<rdf:RDF xmlns:rdf="http://www.openarchives.org/OAI/2.0/rdf/" xmlns:ow="http://www.ontoweb.org/ontology/1#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://dspace.org/ds/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:doc="http://www.lyncode.com/xoai" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/rdf/ http://www.openarchives.org/OAI/2.0/rdf.xsd">
   <ow:Publication rdf:about="oai:digibug.ugr.es:10481/106262">
      <dc:title>Evaluation of Explainable, Interpretable and Non-Interpretable Algorithms for Cyber Threat Detection</dc:title>
      <dc:creator>Trillo Vílchez, José Ramón</dc:creator>
      <dc:creator>González-López, Felipe</dc:creator>
      <dc:creator>Morente-Molinera, Juan Antonio</dc:creator>
      <dc:creator>Magán-Carrión, Roberto</dc:creator>
      <dc:creator>García Sánchez, Pablo</dc:creator>
      <dc:subject>Cybersecurity</dc:subject>
      <dc:subject>Explainability</dc:subject>
      <dc:subject>Interpretability</dc:subject>
      <dc:description>As anonymity-enabling technologies such as VPNs and proxies become increasingly exploited for malicious purposes, detecting traffic associated with such services emerges as&#xd;
a critical first step in anticipating potential cyber threats. This study analyses a network&#xd;
traffic dataset focused on anonymised IP addresses—not direct attacks—to evaluate and&#xd;
compare explainable, interpretable, and opaque machine learning models. Through advanced preprocessing and feature engineering, we examine the trade-off between model&#xd;
performance and transparency in the early detection of suspicious connections. We evaluate&#xd;
explainable ML-based models such as k-nearest neighbours, fuzzy algorithms, decision&#xd;
trees, and random forests, alongside interpretable models like naïve Bayes, support vector&#xd;
machines, and non-interpretable algorithms such as neural networks. Results show that&#xd;
neural networks achieve the highest performance, with a macro F1-score of 0.8786, but&#xd;
explainable models like HFER offer strong performance (macro F1-score = 0.6106) with&#xd;
greater interpretability. The choice of algorithm depends on project-specific needs: neural&#xd;
networks excel in accuracy, while explainable algorithms are preferred for resource efficiency and transparency, as stated in this work. This work underscores the importance of&#xd;
aligning cybersecurity strategies with operational requirements, providing insights into&#xd;
balancing performance with interpretability.</dc:description>
      <dc:date>2025-09-11T11:22:39Z</dc:date>
      <dc:date>2025-09-11T11:22:39Z</dc:date>
      <dc:date>2025-07-31</dc:date>
      <dc:type>journal article</dc:type>
      <dc:identifier>Trillo, J.R.; GonzálezLópez, F.; Morente-Molinera, J.A.; Magán-Carrión, R.; García-Sánchez, P. Evaluation of Explainable, Interpretable and Non-Interpretable Algorithms for Cyber Threat Detection. Electronics 2025, 14, 3073. https://doi.org/10.3390/electronics14153073</dc:identifier>
      <dc:identifier>https://hdl.handle.net/10481/106262</dc:identifier>
      <dc:identifier>10.3390/electronics14153073</dc:identifier>
      <dc:language>eng</dc:language>
      <dc:rights>http://creativecommons.org/licenses/by/4.0/</dc:rights>
      <dc:rights>open access</dc:rights>
      <dc:rights>Atribución 4.0 Internacional</dc:rights>
      <dc:publisher>MDPI</dc:publisher>
   </ow:Publication>
</rdf:RDF>