AN EXPLAINABLE AI FRAMEWORK FOR INSIDER THREAT DETECTION USING BEHAVIORAL BUSINESS ANALYTICS

The Internet of Things (IoT) device boom has greatly added complexity to the existing network infrastructures, which has exposed them to various security threats and malicious intentions. Conventional intrusion detection systems are frequently based on black-box models of machine learning that offer great accuracy in detection but offer no insight into the decision-making process. Such inability to interpret also poses a problem to cybersecurity analysts and decision-makers who need to know the logic behind observed threats. This study presents a proposal to curb this by offering an Explainable Artificial Intelligence (XAI) framework to identify malicious network behavior during behavioral analytics of IoT systems. The proposed framework will use the IoT Intrusion Detection dataset by CICIoT2023 which consists of more than one million network traffic examples and 47 behavioral features that describe different types of cyberattacks such as Distributed Denial of Service (DDoS), Denial of Service (DoS), spoofing attacks, brute force attacks, reconnaissance activities, web-based attacks, and Mirai botnet traffic. The dataset records key features of network flow (transmission rate of packets, protocols, packet sizes, and TCP flag activity). These characteristics allow the study of the behavior patterns of the network that will help distinguish between benign and malicious traffic. This study uses machine learning methods to identify the network traffic as normal or intrusion according to the behavioral patterns derived using the network flows. In order to improve the transparency and reliability of models, Explainable AI methods are applied to the framework to understand the model prediction and determine which features have the greatest impact on intrusion detection. The explainability component enables the cybersecurity analysts to know how certain network behaviors lead to the detection of the possible attacks. It has been experimentally tested that the proposed framework is capable of identifying various types of IoT intrusion and at the same time offer interpretable information about the decision-making process of the model. The findings of this study is that behavioral analytics can be used together with explainable artificial intelligence to enhance the precision and the visibility of intrusion detection systems in IoT-based networks.