{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T06:33:43Z","timestamp":1775025223286,"version":"3.50.1"},"reference-count":51,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2025,5,26]],"date-time":"2025-05-26T00:00:00Z","timestamp":1748217600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"University Grants Commision (UGC) of Bangladesh","award":["37.01.0000.073.12.009.23.458"],"award-info":[{"award-number":["37.01.0000.073.12.009.23.458"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>An intrusion detection system (IDS) is a crucial element in cyber security concerns. IDS is a safeguarding module that is designed to identify unauthorized activities in network environments. The importance of constructing IDSs has never been this significant with the growing number of attacks on network layers. This research work was intended to draw the attention of the authors to a different aspect of intrusion detection, considering privacy and the contribution of the features on attack classes. At present, the majority of the existing IDSs are designed based on centralized infrastructure, which raises serious concerns about security as the network data from one system are exposed to another system. This act of sharing the original network data with another server can worsen the current arrangement of protecting privacy within the network. In addition, the existing IDS models are merely a tool for identifying the attack categories without analyzing a further emphasis of the network feature on the attacks. In this article, we propose a novel framework, FEDXAIIDS, converging federated learning and explainable AI. The proposed approach enables IDS models to be collaboratively trained across multiple decentralized devices while ensuring that local data remain securely on edge nodes, thus mitigating privacy risks. The primary objectives of the proposed study are to reveal the privacy concerns of centralized systems and identify the most significant features to comprehend the contribution of the features to the final output. Our proposed model was designed, fusing federated learning (FL) with Shapley additive explanations (SHAPs), using an artificial neural network (ANN) as a local model. The framework has a server device and four client devices that have their own data set on their end. The server distributes the primary model constructed using an ANN among the local clients. Next, the local clients train their individual part of the data set, deploying the distributed model from the server, and they share their feedback with the central end. The central end then incorporates an aggregator model named FedAvg to assemble the separate results from the clients into one output. At last, the contribution of the ten most significant features is evaluated by incorporating SHAP. The entire research work was executed on CICIoT2023. The data set was partitioned into four parts and distributed among the four local ends. The proposed method demonstrated efficacy in intrusion detection, achieving 88.4% training and 88.2% testing accuracy. Furthermore, UDP has been found to be the most significant feature of the network layer from the SHAP analysis. Simultaneously, the incorporation of federated learning has ensured the safeguarding of the confidentiality of the network information of the individual ends. This enhances transparency and ensures that the model is both reliable and interpretable. Federated XAI IDS effectively addresses privacy concerns and feature interpretability issues in modern IDS frameworks, contributing to the advancement of secure, interpretable, and decentralized intrusion detection systems. Our findings accelerate the development of cyber security solutions that leverage federated learning and explainable AI (XAI), paving the way for future research and practical implementations in real-world network security environments.<\/jats:p>","DOI":"10.3390\/fi17060234","type":"journal-article","created":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T05:52:52Z","timestamp":1748325172000},"page":"234","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Federated XAI IDS: An Explainable and Safeguarding Privacy Approach to Detect Intrusion Combining Federated Learning and SHAP"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-0829-9866","authenticated-orcid":false,"given":"Kazi","family":"Fatema","sequence":"first","affiliation":[{"name":"Institute of Information Technology, Jahangirnagar University, Dhaka 1342, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7999-8576","authenticated-orcid":false,"given":"Samrat Kumar","family":"Dey","sequence":"additional","affiliation":[{"name":"School of Science & Technology, Bangladesh Open University, Gazipur 1705, Bangladesh"}]},{"given":"Mehrin","family":"Anannya","sequence":"additional","affiliation":[{"name":"Institute of Information Technology, Jahangirnagar University, Dhaka 1342, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8236-5959","authenticated-orcid":false,"given":"Risala