set, CICIoT2023, to achieve 97.69% accuracy while increasing the computational overhead. In the article [47], the authors experimented and autoencoder-based feedforward neural network with the success rate of 99.55%, but it is a centralized system that still involves a privacy issue. Ji et al. [48] proposed a CPS-based framework integrating Adaboost and RF, achieving 98.27% accuracy while adopting a centralized method that does not protect the confidentiality of end-to-end devices. On the other hand, Torre et el. [24] overcame the privacy issue by applying Diffie–Hellman key exchange and homomorphic encryption, achieving 97.31% accuracy while maintaining unclarity about the number of attack types it is identifying. The most competitive article with our work is the article [25], with the framework of FDNN with XAI having a success rate of 99.78%, but it only focused on classifying different types of DDoS attacks, while JiaMing et al. proposed NIDS-FGPA with Pailier encryption to resolve security issues, having a success rate of 99.2% on CICIoT2023 but computational complexity [1].

Additionally, the primary objective of the current experiment was to ensure interpretability by calculating SHAP values, but our future research might look at utilizing top-ranked features that SHAP discovered for dimensionality reduction. This framework might even increase or sustain performance while supporting the development of a more computationally efficient infrastructure.

From the above discussion, we can observe that our proposed framework performed worse in accuracy than the other compared frameworks, which is a vulnerable point in the proposed study. But the proposed infrastructure is computationally lower in cost, as we opted for an ANN as a local framework in an FL environment. Moreover, the significant factor about our proposed infrastructure, FEDXAIIDS, is that our model has generated a set of significant features implementing XAI and particularly showed their contribution to the detection of different attack classes. According to the SHAP analysis plot, we have observed that the feature 28-UDP has the most significance in detecting any attack class. Moreover, we can use this clue in the future to implement an intrusion prevention system (IPS). Furthermore, in future work, we aim to explore different XAI techniques, as well as build a real-life network scenario to incorporate the model in real time.

6. Conclusions

This research introduced Federated XAI IDS, a novel explainable and privacy-preserving intrusion detection system (IDS) that effectively addresses the key limitations of traditional IDS, including high inaccurate positive detection and inaccurate negative detection percentage, a lack of interpretability, and data privacy concerns. By leveraging federated learning (FL) and Shapley additive explanations (SHAPs), our approach ensures that IDS models can be collaboratively trained across multiple decentralized devices while preserving data privacy by keeping sensitive information on local edge nodes. This decentralized paradigm mitigates the security risks associated with centralized approaches, making it a commendatory solution for modern network circumstances. The proposed IDS framework utilizes an artificial neural network (ANN) distributed across four federated clients, with model aggregation performed using FedAvg on the CICIoT2023 data set. The output highlighted the efficiency of this approach, achieving 88.4% training accuracy and 88.2% testing accuracy. Additionally, SHAP was incorporated to analyze feature importance, providing a transparent perspective of the most significant attributes influencing model predictions. The ability to rank and interpret feature significance enhances model trustworthiness and supports cyber security professionals in making informed decisions. Though our accuracy is lower than that of other current studies, SHAP analysis ensured the efficiency our results, and our findings demonstrate that Federated XAI IDS successfully tackles two critical challenges in intrusion detection, explainability, and privacy preservation. By integrating federated learning with explainable AI (XAI), this work offers a scalable, interpretable, and secure IDS solution suited for modern cyber security applications, particularly in scenarios where sensitive data cannot be centrally shared. Moreover, it was found in the proposed method that the most significant feature in contributing to detect intrusion is UDP. This information can pave the way to build an efficient intrusion prevention system to protect the system from any kind of breaching in the first place. For a future extension of this work, we will experiment with different federated aggregation tactics, as well as XAI methods, to analyze the performance efficiency shift and significant features. Additionally, we would like to implement the framework on a real-life network system to test its eligibility to work in an actual network layer as a realistic implementation, and an assessment in extensive and diverse networks will confirm the resilience and applicability of our methodology.