StaEn-IDS: An Explainable Stacking Ensemble Deep Neural Network-Based Intrusion Detection System for IoT

The demand for the Internet of Things (IoT) has increased exponentially because it connects devices, applications, and people, allowing smooth real-time communication and data sharing. This connectivity improves decision-making, making it more accurate and efficient. However, this also increases security risks. With millions of connected devices from different manufacturers using various protocols and IoT applications, ensuring IoT security is challenging. Moreover, IoT devices often have limited processing power and storage, making it harder to apply strong security measures, giving attackers an advantage. Single models can face issues like overfitting or being vulnerable to attacks. Combining multiple learning methods through ensemble techniques has effectively addressed these issues and improved performance. This paper proposes a stacking ensemble model. The approach integrates a Deep Intrusion Detection System (DIDS) with a Convolutional Neural Network (CNN) and a Long Short-Term Memory (LSTM) model. The Random Forest algorithm is used as a meta-classifier in the stacking process to improve accuracy. The model also addresses the challenge of detecting minority-class attacks in IoT traffic. We evaluate the approach on data derived from the CIC IoT 2022 dataset (pcap files converted to flow records using CICFlowMeter), and demonstrate real-time deployment on a resource-constrained edge device. Furthermore, we incorporate Explainable AI techniques to interpret the model's decisions, thereby improving user trust in the system. Our results show that the proposed model effectively and robustly detects intrusions in IoT environments.