Journal of Scientific Innovation and Advanced Research (JSIAR)

Peer-reviewed | Open Access | Multidisciplinary

Home / Articles / Causal Explainable AI for Cyber Threat Detection using Structural Causal Models
Journal of Scientific Innovation and Advanced Research (JSIAR) Published: March 2026 Volume: 2, Issue: 3 Pages: 177-187

Causal Explainable AI for Cyber Threat Detection using Structural Causal Models

Original Research Article
Prem1
1Department of Computer Science and Engineering, Noida International University, Greater Noida, India
Sahil Kumar2
2Department of Forensic Science, Noida International University, Greater Noida, India
Angad Kumar3
3Department of Computer Science and Engineering, Noida International University, Greater Noida, India
Nishant Gaur4
4Department of Computer Science and Engineering, Noida International University, Greater Noida, India
*Author for correspondence: Manoj Kumar Singh
Department of Computer Science and Engineering, Noida International University, Greater Noida, India
E-mail ID: prem042004@gmail.com

ABSTRACT

The increasing reliance on deep learning-based intrusion detection systems (IDS) has significantly enhanced the capability to identify complex and evolving cyber threats; however, their opaque decision-making processes limit trust and hinder actionable security insights. Existing explainable artificial intelligence (XAI) approaches in cybersecurity predominantly rely on correlation-driven interpretations, which often fail to capture the underlying causal mechanisms governing network anomalies, thereby leading to potentially misleading conclusions. To address this limitation, this paper proposes a novel causal explainable AI framework for cyber threat detection grounded in Structural Causal Models (SCMs). The proposed approach integrates causal graph construction with data-driven intrusion detection, enabling the modeling of explicit cause–effect relationships among network features and attack behaviors. Specifically, causal structures are learned using constraint-based and optimization-driven algorithms, followed by the application of do-calculus to estimate interventional effects and isolate genuine causal influences on attack predictions. Furthermore, a counterfactual reasoning module is incorporated to generate instance-level explanations, allowing the system to answer "what-if" queries and identify minimal feature perturbations that alter classification outcomes. The framework is evaluated on benchmark datasets, including NSL-KDD and CICIDS2017, with additional validation on the TON_IoT dataset to assess generalizability across heterogeneous network environments. Experimental results demonstrate that the proposed method achieves competitive detection performance while significantly improving interpretability, as evidenced by higher explanation fidelity and stability compared to SHAP- and LIME-based baselines. This work contributes a unified integration of causal inference and explainable AI within intrusion detection systems, offering a principled and interpretable framework that advances trustworthy cyber threat analysis.

Keywords: Explainable Artificial Intelligence, Structural Causal Models, Cyber Threat Detection, Intrusion Detection Systems, Counterfactual Reasoning, Causal Inference

Download Full Article (PDF)