Volume 18 , Issue 1 , PP: 01-21, 2026 | Cite this article as | XML | Html | PDF | Full Length Article
Ahmed Dib 1 * , Zina Oudina 2 , Sabri Ghazi 3
Doi: https://doi.org/10.54216/JCIM.180101
MQTT-based Internet of Things networks face major security problems because they have high-dimensional data, class imbalance, and no detection mechanisms that can be understood. This paper proposes a unified intrusion detection framework that integrates attention-based deep learning, GAN-driven data augmentation, and MDA-based feature selection (CNN-LSTM-Attention). The proposed pipeline outperforms both classical and recent state-of-the-art baselines. When tested on MQTTEEB-D, a real-world MQTT dataset with 200,000 flows, an accuracy of 99.12% and macro F1-score of 98.37 were achieved. However, the attention maps provide clear explanations for the obtained prediction, and the system performs well even against tough attacks such as SlowITe: 96–98%. Moreover, the system's very short inference time makes it possible to deploy on a real IoT gateway with limited resources. The synergistic combination of feature engineering, generative augmentation, and interpretable deep learning sets a standard for reliable and effective IoT/MQTT intrusion detection.
IoT security , MQTT protocol , Intrusion detection , Feature engineering , MDA , GANs , Class imbalance , Attention mechanisms , Deep learning , Interpretability
[1] M. B. Gorzalczany and F. Rudzinski, “Intrusion detection in Internet of Things with MQTT protocol—An accurate and interpretable genetic-fuzzy rule-based solution,” IEEE Internet of Things Journal, vol. 9, no. 24, pp. 24843–24855, 2022, doi: 10.1109/JIOT.2022.3194837.
[2] Al Hanif and M. Ilyas, “Effective feature engineering framework for securing MQTT protocol in IoT environments,” Sensors, vol. 24, no. 6, p. 1782, 2024, doi: 10.3390/s24061782.
[3] S. U. A. Laghari, W. Li, S. Manickam, P. Nanda, A. K. Al-Ani, and S. Karuppayah, “Securing MQTT ecosystem: Exploring vulnerabilities, mitigations, and future trajectoriers,” IEEE Access, vol. 12, pp. 139273–139289, 2024, doi: 10.1109/ACCESS.2024.3412030.
[4] Aqachtoul et al., “MQTTEEB-D: A real-world IoT cybersecurity dataset for AI-powered threat detection in MQTT networks,” Data in Brief, p. 111897, 2025, doi: 10.1016/j.dib.2025.111897.
[5] Ghubaish, Z. Yang, A. Erbad, and R. Jain, “LEMDA: A novel feature engineering method for intrusion detection in IoT systems,” IEEE Internet of Things Journal, vol. 11, no. 8, pp. 13247–13256, 2023, doi: 10.1109/JIOT.2023.3328795.
[6] Zeghida et al., “Enhancing IoT cyber attacks intrusion detection through GAN-based data augmentation and hybrid deep learning models for MQTT network protocol cyber attacks,” Cluster Computing, vol. 28, no. 1, p. 58, 2025, doi: 10.1007/s10586-024-04752-5.
[7] S. Ullah, W. Boulila, A. Koubaa, and J. Ahmad, “Attention-based hybrid deep learning model for intrusion detection in IIoT networks,” Procedia Computer Science, vol. 246, pp. 3323–3332, 2024, doi: 10.1016/j.procs.2024.09.307.
[8] P. Nimbalkar and D. Kshirsagar, “Feature selection for intrusion detection system in Internet-of-Things (IoT),” ICT Express, vol. 7, no. 2, pp. 177–181, 2021, doi: 10.1016/j.icte.2021.04.012.
[9] Salehiyan, P. S. Moghaddam, and M. Kaveh, “An optimized Transformer–GAN–AE for intrusion detection in edge and IIoT systems: Experimental insights from WUSTL-IIoT-2021, edgeIIoTset, and TON_IoT datasets,” Future Internet, vol. 17, no. 7, p. 279, 2025, doi: 10.3390/fi17070279.
[10] Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for intrusion detection using recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2017, doi: 10.1109/ACCESS.2017.2762418.
[11] U. C. Akuthota and L. Bhargava, “Transformer-based intrusion detection for IoT networks,” IEEE Internet of Things Journal, vol. 12, no. 5, pp. 6062–6067, 2025, doi: 10.1109/JIOT.2025.3525494
[12] S. Alsubaei, “Smart deep learning model for enhanced IoT intrusion detection,” Scientific Reports, vol. 15, no. 1, p. 20577, 2025, doi: 10.1038/s41598-025-06363-5.
