Leveraging Explainability of AI-Based Intrusion Detection Systems in a Federated Environment

The increasing complexity of cyber threats has necessitated the adoption of Intrusion Detection Systems (IDSs) which often rely on Artificial Intelligence (AI) models to detect malicious activities in network traffic. In distributed environments, interconnected private sub-networks pose additional challenges, as threats can spread while evading local detection. However, the use of AI models in these systems raises issues related to transparency, privacy, and data security. In this context, this study proposes a decentralized IDS based on Federated Learning (FL) and Explainable Artificial Intelligence (XAI) techniques. The network traffic classification model is based on a Multi-Layer Perceptron (MLP) neural network, while the SHapley Additive exPlanations (SHAP) method is employed to provide interpretable explanations of the system decisions. Fed-SHAP, based on the federated fuzzy c-means clustering, is used to generate a global SHAP background dataset to be adopted for generating consistent and reliable explanations. The system is evaluated on realistic scenarios with non-Independent and Identically Distributed (IID) network data. Experimental results demonstrate that the proposed federated approach maintains comparable accuracy with respect to centralized models while ensuring data protection and explanation consistency in federated environments.