Enhancing Internet of Things (IoT) Network Security: A Machine Learning-Driven Framework for Real-Time Intrusion Detection and Anomaly Classification
Article Sidebar
Main Article Content
Abstract
The rapid proliferation of IoT devices presents serious IoT network cybersecurity threats; hence, advanced IDSs are necessary. Signature and rule-based IDS mechanisms cannot address novel attacks, generate excessive alarms, and are computationally inefficient. Therefore, in response, in this paper, a machine learning IDS for IoT network real-time intrusion detection and anomaly categorization is proposed via black widow optimization (BWO) for optimal feature and hyperparameter selection. The IDS employs standard machine learning models, such as random forest and support vector machines (SVMs), and deep models, such as long short-term memory (LSTM), to address IoT environment nuances. The framework is evaluated on Bot-IoT and UNSW-NB15 datasets, such as various IoT-based attacks and normal traffic. The BWO algorithm maximizes feature reduction; for Bot-IoT, 57.1%; and for UNSW-NB15, 55.1%, while retaining better detection accuracy. Experimental evidence demonstrates the strength of the framework, where LSTM offers optimal detection accuracy (99.1%) and low false alarms (0.9%). The SVM model is computationally efficient and has a low training time (90 s), inference time (10 ms), space (200 MB) and power (40 joules). The framework's scalability is also an advantage, maintaining good precision despite expanding the dataset, and is therefore perfect for extensive IoT networks. The ability of BWO to rapidly converge ensures timely and efficient optimization, which is crucial for IoT applications in practice. The tradeoff between the capability to detect and the computational cost is achieved by the framework, overcoming the drawbacks of traditional IDSs and providing an efficient solution for IoT network protection. In conclusion, our solution innovates IoT security by using BWO and machine learning to ensure accurate detection, computational power, and scalability. The developed framework presents an efficient and effective solution for real-time intrusion detection, addressing the IoT's current and future needs for cybersecurity.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] Y. Guo, “A review of Machine Learning-based zero-day attack detection: Challenges and future directions,” Computer communications, vol.198, pp. 175-185, 2023.
[2] I. Stellios, P. Kotzanikolaou, and M. Psarakis, “Advanced Persistent Threats and Zero-Day Exploits in Industrial Internet of Things,” Security and Privacy Trends in the Industrial Internet of Things, pp.47-68, 2019.
[3] M. Sankaram, M. Roopesh, S. Rasetti, and N. Nishat, “A comprehensive review of artificial intelligence applications in enhancing cybersecurity threat detection and response mechanisms,” Management, vol. 3, no. 5, 2024.
[4] F. A. Aboaoja, A. Zainal, F. A. Ghaleb, B. A.S. Al-Rimy, T. A. E. Eisa, and A. A. H. Elnour, “Malware detection issues, challenges, and future directions: A survey,” Applied Sciences, vol. 12, no. 17, 2022.
[5] D. Manivannan, “Recent endeavors in machine learning-powered intrusion detection systems for the internet of things,” Journal of Network and Computer Applications, vol. 229, 2024.
[6] T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui, “Graph neural networks for intrusion detection: A survey,” IEEE Access, vol. 11, pp.49114-49139, 2023.
[7] L. Li, F. Qiang, and L. Ma,. “Advancing Cybersecurity: Graph Neural Networks in Threat Intelligence Knowledge Graphs,” In Proceedings of the International Conference on Algorithms, Software Engineering, and Network Security pp. 737-741, April 2024.
[8] G. Qian, J. Li, W. He, W. Zhang, and Y. Cao, “An online intrusion detection method for industrial control systems based on extended belief rule base,” International Journal of Information Security, vol. 23, no. 4, pp.2491-2514, 2024.
[9] Y. Otoum, and A. Nayak, “As-ids: Anomaly and signature based ids for the internet of things,” Journal of Network and Systems Management, vol. 29, no. 3, 2021.
