{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T05:18:28Z","timestamp":1781673508868,"version":"3.54.5"},"reference-count":44,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:00:00Z","timestamp":1740096000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union under Horizon Europe program","award":["101059903"],"award-info":[{"award-number":["101059903"]}]},{"name":"European Union under Horizon Europe program","award":["10-042-P-0001"],"award-info":[{"award-number":["10-042-P-0001"]}]},{"name":"European Union funds for the period 2021\u20132027","award":["101059903"],"award-info":[{"award-number":["101059903"]}]},{"name":"European Union funds for the period 2021\u20132027","award":["10-042-P-0001"],"award-info":[{"award-number":["10-042-P-0001"]}]},{"name":"state budget of the Republic of Lithuania financial agreement","award":["101059903"],"award-info":[{"award-number":["101059903"]}]},{"name":"state budget of the Republic of Lithuania financial agreement","award":["10-042-P-0001"],"award-info":[{"award-number":["10-042-P-0001"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["MAKE"],"abstract":"<jats:p>The growing sophistication of cyber threats necessitates robust and interpretable intrusion detection systems (IDS) to safeguard network security. While machine learning models such as Decision Tree (DT), Random Forest (RF), k-Nearest Neighbors (K-NN), and XGBoost demonstrate high effectiveness in detecting malicious activities, their interpretability decreases as their complexity and accuracy increase, posing challenges for critical cybersecurity applications. Local Interpretable Model-agnostic Explanations (LIME) is widely used to address this limitation; however, its reliance on normal distribution for perturbations often fails to capture the non-linear and imbalanced characteristics of datasets like CIC-IDS-2018. To address these challenges, we propose a modified LIME perturbation strategy using Weibull, Gamma, Beta, and Pareto distributions to better capture the characteristics of network traffic data. Our methodology improves the stability of different ML models trained on CIC-IDS datasets, enabling more meaningful and reliable explanations of model predictions. The proposed modifications allow for an increase in explanation fidelity by up to 78% compared to the default Gaussian approach. Pareto-based perturbations provide the best results. Among all distributions tested, Pareto consistently yielded the highest explanation fidelity and stability, particularly for K-NN (R2 = 0.9971, S = 0.9907) and DT (R2 = 0.9267, S = 0.9797). This indicates that heavy-tailed distributions fit well with real-world network traffic patterns, reducing the variance in attribute importance explanations and making them more robust.<\/jats:p>","DOI":"10.3390\/make7010021","type":"journal-article","created":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T09:26:32Z","timestamp":1740129992000},"page":"21","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Comparative Analysis of Perturbation Techniques in LIME for Intrusion Detection Enhancement"],"prefix":"10.3390","volume":"7","author":[{"given":"Mantas","family":"Bacevicius","sequence":"first","affiliation":[{"name":"Faculty of Informatics, Kaunas University of Technology, Studentu 50, 51368 Kaunas, Lithuania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8787-3343","authenticated-orcid":false,"given":"Agne","family":"Paulauskaite-Taraseviciene","sequence":"additional","affiliation":[{"name":"Faculty of Informatics, Kaunas University of Technology, Studentu 50, 51368 Kaunas, Lithuania"},{"name":"Centre of Excellence for Sustainable Living and Working (SustAInLivWork), K. Donelaicio 73, 44249 Kaunas, Lithuania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0043-6988","authenticated-orcid":false,"given":"Gintare","family":"Zokaityte","sequence":"additional","affiliation":[{"name":"Faculty of Informatics, Kaunas University of Technology, Studentu 50, 51368 Kaunas, Lithuania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1361-7590","authenticated-orcid":false,"given":"Lukas","family":"Kersys","sequence":"additional","affiliation":[{"name":"Faculty of Informatics, Kaunas University of Technology, Studentu 50, 51368 Kaunas, Lithuania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Agne","family":"Moleikaityte","sequence":"additional","affiliation":[{"name":"Faculty of Informatics, Kaunas University of Technology, Studentu 50, 51368 Kaunas, Lithuania"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2025,2,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: A systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"100661","DOI":"10.1016\/j.cosrev.2024.100661","article-title":"A comprehensive review of vulnerabilities and AI-enabled defense against DDoS attacks for securing cloud services","volume":"53","author":"Kumar","year":"2024","journal-title":"Comput. Sci. Rev."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"103028","DOI":"10.1016\/j.cose.2022.103028","article-title":"SCADA vulnerabilities and attacks: A review of the state-of-the-art and open issues","volume":"125","author":"Alanazi","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Meersman, R., Tari, Z., and Schmidt, D.C. (2003, January 3\u20137). KNN Model-Based Approach in Classification. Proceedings of the on the Move to Meaningful Internet Systems 2003: CoopIS, DOA, and ODBASE, Catania, Italy.","DOI":"10.1007\/b94348"},{"key":"ref_5","first-page":"240217","article-title":"A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network","volume":"2014","author":"Li","year":"2014","journal-title":"J. Electr. Comput. Eng."