Introduction

Cyber-Physical Systems (CPS) integrate computational intelligence with physical processes and communication networks to support critical infrastructures such as smart grids, industrial control systems, healthcare platforms, and intelligent transportation systems. The global CPS market has experienced rapid growth and is projected to expand at an annual rate of 9.7%, reaching approximately $9.6 billion by 20261. Increased interconnectivity and automation have significantly improved operational efficiency and real-time decision-making within CPS environments. However, this growing reliance on networked components has also expanded the attack surface, exposing CPS to a wide range of cyber threats that can compromise system availability, integrity, and safety2. High-profile incidents have demonstrated that successful attacks on CPS can lead to severe physical, economic, and societal consequences, highlighting the need for effective and adaptive security mechanisms.

Intrusion Detection Systems (IDS) have emerged as a fundamental component of CPS security architectures, enabling continuous monitoring of network traffic and early detection of malicious activities3. IDS solutions are commonly classified on the basis of deployment as host-based or network-based and on the basis of detection strategies such as signature-based or anomaly-based systems. Signature-based IDSs are effective at detecting known attack patterns but struggle to identify novel or evolving threats4. In contrast, anomaly-based IDS can detect previously unseen attacks by modeling normal system behavior, making them particularly suitable for dynamic CPS environments. However, anomaly-based approaches often suffer from high false positive rates and limited interpretability, which can hinder their practical adoption5.

Recent advances in machine learning and deep learning have significantly enhanced the detection capabilities of IDS by enabling automated feature learning and improved classification performance. Techniques such as Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), and Long Short-Term Memory (LSTM) networks have been widely applied to capture spatial and temporal patterns in network traffic. Despite these advances, deep learning-based IDSs faces several persistent challenges when deployed in CPS contexts6. CPS traffic is typically highly imbalanced, with normal traffic and certain attack classes dominating the dataset, whereas critical attack instances occur infrequently. This imbalance often biases learning models toward majority classes, resulting in poor detection of rare but impactful attacks. In practical CPS environments, the challenge is not the absence of data overall, but rather the scarcity of labeled samples for rare and evolving attack types, which motivates the adoption of few-shot learning paradigms at the class level6.

In addition to class imbalance, many deep learning-based IDS operate as black-box models, offering limited insight into how detection decisions are made. The lack of explainability reduces trust and limits the usability of such systems for security analysts and system operators who require transparent and justifiable alerts. Furthermore, conventional supervised learning approaches depend heavily on large volumes of labeled data, which are often unavailable for emerging or zero-day attacks in CPS environments. These limitations collectively highlight the need for intrusion detection frameworks that are not only accurate but also adaptive, robust to data imbalance, and interpretable.

Despite significant progress in intrusion detection research, existing IDS solutions for CPS continue to face persistent limitations. Many approaches struggle to handle severe class imbalance effectively, exhibit limited adaptability to novel or low-frequency attack patterns, and operate as opaque models with insufficient explainability. Although hybrid and learning-based IDS techniques attempt to address some of these issues, they often improve detection performance at the expense of transparency or fail to maintain low false positive rates under realistic CPS traffic conditions7. These unresolved challenges motivate the need for a unified IDS framework that integrates imbalance-aware learning, adaptive detection, and explainable decision-making, thereby improving overall detection performance.

To address these challenges, this study proposed HeXAI-AttentionCPS, a hybrid Explainable Artificial Intelligence-based intrusion detection framework for CPS networks. The proposed approach integrates an attention-enhanced few-shot LSTM model to capture temporal dependencies effectively and adapt to minority attack instances. Focal loss was employed to mitigate class imbalance by emphasizing hard-to-classify minority instances, whereas Principal Component Analysis (PCA) was used to reduce feature dimensionality and improve learning efficiency. To ensure transparency and trustworthiness, SHapley Additive exPlanations (SHAP) was incorporated to provide both global and local interpretations of model decisions.

The proposed framework was evaluated on the benchmark ToN_IoT2020 dataset, which reflects realistic CPS and IoT network traffic scenarios. The experimental results demonstrate that HeXAI-AttentionCPS consistently outperforms existing state-of-the-art IDS techniques in terms of accuracy, precision, recall, and F1-score, while maintaining a low false positive rate. These results highlight the effectiveness of the proposed framework as a robust, adaptive, and interpretable intrusion detection solution suitable for real-world CPS environments. The main contributions of this study are summarized as follows:

  1. 1.

    We proposed HeXAI-AttentionCPS, a unified intrusion detection framework that systematically integrates attention-enhanced few-shot learning, focal loss, and dimensionality reduction within a single explainable architecture. Unlike existing IDS solutions that address imbalance, adaptability, or interpretability in isolation, the proposed framework jointly addresses these challenges in CPS network environments.

  2. 2.

    A novel methodological contribution is to combine few-shot LSTM learning with focal loss to address severe class imbalance and limited attack instances simultaneously. This joint formulation enhances the detection of rare and low-frequency attacks, which remains a critical limitation of conventional deep learning-based IDSs.

  3. 3.

    This study advances explainable intrusion detection by embedding SHAP-based explanations into the detection pipeline, enabling both global interpretability and local interpretability of the model predictions. This integration provides actionable insights into feature contributions, improving transparency, and trust in IDS decisions for CPS operators.

  4. 4.

    Extensive experiments conducted on the ToN_IoT2020 benchmark dataset demonstrate that the proposed framework consistently outperforms state-of-the-art IDS approaches across multiple evaluation metrics, which include accuracy, precision, recall, F1-score, and false positive rate. The results empirically validate the effectiveness and robustness of the proposed approach under realistic CPS traffic conditions.

The remainder of this paper is organized as follows. Section 2 reviews related work on CPS intrusion detection, focusing on class imbalance, deep learning approaches, and explainable AI. Section 3 describes the proposed HeXAI-AttentionCPS framework. Section 4 presents the experimental setup, evaluation of metrics, performance analysis, ablation study, and comparative results. Section 5 discusses the key findings and their implications, followed by limitations and threats to validity. Section 7 concludes the paper and outlines future research directions.

Literature review

Imbalance-aware machine learning based intrusion detection

Class imbalances are the main challenges in machine learning, particularly in intrusion detection, because they complicate the analysis of highly skewed network traffic groups, where minority class attacks are often underrepresented in network traffic. This problem has led to a large body of work focused on improving how accurately intrusion detection systems (IDSs) identify threats in CPS when dealing with imbalanced network traffic. To address this, the authors8 introduced a framework, that integrates a variational autoencoder (VAE), focal loss (FL), and XGBoost. This hybrid approach enhances the detection of underrepresented intrusions by generating synthetic samples specifically aimed at these minority classes. Evaluations conducted demonstrated that the model outperforms conventional classifiers, achieving 99.67% precision, an F1 score of 94.74%, and a recall of 89.41%. Although the high precision reflects the model’s ability to reduce false alarms, the relatively lower recall suggests that some rare attacks may still be missed. This limitation highlights a key trade-off in synthetic data-driven approaches: while they enhance precision and stability, they may struggle to generalize highly sparse or previously unseen attack patterns. In cyber-physical systems, where even a small number of undetected intrusions can have severe physical and economic consequences, this shortcoming underscores the need for IDS models that can learn robust representations from limited real attack samples rather than relying primarily on data augmentation.

