Explainable AI-Driven Threat Detection and Response for Industrial IoT

Khandan, Shokooh, Beyazgul, Deniz, Jogunola, Olamide ORCID: https://orcid.org/0000-0002-2701-9524, Tsado, Yakubu and Dargahi, Tooska ORCID: https://orcid.org/0000-0002-0908-6483 (2025) Explainable AI-Driven Threat Detection and Response for Industrial IoT. In: 2025 IEEE Conference on Communications and Network Security (CNS). Presented at 10th IEEE International Workshop on Cyber-Physical Systems Security (CPS-Sec 2025), 8 - 11 September 2025, Avignon, France.

Preview

Accepted Version
Available under License Creative Commons Attribution.
Download (1MB) | Preview

Official URL: https://doi.org/10.1109/cns66487.2025.11195011

Abstract

The growing complexity and volume of cyber attacks to Cyber-Physical Systems (CPS) and Industrial Internet of Things (IIoT) have outpaced traditional detection methods, requiring more intelligent and explainable security solutions. While Artificial Intelligence (AI)-based anomaly detection solutions have been proposed in the literature, they either focus on a single type of attack, or their decisions are restricted based on a single dataset, or they lack transparency. To address these challenges, this paper presents an explainable attack detection framework for IIoT, combining advanced machine learning (ML) models and AI-driven interpretability. The framework employs midlevel and late data fusion techniques on two IIoT datasets, using Autoencoders (AE) and Manifold Alignment (MA) techniques to generate a unified feature space. A Random Forest (RF) classifier is trained on the fused dataset to detect four attack types, achieving a 97% accuracy. The model’s decision-making is made transparent through Explainable AI (XAI) tools, providing both global and local interpretability. Furthermore, a Large Language Model (LLM)-powered AI assistant is developed to provide automated, context-aware mitigation strategies based on MITRE D3FEND framework. This integrated approach enhances the detection, interpretability, and response to threats in IIoT environments, promoting greater trust and operational resilience.

Item Type:	Conference or Workshop Item (Paper)
Published Proceedings:	2025 IEEE Conference on Communications and Network Security (CNS)
Peer-reviewed:	No
Date Deposited:	27 Nov 2025 11:38
Publisher:	Institute of Electrical and Electronics Engineers (IEEE)
Additional Information:	This is an author accepted manuscript of an article published in 2025 IEEE Conference on Communications and Network Security (CNS) proceedings. This version is deposited with a Creative Commons Attribution 4.0 licence [https://creativecommons.org/licenses/by/4.0/]. The version of record can be found on the publisher's website.
Divisions:	Organisation > Science and Engineering Organisation > Science and Engineering > Department of Computing and Maths
URI:	https://e-space.mmu.ac.uk/id/eprint/641446
DOI:	https://doi.org/10.1109/cns66487.2025.11195011
e-ISSN	2994-5895

Impact and Reach

Statistics

DownloadsShow export options

Activity Overview

6 month trend

7Downloads

6 month trend

10Hits

Additional statistics for this dataset are available via IRStats2.

Altmetric

Repository staff only

Edit record