Explainable AI for Zero-Day Attack Detection in IoT Networks Using Attention Fusion Model

The proposed research addresses the challenge of detecting malicious network traffic in IoT environments, focusing on enhancing detection accuracy while ensuring interpretability. The proposed attention fusion classification model utilizes both long-term and short-term attention mechanisms to capture temporal patterns and protocol-specific features, which improves the differentiation between benign and malicious traffic. Empirical results indicate strong performance, with precision-recall scores of 0.9999 for both the DDoS TCP and DDoS UDP classes, and a perfect score of 1.0000 for the Normal class. The model also demonstrates solid performance for the DDoS HTTP (0.9791), Password (0.9418), and SQL Injection (0.9461) classes. Furthermore, it excels at identifying complex behaviors in upload-based attacks and network vulnerabilities, achieving precision-recall scores of 0.9333 for the Uploading class and 0.9963 for the Vulnerability Scanner class. The binary classification accuracy is 99.9966%, and the multiclass accuracy for Zero-day attacks is 71.0926%. The results suggest that the model offers significant potential for improving IoT security. This study introduces the novel use of attention mechanisms for interpretability, enhancing the detection of a broad range of attack types, and contributes to advancing intrusion detection system capabilities. Future research can focus on expanding datasets, refining interpretability techniques, and addressing adversarial vulnerabilities for further model enhancement.