[10] Y.Sharon, D. Berend, Y. Liu, A. Shabtai, and Y. Elovici,. “Tantra: Timing-based adversarial network traffic reshaping attack,” IEEE Transactions on Information Forensics and Security, vol. 17, pp.3225-3237, 2022
[11] S. Huda, S. Miah, M. Mehedi Hassan, R. Islam, J. Yearwood, M. Alrubaian, and A. Almogren, “Defending unknown attacks on ncyber-physical systems by semisupervised approach and available unlabeled data,” Information Sciences, vol. 379, pp. 211–228, 2017.
[12] F. Abri, S. Siami-Namini, M. A. Khanghah, F. M. Soltani, and A. S. Namin, “Can machine/deep learning classifiers detect zero-day malware with high accuracy?,” in 2019 IEEE International Conference on Big Data, pp. 3252–3259, 2019.
[13] M. Roopak, S. Parkinson, G. Y. Tian, Y. Ran, S. Khan, and B. Chandrasekaran, “An unsupervised approach for the detection of zero-day DDoS attacks in IoT networks,” The Institution of Engineering and Technology Journal, pp. 1-9, 2024.
[14] M. S. Haroon, and M. H. Ali, “Adversarial Training Against Adversarial Attacks for Machine Learning-Based Intrusion Detection Systems,” Computers, Materials & Continua, vol. 73, no. 2, 2022.
[15] F. Jemili, K. Jouini, and O. Korbaa, “Intrusion detection based on concept drift detection and online incremental learning,” International Journal of Pervasive Computing and Communications, vol. 21, no. 1, pp. 81-115, 2025.
[16] F. Zola, L. Segurola-Gil, J. L. Bruse, M. Galar, and R. Orduna-Urrutia, “Network traffic analysis through node behaviour classification: a graph-based approach with temporal dissection and data-level preprocessing,” Computers & Security, vol. 115, p.102632, 2022.
[17] D. H. Tran, and M. Park, “FN-GNN: A novel graph embedding approach for enhancing graph neural networks in network intrusion detection systems,” Applied Sciences, vol. 14, no. 16, p. 6932, 2024.
[18] M. Shoab, and L. Alsbatin,. “GRU Enabled Intrusion Detection System for IoT Environment with Swarm Optimization and Gaussian Random Forest Classification,” Computers, Materials & Continua, vol. 81, no. 1, pp. 625-642, 2024.
[19] R. M. Zaki and I. S. Naser, “Hybrid classifier for detecting zero-day attacks on IoT networks, ” Mesopotamian J. CyberSecurity, vol. 4, no. 3, pp. 59–74, 2024.
[20] S. H. Jadoaa, R. H. Ali, W. H. Abdulsalam, and E. M. Alsaedi, “The Impact of Feature Importance on Spoofing Attack Detection in IoT Environment, ” Mesopotamian J. CyberSecurity, vol. 5, no. 1, pp. 240–255, 2025.
[21] I. Sharafaldin, A. H., Lashkari, and A. A. Ghorbani,. “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” ICISSp, vol. 1, pp.108-116, 2018
[22] N. Moustafa, and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) ,” In 2015 military communications and information systems conference (MilCIS), pp. 1-6, 2015.
[23] Y. Yuan, W. Wang, and W. Pang, “A genetic algorithm with tree-structured mutation for hyperparameter optimisation of graph neural networks,” In 2021 IEEE Congress on Evolutionary Computation, pp. 482-489, 2021.
[24] N. Zarrinpanjeh, F. D. Javan, H. Azadi, P. De Maeyer, and F. Witlox, “Ant colony optimization parameter selection for shortest path problem,” In 24th International Society for Photogrammetry and Remote Sensing (ISPRS) , pp. 147-154, 2020.
[25] Luo, Y., Chen, R., Li, C., Yang, D., Tang, K. and Su, J., “An Improved Binary Simulated Annealing Algorithm and TPE-FL-LightGBM for Fast Network Intrusion Detection,” Electronics, vol. 14, no. 2, p.231, 2025.
[26] B. Selvakumar, and K. Muneeswaran, “Firefly algorithm based feature selection for network intrusion detection,” Computers & Security, vol 81, pp.148-155, 2019.