Intrusion Detection using Anomaly Detection and Isolation Forest Method for Implementation and SHAP for Interpretability.

The rapid proliferation of Internet of Things (IoT) devices has increased the risk of cyber intrusions, necessitating robust and intelligent Intrusion Detection Systems (IDS). Traditional IDS methods struggle with the dynamic nature of IoT networks and the growing sophistication of cyberattacks. In this study, we propose a novel framework for anomaly detection in IDS using the Isolation Forest (IF) method on the RT-IoT2022 dataset. The framework leverages unsupervised learning to identify anomalous network behavior and potential cyber threats in real-time. To enhance interpretability, we integrate SHapley Additive Explanations (SHAP) to provide explainable AI insights into the model’s decision-making process. The SHAP technique helps in understanding the contribution of individual features towards anomaly detection, thereby improving transparency and trust in the IDS. Our evaluation metrics, including precision, recall, F1-score, and confusion matrix analysis, demonstrate the efficiency of the proposed model in detecting malicious activities. The experimental results validate the effectiveness of our approach in identifying anomalies while ensuring model interpretability, making it a promising solution for securing IoT networks against evolving cyber threats.