The IE-DBN model proposed in9 employs information gain for feature reduction in conjunction with SMOTE to rebalance the training data, achieving high overall detection accuracy. Nevertheless, its effectiveness decreases when it is applied to large-scale datasets, particularly in identifying minority attack classes, highlighting the scalability limitations of traditional oversampling techniques in highly imbalanced environments. Similarly, researchers10 developed an IDS that combines adaptive synthetic sampling (ADASYN) with LightGBM, reporting accuracy values of 99.86%, 89.79%, and 83.98% on the CICIDS2017, NSL-KDD, and UNSWNB15 datasets, respectively. While ADASYN improved the detection rate of underrepresented attack classes by focusing on difficult-to-learn samples, this gain was accompanied by an increase in false positive rates, indicating a trade-off between minority-class recall and classification stability. Such behavior may reduce the practical applicability of the model in operational CPS environments, where excessive false alarms can hinder timely response.

In11, a comparative evaluation of multiple machine learning classifiers on the UNSW-NB15 dataset demonstrated that Random Forest benefited from SMOTE-based rebalancing, achieving an accuracy of 95.1%. However, the same rebalancing strategy adversely affects the performance of Artificial Neural Networks and Logistic Regression, suggesting that oversampling techniques do not uniformly benefit all classifiers and may introduce bias or noise that degrades model generalizability. Further investigations into refined oversampling approaches include the use of Borderline-SMOTE in IoT intrusion detection scenarios12, where improved detection of rare attack types was observed by concentrating synthetic sample generation near class decision boundaries. Despite its effectiveness in class-sensitive contexts, this approach remains vulnerable to noise and overlapping class distributions. To address these limitations, generative models have been introduced as alternatives. Studies in13 utilized Generative Adversarial Networks (GANs) to synthesize rare attack instances, leading to improved performance of CNN-based IDS models. Building on this14, employed Wasserstein Conditional GANs (WCGANs) to generate minority-class samples, further enhancing the detection rate of rare intrusions via XGBoost classifiers. Although GAN-based methods improve minority-class representation, they often incur significant computational overhead and rely heavily on the quality of generated samples, which may limit their scalability and robustness in real-world CPS deployments.

Further efforts to mitigate class imbalance have focused on more sophisticated sampling and hybrid learning strategies4. introduced the Geometric Synthetic Minority Oversampling Technique (G-SMOTE), which extends conventional SMOTE by incorporating geometric constraints and kernel density estimation to generate more representative synthetic samples. This approach demonstrated strong multiclass classification performance, reporting accuracy values of 86.39%, and 99.94% across different evaluation settings. However, despite its improved sample generation strategy, the G-SMOTE remains a data-level augmentation technique and may still be sensitive to overlapping class distributions and noise in high-dimensional CPS traffic.

To further enhance minority-class recognition15, proposed the Difficult Set Sampling Technique (DSSTE), which leverages the Edited Nearest Neighbor (ENN) to partition training data into “simple” and “difficult” subsets. By reducing dominant class instances through K-Means clustering and selectively increasing the number of samples from underrepresented classes, DSSTE improved detection performance, achieving 96.29% accuracy on the CSECIC-IDS2018 dataset and 80.69% accuracy with a 79.34% F1-score on NSL-KDD. While effective, the method introduces additional computational complexity due to clustering and instance selection, which may limit scalability in large-scale CPS deployments. In a related direction16, reported a modest improvement in precision of approximately 2% for minority-class detection via a semi-supervised learning framework. Their approach integrates Principal Component Analysis (PCA), multiple feature-filtering strategies, and an enhanced Tri-Light Gradient Boosting Machine (Tri-LightGBM) combined with stratified sampling. Although this framework improves robustness by reducing feature redundancy and leveraging unlabeled data, its reliance on a fixed training distribution may constrain adaptability to evolving or previously unseen attack patterns. More recently17, proposed a deep learning-based IDS that addresses class imbalance via Tomek Links and ADASYN, achieving 99.8% accuracy in binary classification and 99.98% accuracy in multi-class scenarios. Despite these high accuracy figures, the approach remains dependent on extensive resampling and does not explicitly address model interpretability or generalizability under extreme data sparsity. Collectively, these studies demonstrate continued progress in imbalance handling but also reveal persistent limitations related to scalability, adaptability, and explainability in CPS-oriented intrusion detection systems.

Most existing intrusion detection systems addressing class imbalance rely on data-level solutions such as oversampling, SMOTE variants, or generative models such as GANs to artificially increase minority class samples. While effective in some scenarios, these approaches often introduce synthetic noise, increase computational overhead, and struggle to generalize previously unseen or evolving attack patterns. In contrast, Few-shot learning (FSL), in contrast, aims to enable models to learn discriminative representations from only a limited number of labeled samples per class. Despite its success in domains such as computer vision and natural language processing, few-shot learning remains underexplored in intrusion detection, particularly in cyber-physical systems. Existing IDS studies largely assume the availability of sufficient labeled attack data, which is unrealistic for rare or zero-day attacks common in CPS environments. This gap highlights the need for IDS frameworks that can generalize from scarce attack samples without relying on aggressive data augmentation, motivating the integration of few-shot learning into deep sequential models for imbalanced network traffic.

Few-shot learning based intrusion detection

Few-Shot Learning (FSL) has emerged as a promising paradigm to address the strong dependence of deep learning–based intrusion detection systems (IDS) on large volumes of labeled data, particularly rare or zero-day attacks. Unlike conventional supervised learning, FSL focuses on learning transferable representations that enable models to generalize from a limited number of labeled samples, typically through episodic training and metric-based classification. This characteristic makes FSL particularly suitable for intrusion detection scenarios characterized by severe class imbalance and data scarcity.

Several studies have explored the application of FSL in IDS contexts. The researcher18 introduced the FS-IDS, an episodic training framework that reduces reliance on large, labeled datasets by learning task-level representations rather than class-specific patterns. While the approach demonstrates competitive performance with significantly fewer malicious samples, its evaluation is largely limited to benchmark and simulated datasets, leaving questions about scalability and robustness in real CPS environments.

In IoT-focused IDS, a CNN–prototypical network architecture has been proposed19 to enable few-shot intrusion detection with limited training data. Although high accuracy is reported, the approach primarily emphasizes overall classification performance, with limited consideration of class imbalance, traffic variability, and computational constraints typical of real-world IoT and CPS deployments. The FS-MCL framework proposed by the researcher20 enhances few-shot intrusion detection by modeling dense feature relationships via mutual centralized learning and Markov-based associations. While strong detection performance is achieved across multiple datasets, the reliance on traffic-to-image transformation and increased model complexity may hinder interpretability and real-time applicability, which are critical requirements in CPS networks.

