An explainable Recursive Feature Elimination to detect Advanced Persistent Threats using Random Forest classifier

V. CONCLUSION This study developed an interpretable Intrusion Detection System (IDS) capable of detecting Advanced Persistent Threats (APTs) with high accuracy. By integrating Recursive Feature Elimination (RFE) and Random Forest (RF), the framework efficiently reduced dimensionality and improved detection performance . SHapley Additive exPlanations (SHAP) was integrated to provide both global and instance - level interpretability, enabling transparent insight into the model's decision - making process. Experimental evaluation demonstrated that the system achieved a detection accuracy of 99.9% and exhibited robust performance . Future work will evaluate the proposed RF - RFE framework in real - time deployment environments, where rapid response is crucial . Deep learning and ensemble - based models, such as Long Short - Term Memory (LSTM) networks can be explored to better capture temporal patterns in evolving cyber threats. These enhancements can improve the system's effectiveness and operational relevance in real - world intrusion detection scenarios. The framework will also be benchmarked against advanced classifiers, including LSTM, XGBoost, and ge nerative AI - based techniques to compare performance in terms of accuracy, interpretability, and adaptability.