Abstract
Due to domain variability and developing attack tactics, intrusion detection in heterogeneous and dynamic IoT systems is still a crucial challenge. For cross-domain intrusion detection, this paper proposes a novel algorithm, X-FuseRLSTM, a dual-path feature fusion framework that is attention guided and coupled with a residual LSTM architecture. The proposed algorithm is the combination of four major steps: first, feature extraction using deep encoder and sparse transformer; second, feature fusion of the extracted features and reducing the fused features; third, the classification model; and last, explainable artificial intelligence (XAI). The classification model used is a deep neural network and residual long short-term memory (RLSTM). The model effectively incorporates both spatial and temporal correlations in network traffic data, which improves its detection capability. The model predictions are explained using the XAI techniques. Extensive experiments on datasets including TON_IoT Network, NSL-KDD, and CICIoMT 2024 with both 19-class and 6-class variations show that X-FuseRLSTM achieves the highest accuracy of 99.40% on network, 99.72% on NSL-KDD, and 97.66% for 19-class and 98.05% for 6-class on CICIoMT 2024 datasets. The suggested method is appropriate for practical IoT security applications since it provides strong domain generalization and explainability while preserving computational efficiency.