A few-shot IDS proposed by21 for industrial internet environments integrates a 1D-CNN encoder with attention mechanisms within a prototypical network to improve discrimination under data-scarce conditions. Although the method improves the detection of unseen attacks, its evaluation is confined to simulation datasets, and its performance remains moderate compared with that of recent deep learning–based IDS solutions. More recently, researchers22 introduced BFS-NID to extend few-shot learning to a class-incremental intrusion detection setting by leveraging a vision transformer and self-supervised feature learning. While effective for incremental attack detection, the computational overhead associated with transformer-based architectures may limit practical deployment in resource-constrained or latency-sensitive CPS environments.

The existing few-shot learning-based IDS approaches demonstrate the potential of FSL for addressing data scarcity and novel attack detection. However, most studies focus primarily on detection performance, with limited attention to severe class imbalance, temporal modeling of CPS traffic, explainability, and deployment efficiency. These limitations motivate the proposed HeXAI-AttentionCPS, which integrates episodic few-shot learning with attention-enhanced temporal modeling, focal loss for imbalance mitigation, and SHAP-based explainability within a unified CPS-oriented IDS framework.

Explainable AI-based intrusion detection

Explainable Artificial Intelligence (XAI) has emerged as a critical requirement for IDS deployment in safety-critical CPS environments, where security decisions must be interpretable and trustworthy. Model-agnostic explanation techniques such as Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) have been increasingly adopted to interpret complex machine learning models by quantifying feature-level contributions to predictions7. Among these, SHAP is particularly attractive for IDS because of its solid theoretical foundation, consistency guarantees, and ability to provide both global and local explanations. However, most existing IDS studies either focus solely on improving detection accuracy without interpretability or apply XAI techniques as a post hoc analysis without explicitly addressing class imbalance7.

As summarized in Table 1, very few works simultaneously consider imbalance-aware deep learning and explainability, and even fewer investigate their interaction in CPS-specific intrusion scenarios. This reveals a clear research gap in the design of IDS that is not only accurate under severe class imbalance but also transparent and interpretable. The proposed HeXAI-AttentionCPS framework addresses this gap by jointly integrating few-shot learning, focal loss-based imbalance mitigation, attention mechanisms, and SHAP-based explainability within a unified intrusion detection architecture. An overview of existing approaches is presented in Table 1.

Table 1 Summary of related work on anomaly-based techniques.
Full size table

Methodology

This study introduced HeXAI-AttentionCPS; an anomaly-based IDS designed to mitigate the issues caused by imbalanced network traffic in CPS. The model employs a few-shot LSTM model enhanced by attention mechanisms to focus on critical temporal patterns and improve the detection of anomalies. To rectify the imbalance in network traffic data, the model also integrates focal loss to ensure sensitivity to minority class intrusions while maintaining robust performance for majority classes, reducing false positives while maintaining high accuracy for both unknown and known threats. This section outlines the architectural design, data processing pipeline, and the algorithms employed in developing the HeXAI-AttentionCPS. Figure 1 details how the hybrid model synergizes to create a robust system capable of detecting diverse intrusion types, improving detection accuracy, and ensuring computational efficiency.

Fig. 1
figure 1

Architecture of the proposed HeXAI-AttentionCPS model.

Full size image

Attention-enhanced few-shot LSTM with focal loss

This section maps out the proposed anomaly-based approach, which is designed for anomaly detection in imbalanced network traffic as depicted in Algorithm 1. The approach integrates the sequential learning strengths of LSTM networks with an attention mechanism that emphasizes important time steps, ensuring that the model concentrates on the most pertinent features of the data. Additionally, the incorporation of focal loss to address class imbalance places more emphasis on rare attack instances. The following subsections detail the integration of these components to achieve the proposed anomaly detection approach.

Data preprocessing

In the preprocessing stage, we applied the min-max normalization technique to scale all the attributes, ensuring that they were on the same scale for consistent modeling. Additionally, we utilized PCA for feature extraction, effectively minimizing the dimensionality of the data while maintaining its most significant variance.

  1. a.

    Min-Max Normalization Technique.

Min–Max normalization23 adjusts feature values to a uniform range between 0 and 1. This scaling procedure ensures data consistency and optimizes performance during classification. Equation (1) presents the corresponding formula.

$$\:{Y}_{new}=\frac{{Y}_{new}-\text{m}\text{i}\text{n}\left(y\right)}{\text{max}\left(y\right)-\text{m}\text{i}\text{n}\left(y\right)}$$
(1)

Here \(\:{Y}_{new}\) denotes the normalized value of a given feature, whereas \(\:\text{m}\text{i}\text{n}\left(y\right)\) and \(\:\text{max}\left(y\right)\) represent the minimum and maximum values of that feature, respectively.

  1. b.

    Feature Extraction with PCA.

Principal Component Analysis (PCA) was employed to reduce the dataset’s dimensionality by identifying the principal components that capture most of the data’s variance24. By selecting the top \(\:k\) components, we reduce the computational complexity for subsequent tasks while preserving most of the critical information about the patterns in the dataset. This process ensures that the reduced data retain the essential features necessary for differentiating between instances of attacks and normal traffic of the imbalanced network traffic, making it an efficient preprocessing step for the proposed HeXAI-AttentionCPS model.

Given that the data have \(\:N\) samples and \(\:M\) features. These data were represented as a matrix \(\:X\in\:{\mathbb{R}}^{N\times\:M}\), where:

$$\:X = \left[ {\begin{array}{*{20}{c}} {{x_{11}}}&{\: \cdots \:}&{\:{x_{1M}}} \\ {\: \vdots }&{\: \ddots \:}&{\: \vdots } \\ {\:{x_{N1}}}&{\: \cdots \:}&{\:{x_{NM}}} \end{array}} \right]$$
(2)

where \(\:{x}_{ij}\) represents the \(\:j\)-th feature value for the \(\:i\)-th sample. To ensure that PCA focuses on the variance rather than the mean, the data are centered by subtracting the mean of each feature:

$$\:{\mu\:}_{j}=\frac{1}{N}\sum\:_{i=1}^{N}{x}_{ij},\:\:\:\forall\:j\in\:\left\{\text{1,2},\dots\:.,M\right\}$$
(3)

The centered data \(\:{X}_{c}\) are then computed as:

$$\:{X}_{c}=X-\mu$$
(4)

where:

$$\:\mu\:=\left[{\mu\:}_{1},\:{\mu\:}_{2},\:\dots\:\dots\:\dots\:..{\mu\:}_{M}\right]$$

The covariance matrix \(\:{\Sigma\:}\) is then calculated to measure the relationships between features:

$$\:{\Sigma\:}=\frac{1}{N}{X}_{c}^{T}{X}_{c}$$
(5)

where the diagonal elements of \(\:{\Sigma\:}\in\:{\mathbb{R}}^{M\times\:M}\) which are symmetric, reflect the variance of individual features, whereas the off-diagonal elements indicate the covariances between feature parts. To find the principal components, the covariance matrix \(\:{\Sigma\:}\) must then undergo eigenvalue decomposition:

$$\:{\Sigma\:}{\text{V}}_{i}={\lambda\:}_{i}{\text{V}}_{i}$$
(6)

where:

  • Where \(\:{\lambda\:}_{i}\) is the \(\:i\)-th eigenvalue of \(\:{\Sigma\:}\), which represents the variance captured by the corresponding \(\:i\)-th principal component.

