To address the weak robustness, poor interpretability, and limited generalization of Network Intrusion Detection Systems (NIDS), this paper proposes ODXU, a neural-symbolic AI framework. ODXU integrates deep embedding clustering, XGBoost-based symbolic reasoning, and a novel dual-path uncertainty quantification (UQ) mechanism—comprising both score-based and metamodel-based UQ—alongside a first-of-its-kind transfer learning strategy tailored for cybersecurity. It enables zero-shot training and cross-dataset transfer. On CIC-IDS-2017, ODXU outperforms conventional deep models across all six evaluation metrics; on ACI-IoT-2023, it achieves superior performance using only 50% labeled data (16K samples) compared to full-data baselines. Metamodel-based UQ consistently surpasses score-based UQ. This work pioneers the synergistic integration of dual-path UQ into NIDS and delivers the first lightweight, efficient, interpretable, and highly generalizable transfer-learning-enabled NIDS framework.

Network Intrusion Detection Systems (NIDS) play a vital role in protecting digital infrastructures against increasingly sophisticated cyber threats. In this paper, we extend ODXU, a Neurosymbolic AI (NSAI) framework that integrates deep embedded clustering for feature extraction, symbolic reasoning using XGBoost, and comprehensive uncertainty quantification (UQ) to enhance robustness, interpretability, and generalization in NIDS. The extended ODXU incorporates score-based methods (e.g., Confidence Scoring, Shannon Entropy) and metamodel-based techniques, including SHAP values and Information Gain, to assess the reliability of predictions. Experimental results on the CIC-IDS-2017 dataset show that ODXU outperforms traditional neural models across six evaluation metrics, including classification accuracy and false omission rate. While transfer learning has seen widespread adoption in fields such as computer vision and natural language processing, its potential in cybersecurity has not been thoroughly explored. To bridge this gap, we develop a transfer learning strategy that enables the reuse of a pre-trained ODXU model on a different dataset. Our ablation study on ACI-IoT-2023 demonstrates that the optimal transfer configuration involves reusing the pre-trained autoencoder, retraining the clustering module, and fine-tuning the XGBoost classifier, and outperforms traditional neural models when trained with as few as 16,000 samples (approximately 50% of the training data). Additionally, results show that metamodel-based UQ methods consistently outperform score-based approaches on both datasets.