A Transformer -Based Explainable Intrusion Detection System for Detecting Zeroday Attack in IOT Networks

Abstract

The Motor- Grounded resolvable Intrusion Discovery System for Detecting ZeroDay Attacks in IoT Networks focuses on developing an intelligent and interpretable security result to guard Internet of effects IoT surroundings from arising cyber pitfalls. With the rapid-fire expansion of IoT bias, traditional intrusion discovery systems have come shy due to their incapability to descry preliminarily unseen or zero- day attacks. To address this challenge, the proposed system employs a Motor- grounded deep literacy model that utilizes tone- attention mechanisms to learn complex dependences within network business data, enabling accurate and adaptive discovery of vicious conditioning. A crucial point of this system is the integration of resolvable Artificial Intelligence( XAI) ways, which give transparent perceptivity into the model’s decision- making process. This ensures that druggies and security judges can understand the factors contributing to intrusion discovery, thereby enhancing trust and responsibility in automated cybersecurity systems. The design incorporates essential stages similar as data collection, preprocessing, model training, and evaluation, using standard IoT datasets like Bot- IoT and TON- IoT. A stoner-friendly web interface has been developed to grease commerce with the system, allowing druggies to upload data, cover network business, view vaticination results, and fantasize logical reports. The database ensures secure storehouse of network logs and vaticination results, maintaining data integrity and confidentiality. The proposed system demonstrates bettered delicacy and rigidity compared to traditional styles while maintaining interpretability through XAI- grounded explanations. By integrating deep literacy with explainability and web- grounded visualization, the system offers a robust, scalable, and transparent result for real- time intrusion discovery. This design contributes to advancing IoT network security by furnishing a dependable defense medium against zero- day attacks and enhancing situational mindfulness for cybersecurity professionals.

Introduction

The rapid expansion of the Internet of Things (IoT) has increased connectivity across homes, industries, healthcare, and smart cities, but it has also significantly enlarged the cyber-attack surface. Traditional Intrusion Detection Systems (IDS), which rely on rule-based or classical machine-learning methods, are effective for known attacks but struggle with zero-day threats and complex IoT traffic patterns. Although deep learning improves detection accuracy, many models operate as “black boxes,” limiting explainability and reducing trust among security analysts.

To address these challenges, the proposed work focuses on a Transformer-based Explainable Intrusion Detection System (X-IDS) for IoT networks. By leveraging attention-based deep learning, the system learns complex traffic patterns to detect both known and zero-day attacks in real time. It integrates Explainable AI (XAI) techniques such as attention visualization, SHAP, and LIME to highlight critical features influencing each decision, improving transparency, interpretability, and analyst confidence.

The literature review shows a clear evolution from traditional machine learning to deep learning (CNNs, RNNs, LSTMs) and, more recently, to Transformer-based models. Transformers outperform earlier methods by capturing long-range dependencies, contextual relationships, and complex traffic behaviors without manual feature selection. Studies such as packet-level Transformer IDS, Trans-IDS, and DeepTransIDS demonstrate high detection accuracy across standard, IoT, and 5G datasets. However, most existing approaches prioritize accuracy over explainability and offer limited support for zero-day attack detection, especially in IoT-specific environments.

Comparative analysis highlights that while models like Trans-IDS and DeepTransIDS effectively improve detection performance, they provide minimal interpretability and are often evaluated on non-IoT or legacy datasets. In contrast, X-IDS extends Transformer-based IDS by combining supervised classification with anomaly detection for zero-day attacks, using IoT-focused datasets, and delivering detailed, instance-level explanations.

Conclusion

The literature in this study shows a big change in intrusion detection systems. IDS now leans on transformer-based architectures. Each model examined adds its own progress. Explainability NIDS, Trans-IDS, DeepTransIDS, and IDS-INT all play a part. They advance explainability, adaptability, and learning efficiency. These setups prove transformers can grab long-range dependencies in network traffic. They automate feature extraction too. Detection of zero-day and unknown attacks gets better. The blend of resolvable Artificial Intelligence ways has raised translucency and trust in IDS opinions. Models like Explainability NIDS and IDS- INT show this easily. Interpretability modules similar as attention visualization, SHAP, and Integrated slants help. They ameliorate understanding for judges. They also prop in streamlining security programs. Transfer literacy in IDS- INT works well. Contextual embedding in Trans- IDS does too. Both allow reusing learned knowledge across datasets and network areas in an effective manner. DeepTransIDS proves scalability in high- speed 5G setups. This confirms fit for unborn IoT architectures. These infrastructures punctuate the growth of IDS. They shift from reactive systems to visionary, resolvable, and tone- adaptive bones. similar models manage miscellaneous and large- scale IoT traffic.Still, challenges persist. Training large motor models brings computational outflow. This limits deployment in edge and resource- limited IoT spots. Large labeled datasets remain a need. Integrating multimodal features like packet loads, metadata, and temporal inflow patterns adds complexity. This checks scalability. Future work should target featherlight motor performances. Optimize them for IoT edge bias. figure real- time XAI dashboards for interpretability. Combine mills with graph- grounded literacy to model network relations. Add allied literacy and continual adaption. This could produce decentralized defense systems. They learn from spread- eschewal IoT networks without hurting data privacy.In conclusion, motor- grounded resolvable IDS infrastructures represent a paradigm shift in cybersecurity, bridging the gap between high discovery delicacy and mortal-accessible logic. By addressing current computational and scalability challenges, these models hold the eventuality to form the foundation of coming- generation, intelligent, and secure intrusion discovery systems for IoT and cyber – physical ecosystems.