  • \(\:{\text{V}}_{i}\in\:{\mathbb{R}}^{M}\) is the corresponding \(\:i\)-th eigenvector, indicating the direction of the \(\:i\)-th principal component.

The eigenvalues and eigenvectors are computed such that:

$$\:{\Sigma\:}=\text{V}{\Lambda\:}{\text{V}}^{{\rm T}}$$
(7)

where:

  • \(\:{\Lambda\:}=\text{d}\text{i}\text{a}\text{g}({\lambda\:}_{1},{\lambda\:}_{2},\dots\:\dots\:.,{\lambda\:}_{M})\) is an eigenvalue diagonal matrix.

  • \(\:\text{V}=\left[{\text{v}}_{1},\:{\text{v}}_{2},\:\dots\:\dots\:\dots\:.,\:{\text{v}}_{M}\right]\) is the eigenvectors matrix.

Next, the eigenvalues \(\:{\lambda\:}_{1},{\lambda\:}_{2},\dots\:\dots\:.,{\lambda\:}_{M}\) are arranged in descending order: \(\:{\lambda\:}_{1}\ge\:{\lambda\:}_{2}\ge\:\dots\:\ge\:{\lambda\:}_{M}\). The top \(\:k\) eigenvectors corresponding to the \(\:k\)-largest eigenvalues are selected to form the projection matrix \(\:{\text{V}}_{k}\):

$$\:{\text{V}}_{k}=\left[{\text{v}}_{1},\:{\text{v}}_{2},\:\dots\:\dots\:\dots\:.,\:{\text{v}}_{k}\right]$$
(8)

The choice of \(\:k\) depends on the desired amount of variance to retain:

$$\:\text{C}\text{u}\text{m}\text{m}\text{u}\text{l}\text{a}\text{t}\text{i}\text{v}\text{e}\:\text{V}\text{a}\text{r}\text{i}\text{a}\text{n}\text{c}\text{e}\:\text{R}\text{a}\text{t}\text{i}\text{o}=\frac{{\sum\:}_{i=1}^{k}{\lambda\:}_{i}}{{\sum\:}_{i=1}^{M}{\lambda\:}_{i}}$$
(9)

Finally, the original data are transformed into the lower-dimensional space defined by the top \(\:k\) principal components. Therefore, the original data are then projected onto the new \(\:k\)-dimensional subspace formed by the selected eigenvectors:

$$\:{\text{X}}_{PCA}={\text{X}}_{c}{\text{V}}_{k}$$
(10)

where:

\(\:{\text{X}}_{PCA}\in\:{\mathbb{R}}^{N\times\:k}\) is the reduced representation of the transformed data with reduced dimensions and each row of \(\:{\text{X}}_{PCA}\) represents a sample in the reduced \(\:k\)-dimensional space?

Few-shot long short-term memory (LSTM)

LSTM is a special type of recurrent neural network (RNN)25 developed to overcome the problem of long-term dependency in sequential data. It achieves this through gating mechanisms, namely, the forget, input, and output gates, which regulate information flow within the LSTM, enabling selective memory retention and update. Figure 2 provides a summary of the LSTM and attention mechanism.

Fig. 2
figure 2

Component of LSTM and the Attention Mechanism.

Full size image

The forward propagation process of the LSTM model is defined by the following equation. In this formulation, \(\:{h}_{t}\) and \(\:{c}_{t}\) represent the model’s hidden and cell states. The sigmoid and hyperbolic tangent activation functions are denoted by \(\:\sigma\:\) and \(\:\text{t}\text{a}\text{n}\text{h}\), respectively. The input, forget, and output gates are expressed as \(\:f,\:i,\:\text{a}\text{n}\text{d}\:o\), where \(\:W\) denotes the weight matrices associated with different peephole connections. The forget gate determines which information from the previous cell state should be discarded, and its output is computed using the equation below.

$$\:{f}_{t}=\sigma\:\left({W}_{f}\cdot\:\left[{h}_{t-1},{x}_{t}\right]+{b}_{f}\right)$$
(11)

In this expression, \(\:{f}_{t}\)​ denotes the output of the forget gate, \(\:{h}_{t-1}\)​ represents the hidden state from the preceding time step, and \(\:{x}_{t}\)​ corresponds to the current input. The parameters \(\:{W}_{f}\) and \(\:{b}_{f}\)​ refer to the associated weight matrix and bias term. The next step involves updating the cell state with newly acquired information.

$$\:{i}_{t}=\sigma\:\left({W}_{i}\cdot\:\left[{h}_{t-1},{x}_{t}\right]+{b}_{i}\right)$$
(12)
$$\:{\stackrel{\sim}{c}}_{t}=\text{t}\text{a}\text{n}\text{h}\left({W}_{c}\cdot\:\left[{h}_{t-1},{x}_{t}\right]+{b}_{c}\right)$$
(13)

In this equation, \(\:{i}_{t}\)​ controls the extent to which new information affects the cell state, whereas \(\:{\stackrel{\sim}{c}}_{t}\)​ represents the candidate cell state. The updated memory cell state is then obtained by combining the outputs of the forget and input gates.

$$\:{c}_{t}={f}_{t}\cdot\:{c}_{t-1}+{i}_{t}\cdot\:{\stackrel{\sim}{c}}_{t}$$
(14)

The output corresponding to the current time step was subsequently computed and updated accordingly

$$\:{o}_{t}=\sigma\:\left({W}_{o}\cdot\:\left[{h}_{t-1},{x}_{t}\right]+{b}_{o}\right)$$
(15)
$$\:{h}_{t}={o}_{t}\cdot\:\text{tanh}\left({c}_{t}\right)$$
(16)

.

The classification engine was the proposed HeXAI-AttentionCPS system’s most vital element, and we integrated it with LSTM. LSTM captures temporal dependencies in network traffic, enabling it to model sequences and uncover correlations between past and present behavior, which is critical for anomaly detection in the CPS network environment26. It can retain historical traffic information while analyzing current data. During network attacks, attackers often perform actions sequentially, so individual traffic events may seem benign or disconnected from previous activities27.

While LSTM is highly effective at modeling sequential dependencies, it is typically not well-suited for detecting rare attack instances, particularly in a highly imbalanced network of traffic. To address this, we integrate few-shot learning into the LSTM framework to enable the model to perform well even with very few labeled samples for minority classes.

Unlike conventional batch-based training, episodic training is adopted to explicitly simulate low-data learning scenarios encountered by minority attack classes in CPS networks. By repeatedly sampling tasks composed of limited support samples and corresponding query sets, episodic training forces the model to learn transferable representations rather than memorizing majority-class patterns. This training strategy is particularly effective in imbalanced intrusion detection, where rare attack instances are insufficient to support traditional supervised learning. As a result, episodic training enhances the model’s ability to generalize to sparsely represented and previously unseen attack patterns without relying on extensive synthetic data generation.

