XMID-MQTT: explaining machine learning-based intrusion detection system for MQTT protocol in IoT environment

The growing dependence on the internet of things (IoT) across diverse applications underscores the need for robust security measures to safeguard these systems from numerous cyber threats. MQTT, a lightweight messaging protocol specifically designed for IoT, is particularly vulnerable to cyberattacks due to its extensive usage and inherent security complexities. Intrusion detection systems (IDS) are pivotal in identifying and mitigating these threats. In our study, we used five classifiers to categorize network traffic as normal or one of several attack types (brute force, scan A, scan sU, Sparta) using the MQTT-IoT-IDS2020 dataset. The classifiers used include the RF, linear, and RBF SVM, CNN, and CNN-LSTM algorithms. Our findings highlight the efficacy of ML-based models in detecting MQTT intrusions, the RF classifier that demonstrates superior performance, achieving an impressive 99.9% accuracy. To provide clear and interpretable insights into AI model decisions and to understand which features most influence classifier decisions, this study introduces an innovative approach named XMID-MQTT (explaining machine learning-based intrusion detection system for MQTT protocol in an IoT environment). XMID-MQTT offers a comprehensive methodology for developing, training, and evaluating ML and DL models for multi-cyber attack classification of MQTT protocol traffic. Explainable artificial intelligence (XAI) techniques, including SHAP and LIME, are used to interpret the results of the classifier. The use of SHAP and LIME brings significant benefits by providing detailed explanations of model predictions and enhancing the AI models' transparency and interpretability. These techniques allow a deeper understanding of the model's decision-making process, identifying which features significantly impact predictions. This ensures model interpretability and fosters trust among users and stakeholders by making the AI's operations more comprehensible and reliable. Consequently, it facilitates the better adoption and integration of AI-driven IDS in IoT environments and provides a roadmap for further investigation in this evolving field. To our knowledge, this is the first study to apply XAI techniques, specifically SHAP and LIME methods, to the MQTT dataset, highlighting a key advancement in the field.