The effectiveness of Intrusion Detection Systems (IDS) is critical in an era where cyber threats are becoming increasingly complex. Machine learning (ML) and deep learning (DL) models provide an efficient and accurate solution for identifying attacks and anomalies in computer networks. However, using ML and DL models in IDS has led to a trust deficit due to their non-transparent decision-making. This transparency gap in IDS research is significant, affecting confidence and accountability. To address, this paper introduces a novel Explainable IDS approach, called X-CBA, that leverages the structural advantages of Graph Neural Networks (GNNs) to effectively process network traffic data, while also adapting a new Explainable AI (XAI) methodology. Unlike most GNN-based IDS that depend on labeled network traffic and node features, thereby overlooking critical packet-level information, our approach leverages a broader range of traffic data through network flows, including edge attributes, to improve detection capabilities and adapt to novel threats. Through empirical testing, we establish that our approach not only achieves high accuracy with 99.47% in threat detection but also advances the field by providing clear, actionable explanations of its analytical outcomes. This research also aims to bridge the current gap and facilitate the broader integration of ML/DL technologies in cybersecurity defenses by offering a local and global explainability solution that is both precise and interpretable.

翻译：入侵检测系统（IDS）在网络安全威胁日益复杂的时代中，其有效性至关重要。机器学习和深度学习模型为识别计算机网络中的攻击与异常提供了高效且精准的解决方案。然而，将机器学习与深度学习模型应用于IDS时，因其决策过程不透明而引发了信任缺失问题。这种透明度不足在IDS研究中尤为显著，严重影响了系统的可靠性与可问责性。为此，本文提出一种名为X-CBA的新型可解释入侵检测方法。该方法既利用图神经网络的架构优势有效处理网络流量数据，又创新性地适配了一种可解释人工智能方法。与多数依赖标记网络流量与节点特征、从而忽视关键数据包级信息的基于图神经网络的方法不同，本方法通过包含边属性在内的网络流数据，拓展了流量数据的利用范围，从而提升威胁检测能力并适应新型威胁。实证测试表明，本方法不仅实现了99.47%的高精度威胁检测，更通过提供清晰、可操作的决策分析依据，推动了该领域发展。本研究旨在提供兼具精确性与可解释性的局部及全局可解释方案，弥合当前研究空白，促进机器学习/深度学习技术在网络安全防御中的广泛整合。