<![CDATA[With With the rapid growth of IoT, securing interconnected devices against cyber threats has become critical. IoT datasets such as ToN-IoT are often high-dimensional, which poses challenges for efficient and accurate intrusion detection. Moreover, interpretable models are essential to help security analysts understand and trust automated decisions. Intrusion Detection Systems (IDS) powered by machine learning offer promising solutions, especially when trained on realistic datasets such as ToN_IoT. However, achieving a balance between high accuracy, computational efficiency, and model interpretability remains a challenge. This study proposes an efficient and interpretable IDS framework for binary classification using the ToN_IoT dataset, aiming to identify the optimal feature selection method and ensemble learning model while leveraging explainable artificial intelligence to interpret model decisions. A quantitative experimental approach was adopted, applying and comparing Principal Component Analysis (PCA) and Recursive Feature Elimination (RFE) for feature selection, and evaluating the performance of LightGBM, XGBoost, and Random Forest classifiers using Accuracy, F1-score, Precision, Recall, and training time. RFE outperformed PCA, identifying 11 key features, and LightGBM emerged as the top-performing model with an accuracy of 99.72%, demonstrating both speed and strong generalization. SHAP (SHapley Additive exPlanations) was used to generate summary plots for global feature importance, enhancing the transparency and interpretability of IDS decisions. Overall, the combination of RFE and LightGBM resulted in a high-performing and explainable IDS framework, underscoring the importance of strategic feature selection and model choice. Compared to existing IDS approaches on the ToN-IoT dataset, our proposed framework not only achieves higher accuracy but also provides a rapid and lightweight solution. Additionally, by incorporating SHAP for feature importance analysis, our approach ensures clear model interpretability, allowing security analysts to understand and trust the system’s decisions. This combination of high performance, efficiency, and explainability highlights the practical advantages of our method over previous work. Future research will extend this framework to support multiclass classification and online learning for real-time threat detection.]]>
