Ensemble Learning-Based Hybrid Explainable Intrusion Detection System With SMOTE for Enhanced Detection and Interpretability in Cybersecurity

Abstract

With cyberattacks becoming increasingly sophisticated, there is a growing need for Intrusion Detection Systems (IDS) that are both accurate and interpretable. This study introduces a hybrid IDS framework that integrates Random Forest (RF) and Light Gradient Boosting Machine (LGBM) classifiers with the Synthetic Minority Over-sampling Technique (SMOTE) to address class imbalance. To enhance transparency and trust, the system also incorporates Explainable Artificial Intelligence (XAI) methods, including SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations), which clarify the reasoning behind model predictions. The proposed approach is evaluated on the UNSW-NB15 dataset, achieving a test accuracy of 96.50% and an AUC of 0.9999, demonstrating strong performance in detecting both frequent and rare attack types. The inclusion of SMOTE improves the identification of minority-class attacks, while SHAP and LIME provide interpretable insights that help security analysts understand and trust the system’s decisions. Compared with existing state-of-the-art models, the hybrid framework shows superior precision, recall, and AUC, making it a viable solution for real-world cybersecurity scenarios. Overall, this work highlights the effectiveness of combining ensemble learning, SMOTE, and XAI techniques to achieve high detection accuracy alongside actionable interpretability in modern IDS systems.