Consensus hybrid ensemble machine learning for intrusion detection with explainable AI

Intrusion detection systems (IDSs) are dynamic to cybersecurity because they protect computer networks from malicious activity. IDS can benefit from machine learning; however, individual models may be unable to handle sophisticated and dynamic threats. Current cutting-edge research frequently concentrates on single machine-learning models for intrusion detection. They do not emphasize the necessity for more flexible and effective alternatives. The current computer network identification design techniques often need to improve efficiency and interpretability. Techniques that allow different models to operate together and adjust to dynamic network settings are required. This research addresses this gap, suggesting an innovative ensemble learning strategy, the ”Consensus Hybrid Ensemble Model” (CHEM)”, for intrusion detection. We combined different types of models, such as linear, nonlinear, and ensemble methods, neural networks, and probabilistic models, by using a metaclassifier approach. In this setup, a hybrid model of random forest (RF) and decision tree (DT) acts as the metaclassifier in a voting classifier, which uses consensus voting to align predictions from the various base classifiers. This method enhances the decision-making by considering each base classifier's confidence and agreement. Local and global explanation models, such as the Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) approaches, contributed to the primary predictions of the models’ transparency. We used different datasets for testing, such as Kdd99, NSL-KDD, CIC-IDS2017, BoTNeTIoT, and Edge-IIoTset. The proposed ”CHEM” model shows impressive performance across several attack scenarios, including novel and zero-day attacks, and proves its ability to identify and adapt to changing cyber threats. Several ablation experiments were conducted on available datasets to train, test, evaluate, and compare the proposed ”CHEM” model with the most sophisticated and state-of-the-art models. This research combines machine learning algorithms to create a precise IDS that adapts to ever-changing cyber threats.