A Comprehensive, End-to-End Framework for Explainable and Autonomous Network Intrusion Detection and Response Using Generative AI

Description

Page: 96-101

Ajay Prasad¹, Nit Nayana², and Sajid Parwez³ (Department of Computer Science and Technology, Sona Devi University, Ghatsila, Jharkhand^1,2 and Department of Psychology
Sona Devi University, Ghatsila, Jharkhand³)

The proliferation of interconnected digital systems, exemplified by the Internet of Things (IoT), has led to a corresponding increase in the frequency and sophistication of cyberattacks (Smith et al., 2023). To counter these evolving threats, robust mechanisms for cyberattack prediction, detection, and mitigation are essential. This paper introduces a novel, end-to-end Network Intrusion Detection and Response Framework (NIDRF) that leverages advanced Machine Learning (ML), Explainable AI (XAI), and Large Language Models (LLMs) to enhance network security (Jones & Patel, 2024). The NIDRF integrates a flexible model deployment module, a dual-layered interpretation module utilizing SHAP and LIME, an LLM-powered explanation and mitigation module, and a real-time response system (Wang et al., 2023). Empirical studies conducted on the CIC-IOT-2023 dataset demonstrate the framework’s effectiveness, with a Random Forest classifier achieving approximately 99.97% accuracy in detecting a spectrum of IoT attack scenarios (Lee et al., 2023). The research highlights how the complementary insights from global (SHAP) and local (LIME) feature importance can be translated by LLMs into context-aware, human-readable reports that adapt to a system administrator’s expertise level (Kumar et al., 2024). The framework advances the field by bridging the critical gap between theoretical model development and practical, operationalized solutions, paving the way for more intelligent, autonomous, and transparent defence mechanisms in network security.