Hybrid CNN–LSTM and XGBoost Framework for Explainable Cyberattack Detection with Regulatory Compliance Analysis

This study presents the development and evaluation of a hybrid deep learning architecture that integrates a Convolutional Neural Network–Long Short-Term Memory (CNN-LSTM) model with an XGBoost classifier for network intrusion detection. The research aims to enhance both the accuracy and interpretability of intrusion detection systems by combining temporal feature learning with ensemble-based optimization. The models were trained and evaluated using a labeled intrusion detection dataset through an 80:20 stratified split, with performance assessed using accuracy, precision, recall, F1-score, and ROC-AUC metrics. The CNN-LSTM model effectively captured sequential patterns in network traffic, achieving an accuracy of 0.875 and a ROC-AUC of 0.872, while the hybrid CNN-LSTM combined with XGBoost slightly improved class discrimination, reaching an accuracy of 0.865 and a ROC-AUC of 0.877. Feature-importance analysis confirmed that the hybrid model provides transparent and explainable outputs, identifying key network features that contribute most to classification decisions. The results demonstrate that the proposed hybrid architecture offers a robust, interpretable, and efficient framework for real-time intrusion detection. Furthermore, the study highlights that transparent AI-based security systems align with ethical and governance principles by promoting accountability, traceability, and responsible application of artificial intelligence in cybersecurity operations.