In few-shot learning, the model is exposed to episodic training tasks, where each task consists of a small, labeled support set:

$$\:{S}_{\text{s}\text{u}\text{p}\text{p}\text{o}\text{r}\text{t}}={\left\{\left({X}_{i},\:{Y}_{i}\right)\right\}}_{i=1}^{N\times\:K}$$
(17)

In this work, episodic training is constructed such that the support set samples are drawn exclusively from minority attack classes.

$$\:K\ll\:{N}_{minority}$$

Each training episode follows an \(\:N\)-way \(\:K\)-shot formulation, where \(\:N\) denotes the number of minority attack classes and where \(\:K\) represents the limited number of labeled samples per class in the support set. In each episode, the support set contains \(\:K\)samples per minority class, where \(\:K\ll\:N\), thereby enforcing a few-shot learning regime at the class level. An unlabeled query set is defined as:

$$\:{S}_{\text{q}\text{u}\text{e}\text{r}\text{y}}={\left\{\left({X}_{j},\:{Y}_{j}\right)\right\}}_{j=1}^{Q}$$
(18)

where \(\:Q\) is the number of samples in the query set.

The support set contains a few labeled samples per class, which the model uses to learn how to classify unseen instances from the query set. This approach is particularly useful for rare attack types, where there are very few instances in the training data. During training, the model learns from episodic tasks in which the support set provides the few labeled samples to compute class prototypes:

$$\:{\mu\:}_{c}=\frac{1}{K}\sum\:_{i\in\:c}{O}_{attention,\:i}$$
(19)

where \(\:{\mu\:}_{c}\) is the class prototype computed from the attention-weighted representations of the support set. while the query set evaluates the model’s generalization to unseen data, where the model uses the prototypes to classify the query set samples by comparing their representations to the prototypes via a distance metric:

$$\:d\left({\mu\:}_{c},{O}_{attention,\:\:q}\right)={\parallel{O}_{attention,\:\:q}-{\mu\:}_{c}}\parallel^{2}$$
(20)

where \(\:d\) represents the distance between the query sample and the class prototype. From Eq. (20), the negative squared distances are treated as class logits and normalized via a SoftMax function to obtain class posterior probabilities, which are subsequently optimized via focal loss28.

$$\:p\left( {y = c|q} \right) = \frac{{{\text{exp}}( - d(\mu {\:_c},\:{O_{attention,\:\:q}}))}}{{{{\sum \: }_{\mathop c\limits^{'} }}{\text{exp}}( - d(\mu {\:_{\mathop c\limits^{'} }},\:{O_{attention,\:\:q}}))}}$$
(21)
$$\:{L}_{focal}=-{\alpha\:}_{j}{(1-p\left(y=c|q\right))}^{\gamma\:}\text{log}p\left(y=c|q\right)$$
(22)

Consequently, focal loss is applied exclusively to query samples during training, whereas prototype computation remains loss-free, ensuring a clear separation between metric-based representation learning and imbalance-aware optimization.

Attention mechanism

The Attention Mechanism enhances deep learning models by allowing them to focus on the most relevant information in a sequence29. This is analogous to human attention, where the brain prioritizes important details. In network intrusion detection, attention enables the model to emphasize critical time steps in the traffic sequence. The attention mechanism employed in this work follows the Bahdanau-style additive attention formulation, where attention scores are computed via a learnable feedforward compatibility function applied to the LSTM hidden states and normalized via a SoftMax operation. The attention weight \(\:{\alpha\:}_{t}\) for a given time step \(\:t\) is computed as:

$$\:{\alpha\:}_{t}=\frac{\text{e}\text{x}\text{p}\left({u}_{t}^{T}{u}_{w}\right)}{{\sum\:}_{{t}^{{\prime\:}}}\text{e}\text{x}\text{p}\left({u}_{t}^{T}{u}_{w}\right)}$$
(23)

In this context, \(\:{u}_{t}\)​ is the hidden state at time \(\:t\), whereas \(\:{u}_{w}\)​ corresponds to the learnable weight vector. The calculation of \(\:{u}_{t}\) ​ is given by:

$$\:{u}_{t}=\text{tanh}\left({W}_{w}\cdot\:{h}_{t}+{b}_{w}\right)$$
(24)

Here, \(\:{W}_{w}\) and \(\:{b}_{w}\)​ denote the trainable weight matrix and bias term, respectively. After calculating the attention probabilities at each time step, the weighted feature vector \(\:v\), which encodes information about the network traffic, is computed as follows:

$$\:v=\sum\:_{t}{\alpha\:}_{t}\cdot\:{h}_{t}$$
(25)

Finally, the predicted label is obtained by applying the SoftMax function:

$$\:y=softmax\left({W}_{v}\cdot\:v+{b}_{v}\right)$$
(26)

Here, \(\:{W}_{v}\) and \(\:{b}_{v}\)​ denote the weight matrix and bias parameters used for classification, respectively.

The justification for selecting this classifier lies in the LSTM’s ability to effectively learn and combine historical data patterns with real-time network traffic features, enabling accurate classification. Additionally, the attention mechanism enhances this ability by identifying and emphasizing the most critical aspects of network traffic, thereby improving the overall classification performance of the LSTM model30.

Class-wise focal loss (FL)

FL was employed in this study to solve the imbalance issue in anomaly detection8. The loss for each class is defined as:

$$\:FL\left({p}_{j}\right)=-{\alpha\:}_{j}{\left(1-{p}_{j}\right)}^{\gamma\:}\text{lo}\text{g}\left({p}_{j}\right)$$
(27)

The variable \(\:{\alpha\:}_{j}\)​ indicates the class weight, \(\:\gamma\:\) is the focusing factor, and \(\:{p}_{j}\) is the predicted probability corresponding to the true label. The total loss for a batch of size \(\:N\) is computed using:

$$\:{L}_{total}=\frac{1}{N}\sum\:_{i=1}^{N}FL\left({{p}_{j}}^{\left(i\right)}\right)$$
(28)

where:

$$\:{p}_{j}=p\left(y=c|q\right)$$

Here, the predicted probability \(\:{p}_{j}\) corresponds to the SoftMax probability \(\:p(y=c\mid\:q)\) obtained from the prototype-based classification of query samples defined in Eq. (21).

The model weights were updated iteratively during training using mini-batch stochastic gradient descent together with the Adam optimizer. The focal loss was able to improve the model’s focus on minority attack instances. The focal loss formulations in Eqs. (27) and (28) are sufficiently applied to the query-level SoftMax probabilities defined in Eq. (21) during episodic training.

Algorithm 1
figure a

Attention-Enhanced Few-Shot LSTM with Focal Loss.

