Shap and Lime Analysis on CNN-GRU Deep Learning Models for IoT Network Intrusion Detection
DOI:
https://doi.org/10.35314/5r93tw26Keywords:
SHAP, LIME, CNN-GRU, Intrusion Detection System, Bot-IoT, IoTID20Abstract
As digital devices evolve quickly and cyberattacks grow more diverse, the Internet of Things (IoT) ecosystem faces a much higher security risk than before. An AI-based security system is commonly used for post-attack mitigation. However, this approach has several issues, such as a high computational load, data imbalance, and a black box that does not explain the attack patterns. This study addresses a research gap by implementing a hybrid CNN-GRU architecture. With XAI, this architecture remains lightweight and robust while mapping out malicious attack patterns quite clearly. The technique breaks down these security incidents by providing both global and local explanations. This study uses two IoT datasets, BoT-IoT with 72 million records and IoTID20 with 625,783 records. The SMOTE post-split technique was performed on 80% of the total data to address data imbalance and avoid data leakage. To validate the results, stratified holdout is used to evaluate the training results. This research has very satisfying results with 99% accuracy and a 99% F1-score so that it can minimize errors in both datasets. The contributions made by this research are (1) adapting a stable model for anomaly classification, (2) handling data imbalance and avoiding data leakage, and (3) integrating SHAP and LIME to overcome black boxes.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Innovation and Technology Polbeng Series on Informatics (INOVTEK Polbeng - Seri Informatika)

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.





