Detecting persistent threats, whether APTs or nonAPTs, is a constant challenge in the field of cybersecurity due to the multiplicity of attacks, their stealthy nature, and their multi-stage targeting of information systems over extended periods. The rigor of intrusion detection system selection is measured by its ability to detect these threats in their early stages and by the fundamental characteristics of network traffic. However, due to the large number of characteristics, some may be unrelated or of limited importance in determining the severity of malicious activity. Accordingly, selecting and defining relevant and influential characteristics for intrusion detection has become a necessity, especially in resource-constrained environments. In this paper, a set of machine learning algorithms (XGBoost, Random Forest, Support Vector Machine, Hybrid Decision Tree) was adopted in conjunction with artificial intelligence pre-interpretation (XAI) techniques to develop an intrusion detection model in a resource-constrained environment. The datasets CICAPT-IIoT, CICIoT2023, IoT-23 were used after preprocessing. XAI techniques were employed in two phases: first, during preprocessing to identify key features of the selected datasets, and second, during post-processing for interpretation. A real-world application based on the proposed model was developed to validate its accuracy and applicability in intrusion detection. Extensive testing demonstrated the superiority of the (XGBoost) algorithm with its accuracy (the CICIoT2023 dataset, achieving an F1-score of 0.9925, precision of 0.9933, recall of 0.9920, and an almost perfect ROC-AUC of 0.9999. the CICAPT-IIoT dataset scoring 99.16%, 0.9810 F1 score. And on the IoT-23 dataset accuracy 99.69% and achieved balanced precision, recall and F1-score of 0.9969). The study was distinguished by its reduction of complexity and improved performance of the proposed model.
Copyrights © 2026