Cyber-Physical Systems (CPS) connect computational processes with physical operations and are increasingly used in industrial control, energy management, healthcare, and transportation. This connectivity improves automation and monitoring, but it also creates security risks because attacks on CPS may affect both digital assets and physical processes. Existing intrusion detection approaches based on machine learning and deep learning have shown promising performance, yet many of them provide limited explanation for their decisions. This limitation reduces trust, especially in critical infrastructure environments where security decisions must be understandable. This study proposes a Hybrid Explainable Intrusion Detection System (HX-IDS) that combines Random Forest, Long Short-Term Memory (LSTM), SHAP, and LIME. Random Forest is applied to identify important features, while LSTM learns temporal attack behavior from CPS traffic. SHAP and LIME are used to explain model predictions at global and local levels. The proposed framework is evaluated using benchmark CPS-related datasets. The results show that HX-IDS improves detection performance, reduces false alarms, and provides clearer explanations for security analysts. This study contributes to the development of more transparent and trustworthy AI-based intrusion detection for CPS security.
Copyrights © 2026