Intrusion Detection for MQTT IoT Traffic using Evolutionary Feature Selection, Ensemble Learning, and Explainable AI
S. Rimlon Shibi, T P Ramachandran
Abstract
The rapid proliferation of Internet of Things (IoT) devices has positioned the Message Queuing Telemetry Transport (MQTT) protocol as a lightweight and efficient choice for constrained environments. However, its minimal built-in security mechanisms leave it vulnerable to diverse cyberattacks, threatening the reliability of IoT services. This paper introduces a unified, high-performance intrusion detection framework specifically designed for MQTT traffic, addressing the dual challenge of detection accuracy and operational transparency. The approach integrates evolutionary feature selection, ensemble learning, and explainable AI to deliver both technical robustness and analyst interpretability. The Chimp Optimization Algorithm (ChOA) is employed to identify a compact and highly informative feature subset, reducing model complexity, while the Synthetic Minority Over-Sampling Technique (SMOTE) mitigates class imbalance for fairer detection across all attack types. A stacked ensemble, combining Gradient Boosting and LightGBM with Logistic Regression as the meta-learner, achieves 95.0% accuracy and a weighted F1-score of 0.95 on the MQTTSet dataset, with an average inference time of only 2.1 ms per instance— demonstrating real-time feasibility. SHapley Additive exPlanations (SHAP) provide feature-level interpretability, enabling actionable security insights. Compared to prior studies, this is the first framework to integrate ChOA, SMOTE, stacked ensembles, and SHAP for MQTT intrusion detection, offering a scalable, explainable, and deployment-ready solution to enhance trust and resilience in IoT networks.