Explainable AI for Cybersecurity: From “Black Box” to Insight

We interviewed Tanjim Mahmud about his research within the project “A Novel Explainable Belief Rule-Based Framework to Predict Cybersecurity Threats,” which aims to develop models that not only detect threats, but also explain why they occur and how decisions are made.

Can you briefly describe the main focus of your research in this project?
The main focus of this research is to develop an explainable and trustworthy framework for predicting cybersecurity threats. Instead of only providing a prediction, the proposed belief rule-based (BRB) framework also explains why a specific activity is considered a threat. This helps security analysts understand, trust, and effectively act on the system’s decisions.


What problem in cybersecurity does your research aim to solve?
Many existing cybersecurity solutions rely on black-box machine learning models, which can be highly accurate but difficult to interpret. This lack of transparency creates challenges in decision-making, auditing, and compliance. Our research addresses this issue by providing a model that balances prediction accuracy with interpretability, enabling better human–machine collaboration in cybersecurity operations.


What are the main technical or practical challenges you face in your research?
One major challenge is handling uncertainty and incomplete information, which are common in real-world cybersecurity data. Another challenge is designing a system that remains interpretable while still achieving strong predictive performance. Additionally, integrating expert knowledge with data-driven learning in a consistent and scalable way requires careful model design and validation.


What makes your approach different from traditional machine learning methods used in cybersecurity?
Traditional machine learning models focus primarily on prediction performance, often at the cost of transparency. In contrast, our belief rule-based framework is inherently explainable. It generates human-readable rules and provides confidence levels for each decision. This allows security analysts to trace how conclusions are reached, making the system more suitable for real-world deployment where trust and accountability are essential.


What advice would you give to companies or organizations that want to improve their cybersecurity practices today?
Organizations should move beyond purely reactive security measures and adopt intelligent, explainable, and proactive systems. It is important to combine automated threat detection with human expertise and to ensure that security tools provide clear insights rather than just alerts. Regular training, data-driven decision-making, and transparency in security systems are key to building resilient cybersecurity infrastructures.


What motivated you to work in the field of cybersecurity?
I was motivated by the growing dependence of modern society on digital systems and the increasing risks associated with cyber threats. Cybersecurity is not only a technical challenge but also a matter of trust, safety, and social responsibility. The opportunity to develop solutions that are both technically robust and practically meaningful inspired me to pursue research in this field.


Looking ahead, what kind of impact do you hope your research will have, both academically and in real-world applications?
Academically, I hope this research contributes to advancing explainable artificial intelligence in cybersecurity and encourages further work on transparent decision-making models. In real-world applications, I aim for this framework to support security professionals by improving threat detection while enhancing trust, accountability, and informed decision-making in operational environments.