Abstract This study presents an interpretable cyber threat detection framework using SHAP-based Explainable AI (XAI) for classroom data security systems. Addressing vulnerabilities in educational digital ecosystems, the research analyzes a simulated dataset containing diverse threat categories including insider threats, phishing, unauthorized access, data breaches, and malware to develop a transparent, predictive intrusion detection model. The methodology employs tree-based classifiers enhanced with SHAP values to quantify... This study presents an interpretable cyber threat detection framework using SHAP-based Explainable AI (XAI) for classroom data security systems. Addressing vulnerabilities in educational digital ecosystems, the research analyzes a simulated dataset containing diverse threat categories including insider threats, phishing, unauthorized access, data breaches, and malware to develop a transparent, predictive intrusion detection model. The methodology employs tree-based classifiers enhanced with SHAP values to quantify feature contributions, enabling both global and local interpretability of threat predictions. Key findings reveal that insider threats (n=218) and phishing attacks (n=204) dominate the threat landscape, underscoring human-centric vulnerabilities over purely technical exploits. Threat severity distribution is relatively balanced across low, medium, and high categories, supporting robust multi-class classification. Analysis of access levels indicates administrative and standard user accounts represent primary attack surfaces, highlighting the need for stringent privilege management. SHAP interpretability results identify system response time as the most influential predictive feature, demonstrating that behavioral and performance anomalies are critical indicators of malicious activity. The study advocates for adaptive, behavior centric cybersecurity frameworks integrating User Behavior Analytics, Role-Based Access Control, data centric protection strategies, and continuous user awareness training. By bridging predictive accuracy and model transparency, the SHAP enhanced approach empowers security analysts to understand the rationale behind detections, reduce false positives, and respond effectively to evolving threats. Ultimately, this research contributes a comprehensive, interpretable methodology for safeguarding smart educational environments, emphasizing that effective cybersecurity requires combining technical defenses with human-factor considerations and explainable artificial intelligence. Read More Read Less

Abstract Cybersecurity education and threat intelligence increasingly require structured, interpretable frameworks to manage complex and heterogeneous security data. This study introduces AISecKG, a comprehensive cybersecurity knowledge graph dataset comprising 1,460+ entities and 726 semantic relations, designed to bridge the gap between theoretical ontology construction and practical application. Employing a layered architecture, we systematically analyze the graph's structural and semantic properties through network topology metrics, community detection,... Cybersecurity education and threat intelligence increasingly require structured, interpretable frameworks to manage complex and heterogeneous security data. This study introduces AISecKG, a comprehensive cybersecurity knowledge graph dataset comprising 1,460+ entities and 726 semantic relations, designed to bridge the gap between theoretical ontology construction and practical application. Employing a layered architecture, we systematically analyze the graph's structural and semantic properties through network topology metrics, community detection, and embedding techniques. Network analysis reveals a sparse, hierarchical topology with a density of 0.0018 and an average clustering coefficient of 0.0227, indicating specialized relational patterns rather than dense interconnections. Centrality metrics identify Nmap and firewall as critical hub and bridging nodes, facilitating knowledge propagation across offensive and defensive domains. Application of the Louvain algorithm uncovers 20 distinct functional communities, ranging from network scanning to intrusion detection, confirming the graph's modular organization. Furthermore, TransE and Node2Vec embeddings successfully capture relational and structural semantics, effectively separating offensive tools, defensive mechanisms, and infrastructure components in vector space. These findings validate AISecKG's utility for downstream machine learning tasks, including entity classification and similarity search, while demonstrating its potential to enhance adaptive cybersecurity education. By transforming fragmented security data into actionable, semantically rich intelligence, this research addresses critical implementation gaps and offers a scalable, interpretable framework for both academic training and operational threat analysis. Read More Read Less

Abstract Information security has become a paramount concern in the modern digital era, where technology underpins most human activities. Despite technological advancements, human factors remain the most critical vulnerability, often representing the weakest link in security systems. This study explores the vital role of information security education in mitigating cyber risks, emphasizing that awareness training is a critical investment rather than a cost center. Consequently,... Information security has become a paramount concern in the modern digital era, where technology underpins most human activities. Despite technological advancements, human factors remain the most critical vulnerability, often representing the weakest link in security systems. This study explores the vital role of information security education in mitigating cyber risks, emphasizing that awareness training is a critical investment rather than a cost center. Consequently, strategic investments in training are vital. It examines the evolution of Intelligent Educational Systems (IES) and the responsibility of higher education institutions for developing cybersecurity talent amid the challenges of digital transformation. This research contributes to evolving domain practices. Furthermore, the study presents a detailed analysis of security incidents, categorizing them into data breaches, unauthorized access, and information leakage. Empirical findings indicate that human error and organizational issues are the predominant causes of incidents, surpassing technical vulnerabilities. The study also highlights significant reporting biases that obscure the true scale of cybersecurity threats, as many incidents remain undisclosed. An incident lifecycle framework is proposed to manage security events as dynamic processes rather than isolated occurrences. Ultimately, the analysis advocates for a holistic approach integrating technological controls with humancentric strategies and organizational governance. Enhancing security education, improving incident reporting mechanisms, and fostering a culture of awareness are essential for building resilience. As cyber threats evolve, a comprehensive, adaptive, and education driven approach is necessary to effectively address the complex nature of modern information security challenges. Read More Read Less