A Novel Intrusion Detection Framework Combining Light Feature Engineering, GAN-Based Feature Generation, and Attention-Driven Deep Learning for IoT MQTT Security

Ahmed Dib^1,*, Zina Oudina², Sabri Ghazi³

¹Networks and Systems Laboratory, Badji Mokhtar Annaba University Annaba, Algeria

²Embedded Systems Laboratory, Badji Mokhtar Annaba University Annaba, Algeria

³Laboratoire de Gestion Electronique de Document – LabGED, Badji MokhtarAnnabaUniversity Annaba, Algeria

Emails: ahmed.dib@univ-annaba.dz; zina.oudina@univ-annaba.org; Sabri.ghazi@univ-annaba.dz

Abstract

MQTT-based Internet of Things networks face major security problems because they have high-dimensional data, class imbalance, and no detection mechanisms that can be understood. This paper proposes a unified intrusion detection framework that integrates attention-based deep learning, GAN-driven data augmentation, and MDA-based feature selection (CNN-LSTM-Attention). The proposed pipeline outperforms both classical and recent state-of-the-art baselines. When tested on MQTTEEB-D, a real-world MQTT dataset with 200,000 flows, an accuracy of 99.12% and macro F1-score of 98.37 were achieved. However, the attention maps provide clear explanations for the obtained prediction, and the system performs well even against tough attacks such as SlowITe: 96–98%. Moreover, the system's very short inference time makes it possible to deploy on a real IoT gateway with limited resources. The synergistic combination of feature engineering, generative augmentation, and interpretable deep learning sets a standard for reliable and effective IoT/MQTT intrusion detection.

Keywords: IoT security; MQTT protocol; Intrusion detection; Feature engineering; MDA; GANs; Class imbalance; Attention mechanisms; Deep learning; Interpretability