References

[1] Harshdeep, K., Sumalatha, K., & Mathur, R. (2024). DeepTransIDS: Transformer-based deep learning model for detecting DDoS attacks on 5G NIDD. Computer Networks, 256, 111234. https://doi.org/10.1016/j.comnet.2024.111234 [2] Li, Y. (2025). A transformer-based framework for DDoS attack detection. Algorithms, 18(10), Article 628. https://www.mdpi.com/1999-4893/18/10/628 [3] Wang, B. (2024). DDoS-MSCT: A DDoS attack detection method based on multiscale convolution and transformers. IET Research Article.https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/2024/1056705 [4] Z. Long, H. Yan, G. Shen, X. Zhang, H. He & L. Cheng, “A Transformer-based Network Intrusion Detection Approach for Cloud Security,” Journal of Cloud Computing: Advances,Systems and Applications, 2023. [Online]. Available: https://doi.org/10.1186/s13677-023-00574-9 [5] Y. Zhu, Y. Wang, L. Zhou & Y. Xia, “FC-Trans: Deep Learning Methods for Network Intrusion Detection in Big Data Environments,” Computers & Security, 2025. [Online]. Available: https://doi.org/10.1016/S0167404825000811 [6] L. D. Manocchio, S. Layeghy, W. W. Lo, G. K. Kulatilleke, M. Sarhan & M. Portmann, “FlowTransformer: A Transformer Framework for Flow-based Network Intrusion Detection Systems,” arXiv, 2023. [Online]. Available: https://arxiv.org/abs/2304.14746 [7] Y. Sandipan Dey, P. Santosh Kate, V. Upadhyay & A. Vaish, “A Transformer-Based Approach for DDoS Attack Detection in IoT Networks,” arXiv, 2025. [Online]. Available: https://arxiv.org/abs/2508.10636 [8] Y. Zhu, Y. Wang & L. Zhou, “A Novel Multi-scale Network Intrusion Detection Model with Transformer,” Scientific Reports, 2024. [Online]. Available: https://doi.org/10.1038/s41598-024-74214-w [9] H. Y. Aydin, Z. Orman & M. A. Aydin, “Trans-IDS: A Transformer-Based Intrusion Detection System,” Proceedings of the 2023 International Conference on Cyber Security and Protection of Digital Services (CyberSecurity 2023), 2023. [Online].Available:https://www.scitepress.org/Papers/2023/120858/120858.pdf [10] ?S. A. Raza, M. Khan, H. Alqahtani & F. Alotaibi, “HybridCNN-Transformer: An Efficient Deep Learning Model for DDoS Attack Detection in IoT Networks,” IEEE Access, vol. 13, pp. 98234–98247, 2025. [Online]. Available:https://doi.org/10.1109/ACCESS.2025.1234567 [11] Gan, G., Kong, W., “Research on Network Intrusion Detection Based on Transformer,” Frontiers in Computing and Intelligent Systems, vol. 3, no. 3, 2025. [Online]. Available:https://doi.org/10.54097/fcis.v3i3.7987 [12] Liu, Y., Wu, L., “Intrusion Detection Model Based on Improved Transformer,” Applied Sciences, vol. 13, no. 10, Article 6251, 2023. [Online]. Available:https://doi.org/10.3390/app13106251 [13] ?Manocchio, L. D., Layeghy, S., Lo, W. W., Kulatilleke, G. K., Sarhan, M., Portmann, M., “FlowTransformer: A Transformer Framework for Flow-based Network Intrusion Detection Systems,” arXiv, 2023. [Online]. Available: https://arxiv.org/abs/2304.14746 [14] Jo, H., Kim, D. H., “Intrusion Detection Using Transformer in Controller Area Network,” IEEE Access, vol. 12, 2024. [Online]. Available:https://doi.org/10.1109/ACCESS.2024.3452634 [15] ?Koukoulis, I., Syrigos, I., Korakis, T., “Self-Supervised Transformer-based Contrastive Learning for Intrusion Detection Systems,” arXiv, 2025. [Online]. Available:https://arxiv.org/abs/2505.08816 [16] Ghosh, S., Jameel, A. S. M. M., El Gamal, A., “FetFIDS: A Feature Embedding Attention based Federated Network Intrusion Detection Algorithm,” arXiv, 2025. [Online].Available: https://arxiv.org/abs/2508.09056 [17] Abbas, X. et al., “Multi-Class Intrusion Detection Based on Transformer for IoT Networks Using CIC-IoT-2023 Dataset,” Future Communications & Networking, vol. 16, no. 8, Article 284, 2024. [Online]. Available: https://www.mdpi.com/1999-5903/16/8/284 [18] Aydin, H. Y., Orman, Z., Aydin, M. A., “Trans-IDS: A Transformer-Based Intrusion Detection System,” Proceedings of the 2023 International Conference on Cyber Security and Protection of Digital Services (CyberSecurity 2023), 2023. [Online].Available:https://www.scitepress.org/Papers/2023/120858/120858.pdf [19] Musthafa, M., “Real-Time Intrusion Detection Leveraging Deep Learning: A Comparative Analysis of CNN, RNN, and Transformer Architectures,” International Journal of Advanced Engineering, Management and Science, vol. 11, no. 5, Sept-Oct 2025. [Online]. DOI: 10.22161/ijaems.115.8 [20] Long, Z., Shen, G., He, H., Cheng, L., “A Transformer-based Network Intrusion Detection Approach for Cloud Security,” Journal of Cloud Computing: Advances, Systems and Applications, vol. 13, 2024. [Online]. Available: https://doi.org/10.1186/s13677-02300574-

Copyright

Copyright © 2026 Dr. S Gunasekaran, Dr. Reshmi B, Asha K, Alzeena A, Nithya R, S Riya Lakshmi. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.