Existing explainable intrusion detection systems (X-IDS) lack rigorous, semantics-aware metrics for evaluating explanation quality. Method: This paper proposes a domain-knowledge-driven feature alignment metric that quantifies the consistency between X-IDS explanations and a predefined cybersecurity semantic feature set, by explicitly modeling domain-specific prior knowledge and mapping explanations onto this structured knowledge base. Contribution/Results: It is the first work to establish domain-informed semantic alignment as a core evaluation principle in XAI for IDS—moving beyond conventional fidelity- and simplicity-based assessment. Experiments across multiple X-IDS models and representative attack scenarios demonstrate that the metric effectively discriminates explanation quality, enabling security analysts to reliably assess explanation trustworthiness and guide targeted model refinement. The approach significantly enhances the interpretability and operational utility of X-IDS in real-world deployment.

Explainable artificial intelligence (XAI) methods have become increasingly important in the context of explainable intrusion detection systems (X-IDSs) for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties such as fidelity and simplicity, and neglect whether the explanation content is meaningful or useful within the application domain. In this paper, we introduce new evaluation metrics measuring the quality of explanations from X-IDSs. The metrics aim at quantifying how well explanations are aligned with predefined feature sets that can be identified from domain-specific knowledge bases. Such alignment with these knowledge bases enables explanations to reflect domain knowledge and enables meaningful and actionable insights for security analysts. In our evaluation, we demonstrate the use of the proposed metrics to evaluate the quality of explanations from X-IDSs. The experimental results show that the proposed metrics can offer meaningful differences in explanation quality across X-IDSs and attack types, and assess how well X-IDS explanations reflect known domain knowledge. The findings of the proposed metrics provide actionable insights for security analysts to improve the interpretability of X-IDS in practical settings.