Full size image

Explainable A.I mechanism

In this research, we employed the Shapley Additive Explanations (SHAP)31 to elucidate the judgment rendered by our proposed HeXAI-AttentionCPS IDS model. SHAP clarifies the predictions of an instance by measuring the role of each feature in the ultimate prediction. The contribution can have either a positive or negative impact32. Equation (36) can be utilized to acquire the SHAP explanation of a given instance:

$$\:\text{G}\left(A\right)={S}_{o}+{\sum\:}_{i=1}^{K}{S}_{i}A$$
(27)

The SHAP formula \(\:G\left(A\right)={S}_{0}+{\sum\:}_{i=1}^{K}{S}_{i}{A}_{i}\) expresses a model’s prediction as the sum of a baseline value (\(\:{S}_{0}\)) and the contributions of individual features (\(\:{S}_{i}{A}_{i}\)). Here, \(\:K\)is the number of features, \(\:{A}_{i}\) represents the simplified presence of feature \(\:i\), and \(\:{S}_{i}\) quantifies the feature’s impact on the prediction. Positive values of \(\:{S}_{i}\) indicate that the feature increases the output, whereas negative values indicate a decreasing effect. This formulation allows the model’s prediction to be interpreted in terms of feature importance, providing a transparent and consistent explanation of complex machine learning models.

Experimental evaluations

This section starts with a summary of the experimental setup, detailing the datasets employed and the evaluation of the metrics used. It then provides a comprehensive analysis of the proposed model’s performance. Finally, an ablation study is presented to highlight the effectiveness of the HeXAI-AttentionCPS approach.

Experimental setup

The HeXAI-AttentionCPS model was simulated on a machine with an Intel Core i7 1.60 GHz processor, 16 GB of RAM, and a 515 GB SSD. Python 3.9 served as the programming environment, and TensorFlow alongside Scikit-Learn was used for model implementation. Table 2 presents the configuration of the parameters used in the proposed model. A series of comprehensive experiments are carried out, in which different combinations of hyperparameters are explored to increase the detection accuracy.

These settings highlight the flexibility and adaptability of the proposed HeXAI-AttentionCPS model in addressing imbalanced network traffic and effectively detecting both known and unknown intrusions. All reported results correspond to a single deterministic experimental run using fixed random seeds for data splitting and model initialization. This configuration ensures the exact reproducibility of the reported metrics. Owing to the large-scale nature of the dataset and the stability of the training process, repeated runs produced negligible variance and are therefore not reported separately. Episodic training was performed over 3,000 randomly sampled 4-way 5-shot episodes, which were sufficient to ensure stable convergence while preserving the few-shot learning regime for minority attack classes.

Table 2 Design principles of proposed HeXAI-AttentionCPS Model.
Full size table

Dataset description

The study employed a publicly available subset of the ToN_IoT2020 dataset, which exhibits severe class imbalance33. The dataset was derived in 2020 from a CPS environment that mirrors modern industrial networks providing insights into operational complexities and attack vectors unique to CPS. It combines heterogeneous data sources, including IoT/IIoT telemetry, operating system logs, and network traffic, collected from large-scale, realistic testbeds mimicking modern industrial environments34. It combines heterogeneous data sources, including IoT/IIoT telemetry, operating system logs, and network traffic. The subset used in this study includes normal traffic and nine cyber-attack categories, namely backdoor, XSS, scanning, password, MITM, ransomware, injection, DoS, and DDoS. Its diversity and realism make it invaluable for developing a robust IDS tailored to the unique security challenges of CPS. No additional sampling or class balancing was applied beyond the use of this predefined dataset subset. The classwise distribution of this provider-released subset is reported in Table 3.

The ToN_IoT2020 dataset was partitioned into training and testing sets via a stratified splitting strategy to preserve the original class distribution, which is critical given the highly imbalanced nature of CPS network traffic. Specifically, 80% of the data was used for training and 20% were used for testing, with no overlap between the two sets to prevent data leakage. Stratification ensures that minority attack classes are adequately represented during both training and evaluation, enabling a fair assessment of detection performance. To ensure reproducibility, a fixed random seed was applied during data splitting, model initialization, and training.

Table 3 Distribution of the ToN_IoT Dataset.
Full size table

Although the ToN_IoT2020 dataset is large in total volume, it exhibits extreme class imbalance, where certain attack categories, most notably the MITM class, contain only a small number of labeled samples relative to the majority classes. In this work, the few-shot learning paradigm is applied at the class level rather than the dataset level. Specifically, minority attack classes are treated as few-shot tasks, reflecting realistic CPS environments in which rare or emerging attacks are sparsely labeled. This setting aligns with the fundamental assumption of few-shot learning, where the objective is to generalize effectively from limited labeled samples for specific classes, despite the availability of abundant data for other categories.

Metrics used for performance evaluation

To evaluate the effectiveness of the proposed HeXAI-AttentionCPS model in identifying attacks within imbalanced network traffic in cyber-physical systems (CPS), six performance metrics were utilized as outlined in Table 4. The metrics assess how effectively the model can distinguish normal traffic from anomalies. True positives (TP) represent the number of attack instances correctly detected by the model, whereas false negatives (FN) refer to attack instances that were not accurately identified. True negatives (TN) correspond to normal traffic correctly classified as nonmalicious, whereas false positives (FP) indicate normal traffic that is incorrectly flagged as malicious. This evaluation framework helps determine the model’s reliability and robustness in handling the challenges posed by imbalanced networks in intrusion detection.

Table 4 Metrics used for performance Evaluation.
Full size table

Result analysis

This section reports the outcomes of the conducted experiments. The performance of the proposed HeXAI-AttentionCPS model was assessed on the ToN_IoT2020 dataset. Furthermore, an ablation study is presented to analyze the contributions of different components of the proposed method.

PCA for dimensionality reduction

The selection of 23 components, as shown in Table 5, is a deliberate strategy grounded in the explained variance of the principal components. The explained variance reflects how well the selected components capture the original data’s critical information, which is crucial for effective dimensionality reduction. The 23 selected components collectively explain 93.2% of the variance, demonstrating that a substantial amount of the dataset information is retained while reducing dimensionality, as illustrated in Fig. 3. This selection strikes a balance between minimizing data complexity and preserving the essential features that contribute to robust intrusion detection. The high percentages of the explained variance indicate a strong retention of informative features, enabling the proposed model to effectively capture critical patterns and anomalies in the datasets. By aligning component selection with the explained variance, this approach enhances model performance by reducing noise and redundancy while maintaining the integrity of significant data attributes, thus contributing to efficient and accurate intrusion detection across diverse network instances.

Table 5 Explained variance levels of selected components.
Full size table
Fig. 3
figure 3

Percentage of explained variance of features.

