Explainable AI for zero-day attack detection in IoT networks using attention fusion model
Abstract The proposed research addresses the challenge of detecting malicious network traffic in IoT environments, focusing on enhancing detection accuracy while ensuring interpretability. The proposed attention fusion classification model utilizes both long-term and short-term attention mechanisms...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-07-01
|
| Series: | Discover Internet of Things |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s43926-025-00184-8 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849332359397113856 |
|---|---|
| author | Deepa Krishnan Swapnil Singh Vijayan Sugumaran |
| author_facet | Deepa Krishnan Swapnil Singh Vijayan Sugumaran |
| author_sort | Deepa Krishnan |
| collection | DOAJ |
| description | Abstract The proposed research addresses the challenge of detecting malicious network traffic in IoT environments, focusing on enhancing detection accuracy while ensuring interpretability. The proposed attention fusion classification model utilizes both long-term and short-term attention mechanisms to capture temporal patterns and protocol-specific features, which improves the differentiation between benign and malicious traffic. Empirical results indicate strong performance, with precision-recall scores of 0.9999 for both the DDoS_TCP and DDoS_UDP classes, and a perfect score of 1.0000 for the Normal class. The model also demonstrates solid performance for the DDoS_HTTP (0.9791), Password (0.9418), and SQL_Injection (0.9461) classes. Furthermore, it excels at identifying complex behaviors in upload-based attacks and network vulnerabilities, achieving precision-recall scores of 0.9333 for the Uploading class and 0.9963 for the Vulnerability Scanner class. The binary classification accuracy is 99.9966%, and the multiclass accuracy for Zero-day attacks is 71.0926%. The results suggest that the model offers significant potential for improving IoT security. This study introduces the novel use of attention mechanisms for interpretability, enhancing the detection of a broad range of attack types, and contributes to advancing intrusion detection system capabilities. Future research can focus on expanding datasets, refining interpretability techniques, and addressing adversarial vulnerabilities for further model enhancement. |
| format | Article |
| id | doaj-art-360046a9c8984098a2b97cd84f64c8f2 |
| institution | Kabale University |
| issn | 2730-7239 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Springer |
| record_format | Article |
| series | Discover Internet of Things |
| spelling | doaj-art-360046a9c8984098a2b97cd84f64c8f22025-08-20T03:46:13ZengSpringerDiscover Internet of Things2730-72392025-07-015112510.1007/s43926-025-00184-8Explainable AI for zero-day attack detection in IoT networks using attention fusion modelDeepa Krishnan0Swapnil Singh1Vijayan Sugumaran2Department of Computer Engineering, Mukesh Patel School of Technology Management and Engineering, SVKM’s NMIMS UniversityComputer Science Department, Virginia TechDepartment of Decision and Information Sciences, Oakland UniversityAbstract The proposed research addresses the challenge of detecting malicious network traffic in IoT environments, focusing on enhancing detection accuracy while ensuring interpretability. The proposed attention fusion classification model utilizes both long-term and short-term attention mechanisms to capture temporal patterns and protocol-specific features, which improves the differentiation between benign and malicious traffic. Empirical results indicate strong performance, with precision-recall scores of 0.9999 for both the DDoS_TCP and DDoS_UDP classes, and a perfect score of 1.0000 for the Normal class. The model also demonstrates solid performance for the DDoS_HTTP (0.9791), Password (0.9418), and SQL_Injection (0.9461) classes. Furthermore, it excels at identifying complex behaviors in upload-based attacks and network vulnerabilities, achieving precision-recall scores of 0.9333 for the Uploading class and 0.9963 for the Vulnerability Scanner class. The binary classification accuracy is 99.9966%, and the multiclass accuracy for Zero-day attacks is 71.0926%. The results suggest that the model offers significant potential for improving IoT security. This study introduces the novel use of attention mechanisms for interpretability, enhancing the detection of a broad range of attack types, and contributes to advancing intrusion detection system capabilities. Future research can focus on expanding datasets, refining interpretability techniques, and addressing adversarial vulnerabilities for further model enhancement.https://doi.org/10.1007/s43926-025-00184-8Security attackExplainable AIDetectionZero dayIoT |
| spellingShingle | Deepa Krishnan Swapnil Singh Vijayan Sugumaran Explainable AI for zero-day attack detection in IoT networks using attention fusion model Discover Internet of Things Security attack Explainable AI Detection Zero day IoT |
| title | Explainable AI for zero-day attack detection in IoT networks using attention fusion model |
| title_full | Explainable AI for zero-day attack detection in IoT networks using attention fusion model |
| title_fullStr | Explainable AI for zero-day attack detection in IoT networks using attention fusion model |
| title_full_unstemmed | Explainable AI for zero-day attack detection in IoT networks using attention fusion model |
| title_short | Explainable AI for zero-day attack detection in IoT networks using attention fusion model |
| title_sort | explainable ai for zero day attack detection in iot networks using attention fusion model |
| topic | Security attack Explainable AI Detection Zero day IoT |
| url | https://doi.org/10.1007/s43926-025-00184-8 |
| work_keys_str_mv | AT deepakrishnan explainableaiforzerodayattackdetectioniniotnetworksusingattentionfusionmodel AT swapnilsingh explainableaiforzerodayattackdetectioniniotnetworksusingattentionfusionmodel AT vijayansugumaran explainableaiforzerodayattackdetectioniniotnetworksusingattentionfusionmodel |