{"id":"https://openalex.org/W7116919162","doi":"https://doi.org/10.1145/3727967.3756837","title":"An Explainable AI-based Network Intrusion Detection System for Botnet Attacks","display_name":"An Explainable AI-based Network Intrusion Detection System for Botnet Attacks","publication_year":2025,"publication_date":"2025-06-17","ids":{"openalex":"https://openalex.org/W7116919162","doi":"https://doi.org/10.1145/3727967.3756837"},"language":null,"primary_location":{"id":"doi:10.1145/3727967.3756837","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756837","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756837?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756837?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049727257","display_name":"Dorieh M. Alomari","orcid":"https://orcid.org/0000-0002-9031-9917"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Dorieh Alomari","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-9031-9917","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121040376","display_name":"Maryam Ahmed Alabdullatif","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Maryam Ahmed Alabdullatif","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia and Imam Abdulrahman bin Faisal University, Dammam, Saudi Arabia"],"raw_orcid":"https://orcid.org/0009-0004-3479-2058","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia and Imam Abdulrahman bin Faisal University, Dammam, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"last","author":{"id":null,"display_name":"Fakhri Alam Khan","orcid":"https://orcid.org/0000-0002-9130-1874"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Fakhri Alam Khan","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia and Interdisciplinary Research Center of Intelligent Secure Systems (IRC-ISS), King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-9130-1874","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia and Interdisciplinary Research Center of Intelligent Secure Systems (IRC-ISS), King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5049727257"],"corresponding_institution_ids":["https://openalex.org/I134085113"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.63020472,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"169","last_page":"175"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8123999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8123999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.0729999989271164,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11652","display_name":"Imbalanced Data Classification Techniques","score":0.013199999928474426,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7182999849319458},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.576200008392334},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5685999989509583},{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.5350000262260437},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.4884999990463257},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.48429998755455017},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4242999851703644},{"id":"https://openalex.org/keywords/hyperparameter","display_name":"Hyperparameter","score":0.41679999232292175}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7190999984741211},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7182999849319458},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.576200008392334},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5685999989509583},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.5350000262260437},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5090000033378601},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5011000037193298},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.4884999990463257},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.48429998755455017},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4334999918937683},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4242999851703644},{"id":"https://openalex.org/C8642999","wikidata":"https://www.wikidata.org/wiki/Q4171168","display_name":"Hyperparameter","level":2,"score":0.41679999232292175},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.39980000257492065},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.3799999952316284},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3400000035762787},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.31299999356269836},{"id":"https://openalex.org/C164085508","wikidata":"https://www.wikidata.org/wiki/Q4811327","display_name":"Matthews correlation coefficient","level":3,"score":0.3025999963283539},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.2924000024795532},{"id":"https://openalex.org/C197323446","wikidata":"https://www.wikidata.org/wiki/Q331222","display_name":"Oversampling","level":3,"score":0.26660001277923584},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.25290000438690186}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3727967.3756837","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756837","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756837?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3727967.3756837","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756837","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756837?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320322323","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7116919162.pdf","grobid_xml":"https://content.openalex.org/works/W7116919162.grobid-xml"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W2077488147","https://openalex.org/W3007358546","https://openalex.org/W3185153723","https://openalex.org/W3187104866","https://openalex.org/W3197159805","https://openalex.org/W3198463309","https://openalex.org/W3216826992","https://openalex.org/W4206177813","https://openalex.org/W4283209458","https://openalex.org/W4293192745","https://openalex.org/W4295308257","https://openalex.org/W4296982334","https://openalex.org/W4323338485","https://openalex.org/W4380568689","https://openalex.org/W4392005601","https://openalex.org/W4405790844"],"related_works":[],"abstract_inverted_index":{"In":[0],"the":[1,25,54,77,130,150,159,174,177],"field":[2],"of":[3,14,56,76,84,91,132,165,176],"network":[4],"security,":[5],"botnet":[6,49,92],"attacks":[7,23,93],"pose":[8],"a":[9,74,82,119],"significant":[10],"challenge,":[11],"exploiting":[12],"networks":[13],"infected":[15],"devices":[16],"to":[17,45],"launch":[18],"sophisticated":[19],"threats.":[20],"As":[21],"these":[22],"evolve,":[24],"need":[26],"for":[27,63,101,123,211],"effective":[28],"detection":[29],"methods":[30],"becomes":[31],"increasingly":[32],"critical.":[33],"This":[34],"study":[35],"proposes":[36],"an":[37],"explainable":[38],"Machine":[39],"Learning":[40],"(ML)":[41],"model":[42,161],"that":[43],"aims":[44],"identify":[46],"and":[47,51,87,114,140,155,168,192,198,204],"categorize":[48],"attacks,":[50],"it":[52],"investigates":[53],"efficiency":[55],"different":[57,89],"Explainable":[58],"Artificial":[59],"Intelligence":[60],"(XAI)":[61],"techniques":[62,99,206],"Intrusion":[64],"Detection":[65],"Systems":[66],"(IDS).":[67],"To":[68,172],"train":[69],"our":[70],"models,":[71],"we":[72,182],"employed":[73],"subset":[75],"NCC-2":[78],"dataset,":[79],"which":[80],"includes":[81],"mix":[83],"normal":[85],"traffic":[86],"seven":[88],"types":[90],"across":[94],"three":[95,184],"sensors.":[96],"The":[97,143,202],"ML":[98],"selected":[100],"this":[102],"research":[103],"are":[104],"Random":[105,141],"Forest":[106],"(RF),":[107],"Extra":[108],"Trees":[109],"(ET),":[110],"Decision":[111],"Tree":[112],"(DT),":[113],"K-Nearest":[115],"Neighbors":[116],"(KNN),":[117],"with":[118,158],"GridSearch":[120],"cross-validation":[121],"approach":[122],"optimal":[124],"hyperparameter":[125],"tuning.":[126],"We":[127],"also":[128],"explored":[129],"effects":[131],"class":[133],"balance":[134],"through":[135],"Synthetic":[136],"Minority":[137],"Oversampling":[138],"(SMOTE)":[139],"Undersampling.":[142],"models\u2019":[144],"performance":[145],"was":[146],"rigorously":[147],"tested":[148],"using":[149],"Matthews":[151],"Correlation":[152],"Coefficient":[153],"(MCC)":[154],"Macro":[156],"F1-score,":[157,170],"ET":[160,178],"demonstrating":[162],"superior":[163],"results":[164],"99%":[166],"MCC":[167],"97%":[169],"respectively.":[171],"enhance":[173],"interpretability":[175],"model\u2019s":[179],"decision-making":[180],"process,":[181],"integrated":[183],"XAI":[185],"techniques:":[186],"SHapley":[187],"Additive":[188],"exPlanations":[189],"(SHAP),":[190],"Dalex,":[191],"Local":[193],"Interpretable":[194],"Model-agnostic":[195],"Explanations":[196],"(LIME),":[197],"evaluated":[199],"their":[200],"efficiency.":[201],"LIME":[203],"Dalex":[205],"showed":[207],"efficient":[208],"construction":[209],"times":[210],"IDS.":[212]},"counts_by_year":[],"updated_date":"2026-03-08T06:56:09.383167","created_date":"2025-12-23T00:00:00"}