CHAIN: Journal of Computer Technology, Computer Engineering and Informatics
Vol. 4 No. 3 (2026): Volume 4 Number 3 July 2026 (ONLINE FIRST)

Explainable Machine Learning for Network Intrusion Detection Using SHAP-Based Feature Interpretation

Eka Wahyu Sholeha (Politeknik Negeri Tanah Laut)
Dery Yuswanto Jaya (Politeknik Negeri Tanah Laut)
Qorry Aina Fitroh (Universitas Islam Negeri K.H. Abdurrahman Wahid Pekalongan)



Article Info

Publish Date
01 Jul 2026

Abstract

Network Intrusion Detection Systems (NIDS) play a crucial role in protecting computer networks from increasingly sophisticated cyberattacks. Although machine learning techniques have demonstrated high detection performance, many models operate as black-box systems, making it difficult for security analysts to understand the reasoning behind prediction outcomes. This study proposes an explainable machine learning framework for network intrusion detection using the Random Forest algorithm and SHAP (SHapley Additive exPlanations)-based feature interpretation. The CICIDS2017 Friday-WorkingHours-Afternoon-DDos dataset was utilized to evaluate the effectiveness of the proposed approach. Data preprocessing included data cleaning, handling missing values, label encoding, and dataset partitioning. The Random Forest classifier was trained and evaluated using Accuracy, Precision, Recall, and F1-Score metrics. Experimental results demonstrated excellent classification performance, achieving an accuracy of 99.9889%, precision of 99.9922%, recall of 99.9883%, and F1-score of 99.9902%. Furthermore, SHAP analysis was employed to improve model interpretability by identifying the contribution of individual features to intrusion detection decisions. The results revealed that Fwd Packet Length Max, Destination Port, Avg Fwd Segment Size, and Fwd Packet Length Mean were among the most influential features affecting classification outcomes. The integration of Random Forest and SHAP not only achieved highly accurate intrusion detection but also enhanced transparency and trustworthiness by providing meaningful explanations for model predictions. Therefore, the proposed framework offers an effective and interpretable solution for network intrusion detection in modern cybersecurity environments.

Copyrights © 2026






Journal Info

Abbrev

chain

Publisher

Subject

Computer Science & IT Control & Systems Engineering Electrical & Electronics Engineering Engineering

Description

CHAIN: Journal of Computer Technology, Computer Engineering and Informatics is a peer-review journal focusing on Computer Technology, Computer Engineering and Informatics. CHAIN invites academics and researchers who do original research in computer technology, computer engineering and informatics. ...