Experimental Evaluation of Attention-Based Explainable AI Models for Detecting Zero-Day Threats in (IoT) Systems
DOI:
https://doi.org/10.31185/wjcms.491Keywords:
Attention-based explainable AI, Zero-day threats, IoT intrusion detection, Robustness and adversarial perturbations, Edge deploymentAbstract
The paper proposes to evaluate attention-based explainable artificial intelligence (XAI) models for their potential to detect zero-day attacks on Internet of Things (IoT) networks. The evaluation will be done by comparing the performance of attention-based XAI models with other baseline models and post-hoc XAI models, considering their trustworthiness as well as their performance. We use a suite of publicly accessible and proprietary IoT intrusion datasets that vary in terms of the underlying protocol, devices, and intrusion types used in the attack scenarios. The study compares attention-based deep models, including sequence- and graph-oriented models, against non-attention-based neural and tree models as baselines. Evaluation criteria are detection performance, faithfulness and stability of the explanations, robustness to domain shift, noise, and adversarial attacks, as well as computational efficiency relevant to edge computing scenarios. In all scenarios, attention-based models achieve superior zero-day detection rates and overall F1-scores compared to the non-attention models, while maintaining competitive latency and resource utilization for edge devices. Explainability of the attention-derived explanations has been shown to be more faithful and stable compared to the post-hoc XAI methods, and they also have better graceful degradation characteristics when faced with domain shifts and adversarial attacks. Attention-based Explainable Intrusion Detection System (IDS) models have promising characteristics of high accuracy, robustness, and interpretability for zero-day threat detection in IoT environments.
Downloads
References
REFERENCES
[1] Aamerkhan Golandaz, & Sharma, U. (2024). IoT under siege: The dark side of Internet connected devices. International Journal for Multidisciplinary Research (IJFMR), 6(3), 1–6. https://doi.org/10.36948/ijfmr.2024.v06i03.22797
[2] Bensaoud, A., & Kalita, J. (2025). Optimized detection of cyber-attacks on IoT networks via hybrid deep learning models. Ad Hoc Networks, 170, 103770. https://doi.org/10.1016/j.adhoc.2025.103770
[3] Ibrahim Hairab, B., Aslan, H. K., Elsayed, M. S., Jurcut, A. D., & Azer, M. A. (2023). Anomaly detection of zero-day attacks based on CNN and regularization techniques. Electronics, 12(3), 573. https://doi.org/10.3390/electronics12030573
[4] Hashim, K. A., Yussof, Y. B. M., & Shahbudin, S. B. (2025). Mitigating zero-day vulnerabilities in IIoT systems: Challenges and advances in AI-powered intrusion detection systems. Mesopotamian Journal of Cybersecurity, 5(3), 1184–1198. https://doi.org/10.58496/MJCS/2025/63
[5] Krishnan, D., Singh, S., & Sugumaran, V. (2025). Explainable AI for zero-day attack detection in IoT networks using attention fusion model. Discover Internet of Things, 5, 83. https://doi.org/10.1007/s43926-025-00184-8
[6] Jain, S., & Wallace, B. C. (2019). Attention is not explanation. In J. Burstein, C. Doran, & T. Solorio (Eds.), Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers) (pp. 3543–3556). Association for Computational Linguistics. https://doi.org/10.18653/v1/N19-1357
[7] Pruthi, D., Gupta, M., Dhingra, B., Neubig, G., & Lipton, Z. C. (2020). Learning to deceive with attention-based explanations. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics (pp. 4782–4793). Association for Computational Linguistics. https://doi.org/10.18653/v1/2020.acl-main.432
[8] Villafranca, A., Thant, K. M., Tasić, I., & Cano, M.-D. (2025). AI-enabled IoT intrusion detection: Unified conceptual framework and research roadmap. Machine Learning & Knowledge Extraction, 7, 115. https://doi.org/10.3390/make7040115
[9] Hase, P., Xie, H., & Bansal, M. (2021). The out-of-distribution problem in explainability and search methods for feature importance explanations. Neural Information Processing Systems. https://doi.org/10.48550/arXiv.2106.00786
[10] Verma, P., Bhorot, N., Breslin, J. G., O’Shea, D., Vidyarthi, A., & Gupta, D. (2024). Zero-day Guardian: A dual model enabled federated learning framework for handling zero-day attacks in 5G enabled IIoT. IEEE Transactions on Consumer Electronics, 70(1), 3856-3865.
[11] Rana, M. Z., & Naser, I. S. (2024). Hybrid classifier for detecting zero-day attacks on IoT networks. Mesopotamian Journal of Cybersecurity, 4(3), 59–74. https://doi.org/10.58496/MJCS/2024/016
[12] Imam, N. M., Ibrahim, A., & Tiwari, M. (2024). Explainable artificial intelligence (XAI) techniques to enhance transparency in deep learning models. IOSR Journal of Computer Engineering, 26(6, Ser. 1), 29–36. https://doi.org/10.9790/0661-2606012936
[13] Saied, M., & Guirguis, S. (2023). Explainable artificial intelligence for botnet detection in Internet of Things. Scientific Reports, 13, Article 15763. https://doi.org/10.1038/s41598-023-50624-6
[14] Lamba, A., Singh, S., & Singh, B. (2016). Mitigating zero-day attacks in IoT using a strategic framework. International Journal for Technological Research in Engineering, 4(1), 5711–5714.
[15] Makkar, G., Jayaraman, M., & Sharma, S. (2019). Network intrusion detection in an enterprise: Unsupervised analytical methodology. In V. E. Balas et al. (Eds.), Data management, analytics and innovation (Advances in intelligent systems and computing, Vol. 808, pp. 451–454). Springer. https://doi.org/10.1007/978-981-13-1402-5_34
[16] Roopak, M., Parkinson, S., Tian, G. Y., Ran, Y., Khan, S., & Chandrasekaran, B. (2024). An unsupervised approach for the detection of zero-day distributed denial of service attacks in Internet of Things networks. IET Networks, 13(4), 513–527. https://doi.org/10.1049/ntw2.12163
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Zainab Raheem Oleiwi Algraiti, Ahmad Ahmad-Kassem

This work is licensed under a Creative Commons Attribution 4.0 International License.



