Samrudh Rudrappa

Breaking the Opacity Barrier: Explainable AI for Host-Based IDS

Started July 10, 2025

Abstract or project description

Financial institutions are increasingly threatened by sophisticated, multi-vector cyberattacks that exploit both host- and network-level vulnerabilities. While machine learning-based Intrusion identification Systems (ML-IDS) improve identification of previously unknown threats, their opaque outputs limit analyst trust and cause reaction delays.

This study looks into the integration of Explainable AI (XAI) into host-based IDS workflows, employing large language models (LLMs) like GPT-5 and Claude Sonnet to provide context-rich, interpretable explanations for system warnings. A structured experimental methodology, which included MLflow grading and Retrieval-Augmented Generation (RAG), assessed the clarity, accuracy, and usability of generated explanations.

The results show that generative AI may transform opaque IDS signals into actionable insights, lowering alert fatigue and increasing analyst confidence in decision-making. To facilitate practical adoption, a dedicated website was created that allows cybersecurity professionals and researchers to interactively examine IDS input-output linkages and evaluate model explanations. The findings underscore the importance of explainable frameworks in improving the transparency, trust, and operational efficacy of machine learning-based intrusion detection, laying the groundwork for more accountable and resilient cybersecurity procedures.