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"240","DOI":"10.1016\/j.future.2022.01.026","article-title":"Imbalanced data classification: A KNN and generative adversarial networks-based hybrid approach for intrusion detection","volume":"131","author":"Ding","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_7","unstructured":"Thombre, A. (2024). Comparison of decision trees with Local Interpretable Model-Agnostic Explanations (LIME) technique and multi-linear regression for explaining support vector regression model in terms of root mean square error (RMSE) values. arXiv."},{"key":"ref_8","first-page":"246","article-title":"Decision tree classifier: A detailed survey","volume":"12","author":"Priyanka","year":"2020","journal-title":"Int. J. Inf. Decis. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Panda, M., and Mahanta, S.R. (2023). Explainable artificial intelligence for Healthcare applications using Random Forest Classifier with LIME and SHAP. arXiv.","DOI":"10.1201\/9781003442509-6"},{"key":"ref_10","first-page":"19019","article-title":"Interpretation of Drop Size Predictions from a Random Forest Model Using Local Interpretable Model-Agnostic Explanations (LIME) in a Rotating Disc Contactor","volume":"62","author":"Prabhu","year":"2023","journal-title":"Ind. Eng. Chem. Res."},{"key":"ref_11","unstructured":"Bhattacharyya, S., Hassanien, A.E., Gupta, D., Khanna, A., and Pan, I. (2018, January 5\u20136). A Brief Survey on Random Forest Ensembles in Classification Model. Proceedings of the International Conference on Innovative Computing and Communications, Delhi, India."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"012038","DOI":"10.1088\/1757-899X\/1013\/1\/012038","article-title":"Comparative analysis of Machine Learning algorithms for Intrusion Detection","volume":"1013","author":"Pai","year":"2021","journal-title":"IOP Conf. Ser. Mater. Sci. Eng."},{"key":"ref_13","unstructured":"Ribeiro, M.T., Singh, S., and Guestrin, C. (2016). Model-Agnostic Interpretability of Machine Learning. arXiv."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Le, T.-T.-H., Oktian, Y.E., and Kim, H. (2022). XGBoost for Imbalanced Multiclass Classification-Based Industrial Internet of Things Intrusion Detection Systems. Sustainability, 14.","DOI":"10.3390\/su14148707"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"112392","DOI":"10.1109\/ACCESS.2022.3216617","article-title":"Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities","volume":"10","author":"Neupane","year":"2022","journal-title":"IEEE Access"},{"key":"ref_16","first-page":"1527","article-title":"Anchors: High-Precision Model-Agnostic Explanations","volume":"32","author":"Ribeiro","year":"2018","journal-title":"Proc. AAAI Conf. Artif. Intell."},{"key":"ref_17","unstructured":"Lundberg, S., and Lee, S.-I. (2017). A Unified Approach to Interpreting Model Predictions. arXiv."},{"key":"ref_18","unstructured":"Molnar, C. (2018). Interpretable Machine Learning, Leanpub. [2nd ed.]. Available online: https:\/\/leanpub.next\/interpretable-machine-learning."},{"key":"ref_19","first-page":"1","article-title":"Statistical Comparisons of Classifiers over Multiple Data Sets","volume":"7","year":"2006","journal-title":"J. Mach. Learn. Res."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A.A. (2018, January 22\u201324). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), Funchal, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_21","unstructured":"Ali, A., Schnake, T., Eberle, O., Montavon, G., M\u00fcller, K.-R., and Wolf, L. (2022). XAI for Transformers: Better Explanations through Conservative Propagation. arXiv."},{"key":"ref_22","unstructured":"Wilking, R., Jakobs, M., and Morik, K. (2022, January 19). Fooling Perturbation-Based Explainability Methods. Presented at the Workshop on Trustworthy Artificial Intelligence as a Part of the ECML\/PKDD 22 Program, IRT SystemX [IRT SystemX], Grenoble, France. Available online: https:\/\/zendy.io\/title\/PROCART-668565028."},{"key":"ref_23","unstructured":"Zhao, H., Chen, H., Yang, F., Liu, N., Deng, H., Cai, H., Wang, S., Yin, D., and Du, M. (2023). Explainability for Large Language Models: A Survey. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1016\/j.patrec.2021.06.030","article-title":"Perturbation-based methods for explaining deep neural networks: A survey","volume":"150","author":"Ivanovs","year":"2021","journal-title":"Pattern Recognit. Lett."},{"key":"ref_25","unstructured":"Agarwal, S., Jabbari, S., Agarwal, C., Upadhyay, S., Wu, Z.S., and Lakkaraju, H. (2021). Towards the Unification and Robustness of Perturbation and Gradient Based Explanations. arXiv."},{"key":"ref_26","unstructured":"Zhou, J., and Chen, F. (2024). Perturbation-Based Explanations of Prediction Models. Human and Machine Learning, Springer."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"012025","DOI":"10.1088\/1742-6596\/2171\/1\/012025","article-title":"UniformLIME: A Uniformly Perturbed Local Interpretable Model-Agnostic Explanations Approach for Aerodynamics","volume":"2171","author":"Jiang","year":"2022","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Zhou, Z., Hooker, G., and Wang, F. (2021, January 14\u201318). S-LIME: Stabilized-LIME for Model Explanation. Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, Singapore.","DOI":"10.1145\/3447548.3467274"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Bora, R.P., Terhorst, P., Veldhuis, R., Ramachandra, R., and Raja, K. (2024, January 16\u201322). SLICE: Stabilized LIME for Consistent Explanations for Image Classification. Proceedings of the 2024 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, USA.","DOI":"10.1109\/CVPR52733.2024.01045"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Meng, H., Wagner, C., and Triguero, I. (2023, January 13\u201317). An Initial Step Towards Stable Explanations for Multivariate Time Series Classifiers with LIME. Proceedings of the 2023 IEEE International Conference on Fuzzy Systems (FUZZ), Incheon, Republic of Korea.","DOI":"10.1109\/FUZZ52849.2023.10309814"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"127969","DOI":"10.1016\/j.neucom.2024.127969","article-title":"US-LIME: Increasing fidelity in LIME using uncertainty sampling on tabular data","volume":"597","author":"Saadatfar","year":"2024","journal-title":"Neurocomputing"},{"key":"ref_32","unstructured":"(2024, November 25). Error Prevalence in NIDS Datasets: A Case Study on CIC-IDS-2017 and CSE-CIC-IDS-2018. IEEE Conference Publication. IEEE Xplore. Available online: https:\/\/ieeexplore.ieee.org\/abstract\/document\/9947235."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"76","DOI":"10.32996\/jcsts.2024.6.1.9","article-title":"Securing Against Advanced Cyber Threats: A Comprehensive Guide to Phishing, XSS, and SQL Injection Defense","volume":"6","author":"Nair","year":"2024","journal-title":"J. Comput. Sci. Technol. Stud."},{"key":"ref_34","unstructured":"Han, J., Pei, J., and Tong, H. (2022). Data Mining: Concepts and Techniques, Morgan Kaufmann."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"555","DOI":"10.1007\/s12243-021-00904-5","article-title":"A statistical analysis of intrinsic bias of network security datasets for training machine learning mechanisms","volume":"77","author":"Silva","year":"2022","journal-title":"Ann. Telecommun."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"100809","DOI":"10.1016\/j.animal.2023.100809","article-title":"Comparison of linear and non-linear decision boundaries to detect feedlot bloat using intensive data collection systems on Angus \u00d7 Hereford steers","volume":"17","author":"Hurtado","year":"2023","journal-title":"Animal"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Zeng, M., Liao, Y., Li, R., and Sudjianto, A. (2022). Local Linear Approximation Algorithm for Neural Network. Mathematics, 10.","DOI":"10.3390\/math10030494"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Dankar, F.K., and Ibrahim, M. (2021). Fake It Till You Make It: Guidelines for Effective Synthetic Data Generation. Appl. Sci., 11.","DOI":"10.3390\/app11052158"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"106389","DOI":"10.1016\/j.knosys.2020.106389","article-title":"HeTROPY: Explainable learning diagnostics via heterogeneous maximum-entropy and multi-spatial knowledge representation","volume":"207","author":"Huo","year":"2020","journal-title":"Knowl. Based Syst."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"103041","DOI":"10.1016\/j.scs.2021.103041","article-title":"IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities","volume":"72","author":"Ashraf","year":"2021","journal-title":"Sustain. Cities Soc."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/ACCESS.2018.2878276","article-title":"Machine Learning Approach-Based Gamma Distribution for Brain Tumor Detection and Data Sample Imbalance Analysis","volume":"7","author":"Manogaran","year":"2018","journal-title":"IEEE Access"},{"key":"ref_42","unstructured":"(2024, December 09). Pareto-Optimal Machine Learning Models for Security of IoT Applications. IEEE Conference Publication. IEEE Xplore. Available online: https:\/\/ieeexplore.ieee.org\/abstract\/document\/10577739."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1115\/1.4010337","article-title":"A Statistical Distribution Function of Wide Applicability","volume":"18","author":"Weibull","year":"1951","journal-title":"J. Appl. Mech."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"2741","DOI":"10.1080\/03772063.2023.2192426","article-title":"Weibull Distributive Feature Scaling Multivariate Censored Extreme Learning Classification for Malicious IoT Network Traffic Detection","volume":"70","author":"Sudhakar","year":"2024","journal-title":"IETE J. Res."}],"container-title":["Machine Learning and Knowledge Extraction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-4990\/7\/1\/21\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:39:54Z","timestamp":1760027994000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-4990\/7\/1\/21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,21]]},"references-count":44,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,3]]}},"alternative-id":["make7010021"],"URL":"https:\/\/doi.org\/10.3390\/make7010021","relation":{},"ISSN":["2504-4990"],"issn-type":[{"value":"2504-4990","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,21]]}}}