Recently, there has been a surge in cyberattacks targeting the Internet of Health Things (IoHT), increasing the urgency for advancing network intrusion detection systems (IDS). Machine learning techniques, especially deep neural networks (DNNs), are demonstrating potential in improving the precision of detection methods. Despite their advantages, the complexity of DNNs can obscure their decision-making process, impacting their acceptance in security-critical environments. To improve the transparency of DNN models, we propose a novel post-hoc interpretation method that applies a perturbation-based approach with an optimized mask applied to an autoencoder model for IDS. More importantly, we leverage contrastive learning to maintain perturbed samples within the original feature space, reducing the risk of misclassification due to sample drift and ensuring a clear interpretation of the mask. We validate our approach using the NSL-KDD and UNSW15 datasets, showing that it provides clearer and more robust explanations compared to existing methods. This enhancement in interpretability is pivotal for healthcare cybersecurity experts to gain insights into the decision-making processes of black-box models.