Tasin","family":"Khan","sequence":"additional","affiliation":[{"name":"Institute of Information Technology, Jahangirnagar University, Dhaka 1342, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7567-2360","authenticated-orcid":false,"given":"Mohammad Mamunur","family":"Rashid","sequence":"additional","affiliation":[{"name":"School of Science & Technology, Bangladesh Open University, Gazipur 1705, Bangladesh"}]},{"given":"Chunhua","family":"Su","sequence":"additional","affiliation":[{"name":"Graduate School of Computer Science and Engineering, University of Aizu, Aizuwakamatsu 965-8580, Fukushima Prefecture, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5994-1767","authenticated-orcid":false,"given":"Rashed","family":"Mazumder","sequence":"additional","affiliation":[{"name":"Institute of Information Technology, Jahangirnagar University, Dhaka 1342, Bangladesh"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Wang, S., Asif, M., Shahzad, M.F., and Ashfaq, M. (2024). Data privacy and cybersecurity challenges in the digital transformation of the banking sector. Comput. Secur., 147.","DOI":"10.1016\/j.cose.2024.104051"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Otoum, Y., and Nayak, A. (2021). As-ids: Anomaly and signature based ids for the internet of things. J. Netw. Syst. Manag., 29.","DOI":"10.1007\/s10922-021-09589-6"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1968","DOI":"10.30574\/ijsra.2024.11.1.0267","article-title":"Securing financial data storage: A review of cybersecurity challenges and solutions","volume":"11","author":"Okoye","year":"2024","journal-title":"Int. J. Sci. Res. Arch."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1016\/j.comcom.2022.09.012","article-title":"Federated learning for intrusion detection system: Concepts, challenges and future directions","volume":"195","author":"Agrawal","year":"2022","journal-title":"Comput. Commun."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"32150","DOI":"10.1109\/ACCESS.2020.2973219","article-title":"Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset","volume":"8","author":"Karatas","year":"2020","journal-title":"IEEE Access"},{"key":"ref_6","unstructured":"Waswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A., Kaiser, L., and Polosukhin, I. (2017, January 4\u20139). Attention is all you need. Proceedings of the NIPS, Long Beach, CA, USA."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"52138","DOI":"10.1109\/ACCESS.2018.2870052","article-title":"Peeking inside the black-box: A survey on explainable artificial intelligence (XAI)","volume":"6","author":"Adadi","year":"2018","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Fatema, K., Anannya, M., Dey, S.K., Su, C., and Mazumder, R. (2024). Securing Networks: A Deep Learning Approach with Explainable AI (XAI) and Federated Learning for Intrusion Detection. Data Security and Privacy Protection, Springer.","DOI":"10.1007\/978-981-97-8540-7_16"},{"key":"ref_9","unstructured":"Lundberg, S. (2017). A unified approach to interpreting model predictions. arXiv."},{"key":"ref_10","unstructured":"Dong, T., Li, S., Qiu, H., and Lu, J. (2022). An interpretable federated learning-based network intrusion detection framework. arXiv."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_12","first-page":"2056","article-title":"Machine learning methods for cyber security intrusion detection: Overview, issues, and open challenges","volume":"29","author":"Hodo","year":"2016","journal-title":"Int. J. Commun. Syst."},{"key":"ref_13","first-page":"934","article-title":"Intrusion detection system based on SVM with feature selection","volume":"25","author":"Li","year":"2012","journal-title":"Int. J. Commun. Syst."},{"key":"ref_14","first-page":"2451","article-title":"Network anomaly detection using hybrid decision tree","volume":"8","author":"Singh","year":"2019","journal-title":"Int. J. Innov. Technol. Explor. Eng. IJITEE"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","article-title":"A deep learning approach for intrusion detection using recurrent neural networks","volume":"5","author":"Yin","year":"2017","journal-title":"IEEE Access"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"22351","DOI":"10.1109\/ACCESS.2021.3056614","article-title":"Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset","volume":"9","author":"Maseer","year":"2021","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Sarhan, M., Layeghy, S., and Portmann, M. (2022). Evaluating standard feature sets towards increased generalisability and explainability of ML-based network intrusion detection. Big Data Res., 30.","DOI":"10.1016\/j.bdr.2022.100359"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Fatema, K., Dey, S.K., Bari, R., and Mazumder, R. (2024, January 22\u201323). A Novel Two-Stage Classification Architecture Integrating Machine Learning and Artificial Immune System for Intrusion Detection on Balanced Dataset. Proceedings of the International Conference on Information and Communication Technology for Intelligent Systems, Las Vegas, NV, USA.","DOI":"10.1007\/978-981-97-5799-2_16"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Nguyen, S.N., Nguyen, V.Q., Choi, J., and Kim, K. (2018, January 2\u20134). Design and implementation of intrusion detection system using convolutional neural network for DoS detection. Proceedings of the 2nd International Conference on Machine Learning and Soft Computing, Phu Quoc Island, Vietnam.","DOI":"10.1145\/3184066.3184089"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"de Carvalho Bertoli, G., Junior, L.A.P., Saotome, O., and dos Santos, A.L. (2023). Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. Comput. Secur., 127.","DOI":"10.1016\/j.cose.2023.103106"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Toldinas, J., Ven\u010dkauskas, A., Dama\u0161evi\u010dius, R., Grigali\u016bnas, \u0160., Morkevi\u010dius, N., and Baranauskas, E. (2021). A novel approach for network intrusion detection using multistage deep learning image recognition. Electronics, 10.","DOI":"10.3390\/electronics10151854"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Markovic, T., Leon, M., Buffoni, D., and Punnekkat, S. (2022, January 17\u201320). Random forest based on federated learning for intrusion detection. Proceedings of the IFIP International Conference on Artificial Intelligence Applications and Innovations, Hersonissos, Greece.","DOI":"10.1007\/978-3-031-08333-4_11"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"509","DOI":"10.3390\/ai4030028","article-title":"Federated learning for IoT intrusion detection","volume":"4","author":"Lazzarini","year":"2023","journal-title":"AI"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3695998","article-title":"Toward Enhancing Privacy Preservation of a Federated Learning CNN Intrusion Detection System in IoT: Method and Empirical Study","volume":"34","author":"Torre","year":"2025","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Almadhor, A., Altalbe, A., Bouazzi, I., Hejaili, A.A., and Kryvinska, N. (2024). Strengthening network DDOS attack detection in heterogeneous IoT environment with federated XAI learning approach. Sci. Rep., 14.","DOI":"10.1038\/s41598-024-76016-6"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Alsaleh, S., Menai, M.E.B., and Al-Ahmadi, S. (2025). A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM. Sensors, 25.","DOI":"10.3390\/s25041039"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Bensaid, R., Labraoui, N., Ari, A.A.A., Saidi, H., Emati, J.H.M., and Maglaras, L. (2024). SA-FLIDS: Secure and authenticated federated learning-based intelligent network intrusion detection system for smart healthcare. PeerJ Comput. Sci., 10.","DOI":"10.7717\/peerj-cs.2414"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Sun, S., Sharma, P., Nwodo, K., Stavrou, A., and Wang, H. (2024, January 23\u201325). FedMADE: Robust Federated Learning for Intrusion Detection in IoT Networks Using a Dynamic Aggregation Method. Proceedings of the International Conference on Information Security, Arlington, VA, USA.","DOI":"10.1007\/978-3-031-75764-8_15"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Al-Imran, M., and Ripon, S.H. (2021). Network intrusion detection: An analytical assessment using deep learning and state-of-the-art machine learning models. Int. J. Comput. Intell. Syst., 14.","DOI":"10.1007\/s44196-021-00047-4"},{"key":"ref_30","first-page":"565","article-title":"FastTrafficAnalyzer: An efficient method for intrusion detection systems to analyze network traffic","volume":"12","author":"Arslan","year":"2021","journal-title":"Dicle \u00dcniversitesi M\u00fchendislik Fak\u00fcltesi M\u00fchendislik Dergisi"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Tonni, Z.A., and Mazumder, R. (2023, January 22\u201324). A Novel Feature Selection Technique for Intrusion Detection System Using RF-RFE and Bio-inspired Optimization. Proceedings of the 2023 57th Annual Conference on Information Sciences and Systems (CISS), Baltimore, MD, USA.","DOI":"10.1109\/CISS56502.2023.10089745"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Haque, N.I., Khalil, A.A., Rahman, M.A., Amini, M.H., and Ahamed, S.I. (2021, January 5\u201310). Biocad: Bio-inspired optimization for classification and anomaly detection in digital healthcare systems. Proceedings of the 2021 IEEE International Conference on Digital Health (ICDH), Chicago, IL, USA.","DOI":"10.1109\/ICDH52753.2021.00017"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Aldhaheri, S., Alghazzawi, D., Cheng, L., Alzahrani, B., and Al-Barakati, A. (2020). DeepDCA: Novel network-based detection of IoT attacks using artificial immune system. Appl. Sci., 10.","DOI":"10.3390\/app10061909"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"158","DOI":"10.3390\/network3010008","article-title":"A federated learning-based approach for improving intrusion detection