Full size image

Experimental evaluation of the overall performance of the proposed model

The proposed model achieved impressive performance across all traffic classes in the ToN_IoT2020 dataset, showing high accuracy, precision, recall, and F1-scores, even in the presence of class imbalance. In highly imbalanced CPS intrusion detection tasks, aggregate accuracy is often dominated by majority classes; therefore, minority-class behavior and false-positive control provide more meaningful indicators of IDS effectiveness. The model’s robustness is particularly evident in its ability to handle the MITM attack class, which is very challenging due to its rarity and low representation in the dataset. For MITM, the model demonstrated a significant improvement in the recall and F1-score, effectively capturing subtle patterns associated with this class while maintaining a low false alarm rate. The model achieved balanced performance across all the metrics, indicating its capacity to detect these infrequent attacks without compromising precision or introducing excessive false positives. These results highlight the effectiveness of incorporating focal loss and attention mechanisms into the model. These techniques enable the prioritization of learning from underrepresented classes while leveraging advanced feature selection through PCA to reduce noise and emphasize critical features. By addressing the challenges of class imbalance, the proposed model delivers a comprehensive solution capable of accurately detecting both common and rare attack types in the ToN_IoT2020 dataset, depicting the model’s significance in detecting intrusions in CPS imbalanced network traffic as depicted in Table 6.

Table 6 Multiclass performance of the proposed model (ToN_IoT2020).
Full size table
Fig. 4
figure 4

Multiclass Performance of the Proposed Model (ToN_IoT2020).

Full size image

Ablation study

We conducted an ablation study, and the results of the experimental analysis are presented in Table 7. Evaluating the various models on the ToN_IoT2020 dataset provided valuable insights into their relative performance. For all ablation experiments, identical training hyperparameters, including the learning rate, optimizer, batch size, and number of training epochs, were used, and only the model components under investigation were varied. The baseline LSTM model demonstrated modest overall performance but faced challenges with recall and F1-score, primarily due to the impact of class imbalance. Introducing the attention mechanism in the AM+LSTM model improved the precision, recall, and F1-score by enabling the model to focus on critical features. Furthermore, incorporating focal loss in the AM+LSTM + FL model significantly enhances the recall and F1-score by effectively addressing the issue of class imbalance, particularly for rare attack instances. The integration of focal loss with LSTM (LSTM + FL) also led to performance improvements, although the absence of PCA limited the model’s ability to select and utilize the most important features efficiently. On the other hand, the PCA+LSTM model benefits from dimensionality reduction, achieving better accuracy and recall by reducing noise and emphasizing relevant features. Combining PCA with the attention mechanism in the PCA + AM-LSTM model further increased the overall performance, yielding significant gains in both precision and recall. Finally, the proposed PCA + AM-LSTM + FL model, which incorporates episodic few-shot training in conjunction with focal loss during model optimization, delivered the best overall performance. Compared with standard LSTM and attention-based variants trained via conventional batch learning, the episodic few-shot formulation significantly improved the recall and F1-score for minority attack classes, particularly MITM. This empirical evidence confirms that episodic training plays a critical role in enhancing generalization under severe class imbalance, thereby justifying its adoption within the proposed framework as depicted in Table 7; Fig. 4. The performance gain between PCA + AM+LSTM and PCA + AM+LSTM + FL reflects the combined effect of episodic few-shot training and focal loss, where few-shot learning primarily enhances minority-class recall, whereas focal loss stabilizes optimization under imbalance.

The ablation results indicate that PCA provides a substantial improvement in overall performance by reducing feature redundancy and enhancing global class separability. However, the impact of few-shot learning is not primarily reflected in the aggregate accuracy of the metrics. Few-shot learning is designed to improve generalization for minority attack classes, whose influence on overall accuracy is limited due to severe class imbalance. As observed in the classwise results in Table 6, the few-shot learning component contributes to stabilizing the detection performance for underrepresented attacks such as MITM, complementing PCA’s global feature optimization role. These results demonstrate that PCA enhances global feature representation, whereas few-shot learning and focal loss jointly improve robustness for minority attack detection and false-positive control under severe class imbalance.

Table 7 Performance comparison of the proposed model (ToN_IoT2020).
Full size table
Fig. 5
figure 5

Performance Evaluation of the Proposed Model (ToNs_IoT2020).

Full size image

SHAP explainable artificial intelligence

SHAP explanations were generated via the model-agnostic kernel SHAP approach. Owing to the sequential nature of the LSTM-based architecture, the input sequences were flattened prior to explanation, allowing SHAP to quantify feature-level contributions to the final detection decision. While this approach does not provide fine-grained temporal attribution, it offers reliable post-hoc interpretability for complex attention-enhanced models without requiring gradient access. All explanations were generated via the trained attention-enhanced LSTM model.

The color gradients denote the direction in which the feature affects the prediction. The SHAP value plot in Fig. 6 shows an in-depth interpretability framework for our machine learning model designed to detect cyber intrusions via the ToN_IoT2020 data. This global explanation provides a transparent breakdown of how individual features influence the model’s predictions across various attack classes. The key components of the SHAP plot are described as follows:

  1. 1.

    Feature Importance (Y-Axis): The y-axis lists features in descending order on the basis of their mean SHAP values, indicating their overall contribution to the model’s decisions. Features such as dst_port, src_port, src_ip, and dst_ip dominate the ranking, indicating that port activity and IP addresses are critical for intrusion classification in CPS network environments.

  2. 2.

    SHAP Value Magnitude (X-Axis): The x-axis represents the mean absolute SHAP value, which quantifies each feature’s average influence on the model output. The longer the bar is, the more important the feature is in shaping predictions. For instance, dst_port has the highest SHAP value, highlighting its strong influence on detecting various forms of network behavior or anomalies.

  3. 3.

    Class-Specific Feature Contributions (Color Coding): Each bar is color-coded according to attack class labels (e.g., Class 0–9), allowing us to visualize how different features contribute to predictions for specific intrusion categories. For example, dst_port is heavily influential for Class 6 (blue) and Class 9 (pink), whereas src_port contributes across multiple classes including Class 7 (red) and Class 8 (green). This multiclass support underscores the feature’s discriminative power across diverse attack scenarios.

  4. 4.

    Dominant Features in CPS Intrusion Detection: The analysis reveals the following:

  1. a.

    Network endpoint features such as dst_port, src_port, src_ip, and dst_ip are vital. Their high SHAP values suggest that attack vectors often exploit specific IP-port combinations in CPSs.

  2. b.

    Temporal and traffic volume indicators such as duration, src_ip_bytes, and dst_ip_bytes are also prominent, reflecting that timing and byte-level behaviors can distinguish between benign and malicious activities.

  3. c.

    Connection state features (e.g., conn_state_S0, conn_state_REJ) play a significant role in identifying dropped, rejected, or suspicious connections.

  4. d.

    Protocol and service-related fields such as service_http and dns_query have moderate but class-specific importance, reinforcing the contextual relevance of protocol usage in attack patterns.

  1. 5.

    Cross-Class Feature Relevance: Many features have bars segmented into multiple colors, which implies that they contribute to the classification of multiple attack types. For example, src_port and dst_ip have multicolored distributions, indicating that their predictive utility is not restricted to a single intrusion category. This cross-class influence is essential for building robust multiclass intrusion detection systems in heterogeneous IoT networks.

The SHAP summary visualization for the ToN_IoT2020 data demonstrates that network port activity, IP address patterns, and connection states are the most influential predictors for detecting intrusions in CPS network environments. By leveraging SHAP-based interpretability, this analysis enhanced our understanding of the model behavior, ensured trustworthiness, and guided feature engineering for improved detection accuracy.

