ZTXPlainaAI an explainable deep learning framework for encrypted traffic anomaly detection in Zero Trust Networks

Abstract The rapid adoption of encrypted communication protocols has raised privacy levels but has also dealt a significant blow to traditional intrusion detection systems that rely on payload inspection for anomaly detection. This poses a monumental hurdle for Zero Trust Networks, as it requires persistent verification and a wide range of granular intrusion detection. Existing classical or deep learning-based solutions achieve fair performance. Nonetheless, they are severely constrained in their robustness to varying encryption protocols, interpretability for security experts, and susceptibility to adversarial attacks on changing test samples. These shortcomings highlight the need for a system that balances detection performance with transparency and adaptability. To address this challenge, this paper describes an explainable AI-based anomaly-detection framework, ZTXPlainaAI, for encrypted payloads in the context of Zero Trust Networks. Specifically, the framework uses EncXplainNet, a mixed deep learning model featuring CNNs to extract local features, GRUs to capture temporal ordering, and an attention mechanism for human-interpretable decision-making. Additionally, SHAP-based feature attribution enhances transparency and interpretability, providing post hoc explanations to analysts. An adaptive reinforcement and feedback loop that further enables the model to adapt to changing traffic conditions over time. Due to the meticulously curated methods used in our evaluation, EncXplainNet achieves fully explained underpinnings for its decision processes, outperforming state-of-the-art models in our extensive experiments on the CIC-IDS2019 encrypted traffic subset. The accuracy, F1-score and AUC we achieved are 0.96, 0.96, and 0.98, respectively. Finally, we demonstrate the robustness of our method through extensive ablation studies, showing its stability across unseen protocols, data-record noise, and adversarial attacks. As such, ZTXPlainaAI provides an explainable anomaly detection solution that meets ZTX Security’s operational constraints by balancing accuracy, robustness, and explainability.