[13] T. K. Boppana and P. Bagade, “GAN-AE: An unsupervised intrusion detection system for MQTT networks,” Engineering Applications of Artificial Intelligence, vol. 119, p. 105805, 2023, doi: 10.1016/j.engappai.2022.105805.
[14] N. Nadiah, A. Alamri, A. Aljuhani, and P. Kumar, “Transformer-based knowledge distillation for explainable intrusion detection system,” Computers & Security, vol. 154, p. 104417, 2025, doi: 10.1016/j.cose.2025.104417.
[15] Prajisha and A. R. Vasudevan, “An efficient intrusion detection system for MQTT-IoT using enhanced chaotic salp swarm algorithm and LightGBM,” International Journal of Information Security, vol. 21, no. 6, pp. 1263–1282, 2022, doi: 10.1007/s10207-022-00611-9.
[16] Y. Zhu, D. Han, and X. Yin, “A hierarchical network intrusion detection model based on unsupervised clustering,” in Proc. 13th Int. Conf. Management of Digital EcoSystems, 2021, pp. 22–29, doi: 10.1145/3444757.3485098.
[17] Siddharthan, T. Deepa, and P. Chandhar, “Senmqtt-set: An intelligent intrusion detection in IoT-MQTT networks using ensemble multi cascade features,” IEEE Access, vol. 10, pp. 33095–33110, 2022, doi: 10.1109/ACCESS.2022.3161566.
[18] S. Rahman, S. Pal, S. Mittal, T. Chawla, and C. Karmakar, “SYN-GAN: A robust intrusion detection system using GAN-based synthetic data for IoT security,” Internet of Things, vol. 26, p. 101212, 2024, doi: 10.1016/j.iot.2024.101212.
[19] M. A. Alsharaiah et al., “An explainable AI-driven transformer model for spoofing attack detection in Internet of Medical Things (IoMT) networks,” Discover Applied Sciences, vol. 7, no. 5, p. 488, 2025, doi: 10.1007/s42452-025-07071-5.
[20] Guo, T. Yang, and D. Zhang, “On the implications of artificial intelligence methods for feature engineering in reliability sector,” Alexandria Engineering Journal, vol. 117, pp. 463–471, 2025, doi: 10.1016/j.aej.2024.12.094
[21] S. Zhao et al., “A survey on small sample imbalance problem: Metrics, feature analysis, and solutions,” arXiv preprint arXiv: 2504.14800 , 2025, doi: 10.48550/arXiv.2504.14800 .
[22] Alsaiari and M. Ilyas, “A hybrid CNN-LSTM deep learning model for intrusion detection in smart grid,” arXiv preprint arXiv: 2509.07208 , 2025.
[23] M. A. Khan et al., “A deep learning-based intrusion detection system for MQTT enabled IoT,” Sensors, vol. 21, no. 21, p. 7016, 2021, doi: 10.3390/s21217016.
[24] T. Sasi, A. H. Lashkari, R. Lu, P. Xiong, and S. Iqbal, “An efficient self attention-based 1D-CNN-LSTM network for IoT attack detection and identification using network traffic,” Journal of Information and Intelligence, pp. 375–400, 2024, doi: 10.1016/j.jiixd.2024.09.001 .
[25] P. M. Vijayan and S. Sundar, “An automated system of intrusion detection by IoT-aided MQTT using improved heuristic-aided autoencoder and LSTM-based deep belief network,” PLOS ONE, vol. 18, no. 10, p. e0291872, 2023, doi: 10.1371/journal.pone.0291872.
[26] Allaga, M. Biniz, and A. Farchane, “MQTTEEB-D: A high-fidelity benchmark for real-time MQTT anomaly detection using machine learning techniques,” Ad Hoc Networks, p. 104062, 2025, doi: 10.1016/j.adhoc.2025.104062.
[27] Hindy et al., “Machine learning based IoT intrusion detection system: An MQTT case study (MQTT-IoT-IDS2020 dataset),” in Int. Networking Conf., 2020, pp. 73–84, doi: 10.1007/978-3-030-64758-2_6.
[28] X. Yin, Z. Liu, D. Liu, and X. Ren, “A novel CNN-based Bi-LSTM parallel model with attention mechanism for human activity recognition with noisy data,” Scientific Reports, vol. 12, no. 1, p. 7878, 2022, doi: 10.1038/s41598-022-11880-8
