Experimental Evaluation of Attention-Based Explainable AI Models for Detecting Zero-Day Threats in (IoT) Systems

Authors

  • Zainab Raheem Oleiwi Algraiti University of Karbala, Karbala, 56001, Iraq
  • Ahmad Ahmad-Kassem

DOI:

https://doi.org/10.31185/wjcms.491

Keywords:

Attention-based explainable AI, Zero-day threats, IoT intrusion detection, Robustness and adversarial perturbations, Edge deployment

Abstract

The paper proposes to evaluate attention-based explainable artificial intelligence (XAI) models for their potential to detect zero-day attacks on Internet of Things (IoT) networks. The evaluation will be done by comparing the performance of attention-based XAI models with other baseline models and post-hoc XAI models, considering their trustworthiness as well as their performance. We use a suite of publicly accessible and proprietary IoT intrusion datasets that vary in terms of the underlying protocol, devices, and intrusion types used in the attack scenarios. The study compares attention-based deep models, including sequence- and graph-oriented models, against non-attention-based neural and tree models as baselines. Evaluation criteria are detection performance, faithfulness and stability of the explanations, robustness to domain shift, noise, and adversarial attacks, as well as computational efficiency relevant to edge computing scenarios. In all scenarios, attention-based models achieve superior zero-day detection rates and overall F1-scores compared to the non-attention models, while maintaining competitive latency and resource utilization for edge devices. Explainability of the attention-derived explanations has been shown to be more faithful and stable compared to the post-hoc XAI methods, and they also have better graceful degradation characteristics when faced with domain shifts and adversarial attacks. Attention-based Explainable Intrusion Detection System (IDS) models have promising characteristics of high accuracy, robustness, and interpretability for zero-day threat detection in IoT environments.

Downloads

Download data is not yet available.

References

REFERENCES

[1] Aamerkhan Golandaz, & Sharma, U. (2024). IoT under siege: The dark side of Internet connected devices. International Journal for Multidisciplinary Research (IJFMR), 6(3), 1–6. https://doi.org/10.36948/ijfmr.2024.v06i03.22797

[2] Bensaoud, A., & Kalita, J. (2025). Optimized detection of cyber-attacks on IoT networks via hybrid deep learning models. Ad Hoc Networks, 170, 103770. https://doi.org/10.1016/j.adhoc.2025.103770

[3] Ibrahim Hairab, B., Aslan, H. K., Elsayed, M. S., Jurcut, A. D., & Azer, M. A. (2023). Anomaly detection of zero-day attacks based on CNN and regularization techniques. Electronics, 12(3), 573. https://doi.org/10.3390/electronics12030573

[4] Hashim, K. A., Yussof, Y. B. M., & Shahbudin, S. B. (2025). Mitigating zero-day vulnerabilities in IIoT systems: Challenges and advances in AI-powered intrusion detection systems. Mesopotamian Journal of Cybersecurity, 5(3), 1184–1198. https://doi.org/10.58496/MJCS/2025/63

[5] Krishnan, D., Singh, S., & Sugumaran, V. (2025). Explainable AI for zero-day attack detection in IoT networks using attention fusion model. Discover Internet of Things, 5, 83. https://doi.org/10.1007/s43926-025-00184-8

[6] Jain, S., & Wallace, B. C. (2019). Attention is not explanation. In J. Burstein, C. Doran, & T. Solorio (Eds.), Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers) (pp. 3543–3556). Association for Computational Linguistics. https://doi.org/10.18653/v1/N19-1357

[7] Pruthi, D., Gupta, M., Dhingra, B., Neubig, G., & Lipton, Z. C. (2020). Learning to deceive with attention-based explanations. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics (pp. 4782–4793). Association for Computational Linguistics. https://doi.org/10.18653/v1/2020.acl-main.432

[8] Villafranca, A., Thant, K. M., Tasić, I., & Cano, M.-D. (2025). AI-enabled IoT intrusion detection: Unified conceptual framework and research roadmap. Machine Learning & Knowledge Extraction, 7, 115. https://doi.org/10.3390/make7040115

[9] Hase, P., Xie, H., & Bansal, M. (2021). The out-of-distribution problem in explainability and search methods for feature importance explanations. Neural Information Processing Systems. https://doi.org/10.48550/arXiv.2106.00786

[10] Verma, P., Bhorot, N., Breslin, J. G., O’Shea, D., Vidyarthi, A., & Gupta, D. (2024). Zero-day Guardian: A dual model enabled federated learning framework for handling zero-day attacks in 5G enabled IIoT. IEEE Transactions on Consumer Electronics, 70(1), 3856-3865.

[11] Rana, M. Z., & Naser, I. S. (2024). Hybrid classifier for detecting zero-day attacks on IoT networks. Mesopotamian Journal of Cybersecurity, 4(3), 59–74. https://doi.org/10.58496/MJCS/2024/016

[12] Imam, N. M., Ibrahim, A., & Tiwari, M. (2024). Explainable artificial intelligence (XAI) techniques to enhance transparency in deep learning models. IOSR Journal of Computer Engineering, 26(6, Ser. 1), 29–36. https://doi.org/10.9790/0661-2606012936

[13] Saied, M., & Guirguis, S. (2023). Explainable artificial intelligence for botnet detection in Internet of Things. Scientific Reports, 13, Article 15763. https://doi.org/10.1038/s41598-023-50624-6

[14] Lamba, A., Singh, S., & Singh, B. (2016). Mitigating zero-day attacks in IoT using a strategic framework. International Journal for Technological Research in Engineering, 4(1), 5711–5714.

[15] Makkar, G., Jayaraman, M., & Sharma, S. (2019). Network intrusion detection in an enterprise: Unsupervised analytical methodology. In V. E. Balas et al. (Eds.), Data management, analytics and innovation (Advances in intelligent systems and computing, Vol. 808, pp. 451–454). Springer. https://doi.org/10.1007/978-981-13-1402-5_34

[16] Roopak, M., Parkinson, S., Tian, G. Y., Ran, Y., Khan, S., & Chandrasekaran, B. (2024). An unsupervised approach for the detection of zero-day distributed denial of service attacks in Internet of Things networks. IET Networks, 13(4), 513–527. https://doi.org/10.1049/ntw2.12163

Downloads

Published

2026-06-30

Issue

Section

Computer

How to Cite

[1]
Z. R. O. Algraiti and A. Ahmad-Kassem, “Experimental Evaluation of Attention-Based Explainable AI Models for Detecting Zero-Day Threats in (IoT) Systems”, WJCMS, vol. 5, no. 2, pp. 1–16, Jun. 2026, doi: 10.31185/wjcms.491.