Interpretable Cyber Threat Detection for Enterprise Industrial Networks: A Computational Design Science Approach

Abstract

Enterprise industrial networks face threats that risk data and operations. However, designing efficient threat detection systems is challenging due to data scarcity, especially where privacy is a concern. The complexity of enterprise industrial network data adds to this challenge, causing high false positives and interpretation issues. Towards this, we use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS that are both secure and capable of adapting to evolving technological and business environments. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection. We also use shapley additive explanations and a decision tree technique for enhancing interpretability. Our analysis on two public datasets shows the framework’s high precision in threat detection and offers practical cybersecurity solutions and methodological advancements.