Fig. 6
figure 6

SHAP Global explanation on the ToN_IoT2020.

Full size image

Comparison with state-of-the-art techniques

Table 8 provides a qualitative comparison between the proposed HeXAI-AttentionCPS framework and representative intrusion detection approaches reported in the literature that address class imbalance in network traffic. Importantly, that the compared studies were evaluated on heterogeneous datasets and under distinct experimental settings. Therefore, the reported performance metrics should not be interpreted as direct quantitative comparisons or as evidence of absolute superiority. Instead, this comparison is intended to contextualize the proposed approach within existing research trends, highlighting differences in modeling strategies, imbalance handling mechanisms, and the inclusion of explainability components. As summarized in Table 8, many existing works achieve high detection performance but do not incorporate explainable AI (XAI) mechanisms, which can limit their practical deployment in cyber-physical systems where transparency and trust are critical. The results of the proposed HeXAI-AttentionCPS model, which is evaluated exclusively on the ToN_IoT2020 dataset, demonstrate that it achieves competitive performance while simultaneously addressing class imbalance, temporal dependency modeling, and explainability within a unified framework. The inclusion of SHAP-based explanations distinguishes the proposed approach from several prior methods, providing additional interpretability without compromising detection effectiveness. Furthermore, while many prior works rely on data augmentation techniques to mitigate class imbalance, this study adopts an imbalance-aware learning strategy based on episodic few-shot training and focal loss, without modifying the underlying dataset distribution.

Table 8 Comparison of the proposed HeXAI-AttentionCPS with existing works.
Full size table

Discussion of findings

The evaluation of the HeXAI-AttentionCPS demonstrates its effectiveness in addressing the persistent challenges of IDS design for CPS with imbalanced traffic. Unlike traditional oversampling-based approaches as established in the literature9,10,12, which improve recall at the cost of more false alarms, the HeXAI-AttentionCPS model integrates focal loss and attention to achieve balanced performance across accuracy, recall, and false positive rates. In particular, the improved recall for minority attack classes such as MITM shows that few-shot learning combined with focal loss can effectively mitigate the limitations of GAN or SMOTE-based approaches13,17. Moreover, by incorporating SHAP, the model provides interpretability, a dimension largely absent in previous IDS frameworks4,8,16. This aligns with recent calls in the literature for IDSs that are both accurate and explainable, ensuring trust and adoption in real-world CPSs.

Crucially, the addition of SHAP-based explainability extends this contribution beyond accuracy metrics by addressing one of the most pressing barriers to IDS adoption: the lack of transparency in deep learning models. While SHAP itself is a well-established interpretability tool, its application within the HeXAI-AttentionCPS framework is distinctive for three reasons. First, it clarifies how the proposed hybrid model detects rare and complex attack classes, such as MITM, by revealing which traffic features drive these decisions. Second, it bridges the gap between high-performing but opaque anomaly based systems and the operational need for trust and accountability in real-world CPS environments. Third, by combining SHAP with attention-enhanced few-shot LSTM and focal loss, the system achieves not only balanced detection performance but also interpretable outputs, providing security analysts with actionable insights. This integration marks a shift from explainability as an afterthought to explainability as a core design principle of IDS. Unlike prior works that evaluated interpretability in isolation, HeXAI-AttentionCPS demonstrates that explainability can coexist with improved accuracy, low false positives, and computational efficiency, making the model more practical for deployment in modern CPS settings.

The results also reinforce the importance of dimensionality reduction; PCA not only reduces computational overhead but also enhances the attention mechanism’s ability to focus on relevant traffic patterns, echoing findings from semi supervised frameworks16. Collectively, these contributions position the HeXAI-AttentionCPS as a significant advancement over existing IDS models, offering both technical robustness and practical usability.

Limitations, challenges, and recommendations

Resource overhead

Although the proposed HeXAI-AttentionCPS achieves high detection accuracy and interpretability, the integration of multiple components, such as attention mechanisms, focal loss, PCA, and SHAP explainability may introduce additional computational and memory demands. This may limit deployment on resource-constrained devices such as IoT edge nodes, where lightweight IDS solutions are often needed. Future optimization should explore model compression, pruning, or hardware-aware tuning to reduce the overhead without compromising the detection quality.

Scalability and performance tradeoff

While focal loss effectively mitigates class imbalance, its performance may degrade under extreme imbalance conditions, where minority attack instances are exceedingly rare. Similarly, real-time scalability remains a challenge: the combination of attention and SHAP-based feature attribution, although valuable for interpretability, increases the inference time. For large-scale or high-speed CPS networks, further work is needed to strike a balance between explainability, throughput, and latency.

Threat to validity

A few threats to the validity of the proposed HeXAI-AttentionCPS are outlined below.

Internal validity

Model performance is dependent on the quality and representativeness of the ToN_IoT2020 dataset. Although this dataset captures diverse CPS attack scenarios, real-world environments may introduce additional complexities such as encrypted traffic or evolving attack vectors. There is also a risk of overfitting when multiple components are integrated.

External validity

The results obtained in controlled experimental settings may not be fully generalizable to operational CPS environments. Diverse protocols, adaptive adversaries, and dynamic network topologies can affect performance.

Construct validity

The evaluation emphasizes classical performance metrics (accuracy, precision, recall, F1, FAR). While these provide a strong baseline, additional measures such as computational latency, memory footprint, and interpretability of usability for human operators should also be considered in future assessments.

Recommendations

Future research should focus on optimizing the HeXAI-AttentionCPS framework for real-world deployment as follows:

  1. 1.

    The model is lightweighted through pruning, quantization, or knowledge distillation to enable operation on constrained devices.

  2. 2.

    Enhancing scalability by parallelizing SHAP computations or exploring approximate explainability methods that reduce latency while retaining interpretive power.

  3. 3.

    Extending validation to real CPS deployments with encrypted traffic, adaptive attackers, and live streaming data to strengthen external validity.

  4. 4.

    Human-centered evaluation, assesses whether SHAP-based explanations improve analysts’ ability to detect, interpret, and respond to intrusions in operational environments.

Conclusions and future work

This research proposed and evaluated HeXAI-AttentionCPS, a hybrid anomaly based IDS that combines attention-enhanced few-shot LSTM, focal loss, PCA, and SHAP explainability to address the challenges of imbalanced CPS traffic. The experimental results on the ToN_IoT2020 dataset confirmed that the model not only achieves high accuracy and recall for both common and rare attacks but also maintains a consistently low false positive rate. A key contribution to this work lies in demonstrating that explainability can be seamlessly embedded within a high-performing IDS. By integrating SHAP into the detection pipeline, the HeXAI-AttentionCPS provides interpretable outputs that clarify feature importance across attack classes, enhancing trust and adoption potential. Unlike existing IDS approaches that treat interpretability and detection performance separately, this study shows that a unified design can deliver both. Future work will explore optimizing this framework for resource-constrained edge environments and extend the explainability mechanism to capture temporal reasoning within traffic sequences. This will further strengthen the practicality and transparency of IDSs in complex CPS ecosystems.