Real-time explainable IoT security with machine learning and CTGAN-enhanced detection for resource-constrained devices

The security threats and risks posed by Internet of Things (IoT) devices have been increasing significantly in recent times. Hence, an Intrusion Detection System (IDS) is required to handle and filter out cyber-attacks. Traditional IDSs face a major challenge in class imbalance within the data, which is the case for many real-world datasets related to intrusion, and a lack of model interpretability. In this paper, we introduce a novel IDS by fusing Generative Adversarial Network (GAN) and Explainable AI (XAI) techniques. Our proposed IDS uses Conditional Tabular GAN (CTGAN) as the synthetic data generator to address class imbalance issues. Additionally, in order to have global and local model interpretability of the proposed IDS, two XAI approaches are followed: SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed IDS achieves accuracy between 97.20% and 100%, F1 score between 89.34% and 100%, test time from 0.0104 s to 0.5686 s, and model size ranging from 2.73 kB to 1510 kB across different datasets. To validate practical applicability, we deploy the best-performing models on a resource-constrained edge device (e.g., Jetson Nano), achieving efficient testing times and demonstrating suitability for real-time applications. We conduct a quantitative comparison with state-of-the-art methods, demonstrating improved performance, enhanced interpretability, and increased model transparency through XAI integration.