in industrial internet of things networks","volume":"3","author":"Rashid","year":"2023","journal-title":"Network"},{"key":"ref_35","first-page":"2503","article-title":"Intrusion detection for maritime transportation systems with batch federated aggregation","volume":"24","author":"Liu","year":"2022","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Yaras, S., and Dener, M. (2024). IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm. Electronics, 13.","DOI":"10.3390\/electronics13061053"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Becerra-Suarez, F.L., Tuesta-Monteza, V.A., Mejia-Cabrera, H.I., and Arcila-Diaz, J. (2024). Performance Evaluation of Deep Learning Models for Classifying Cybersecurity Attacks in IoT Networks. Proc. Inform., 11.","DOI":"10.3390\/informatics11020032"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Khan, M.M., and Alkhathami, M. (2024). Anomaly detection in IoT-based healthcare: Machine learning for enhanced security. Sci. Rep., 14.","DOI":"10.1038\/s41598-024-56126-x"},{"key":"ref_39","first-page":"261","article-title":"Predictive Analysis of Misuse of Alcohol and Drugs using Machine Learning Algorithms: The Case of using an Imbalanced Dataset from South Africa","volume":"17","author":"Boateng","year":"2023","journal-title":"Appl. Math."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1016\/j.ijmedinf.2018.01.007","article-title":"Federated learning of predictive models from federated electronic health records","volume":"112","author":"Brisimi","year":"2018","journal-title":"Int. J. Med. Inform."},{"key":"ref_41","first-page":"7131","article-title":"Secure Federated Learning for Autonomous Driving","volume":"69","author":"Liu","year":"2020","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_42","unstructured":"Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., and Chandra, V. (2018). Federated learning with non-iid data. arXiv."},{"key":"ref_43","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., and y Arcas, B.A. (2017, January 20\u201322). Communication-efficient learning of deep networks from decentralized data. Proceedings of the Artificial Intelligence and Statistics, Fort Lauderdale, FL, USA."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Adamova, A., Zhukabayeva, T., Mukanova, Z., and Oralbekova, Z. (2025). Enhancing internet of things security against structured query language injection and brute force attacks through federated learning. Int. J. Electr. Comput. Eng., 15.","DOI":"10.11591\/ijece.v15i1.pp1187-1199"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Saadouni, R., Gherbi, C., Aliouat, Z., Harbi, Y., Khacha, A., and Mabed, H. (2025). Securing smart agriculture networks using bio-inspired feature selection and transfer learning for effective image-based intrusion detection. Internet Things, 29.","DOI":"10.1016\/j.iot.2024.101422"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1016\/j.aej.2024.10.014","article-title":"Intrusion detection using synaptic intelligent convolutional neural networks for dynamic Internet of Things environments","volume":"111","author":"Chen","year":"2025","journal-title":"Alex. Eng. J."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"4201","DOI":"10.1109\/ACCESS.2024.3525074","article-title":"An Adaptive Intrusion Detection System for Evolving IoT Threats: An Autoencoder-FNN Fusion","volume":"12","author":"Shirley","year":"2025","journal-title":"IEEE Access"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Ji, R., Selwal, A., Kumar, N., and Padha, D. (2025). Cascading Bagging and Boosting Ensemble Methods for Intrusion Detection in Cyber-Physical Systems. Secur. Priv., 8.","DOI":"10.1002\/spy2.497"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"105887","DOI":"10.1109\/ACCESS.2024.3435920","article-title":"FBMP-IDS: FL-based blockchain-powered lightweight MPC-secured IDS for 6G networks","volume":"12","author":"Sakraoui","year":"2024","journal-title":"IEEE Access"},{"key":"ref_50","first-page":"1","article-title":"Enhancing network security in industrial IoT environments: A DeepCLG hybrid learning model for cyberattack detection","volume":"16","author":"Gulzar","year":"2025","journal-title":"Int. J. Mach. Learn. Cybern."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Wang, J., Yang, K., and Li, M. (2024). NIDS-FGPA: A federated learning network intrusion detection algorithm based on secure aggregation of gradient similarity models. PLoS ONE, 19.","DOI":"10.1371\/journal.pone.0308639"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/234\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:40:47Z","timestamp":1760031647000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/234"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,26]]},"references-count":51,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2025,6]]}},"alternative-id":["fi17060234"],"URL":"https:\/\/doi.org\/10.3390\/fi17060234","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,26]]}}}