MACHINE LEARNING FOR IOT SECURITY: DETECTING AND MITIGATING CYBER ANOMALIES

Authors

  • Ashraf Osman Ibrahim Elsayed Department of Computing, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia
  • Hiba Ahmed Department of Information Technology, College of Customs, Medical Science and Technology, Khartoum, Sudan
  • Razan Alharith School of Computing and Artificial Intelligence, Southwest Jiaotong University, Chengdu, Sichuan, China
  • Nada Adam Department of Computer Science, the Applied College, Northern Border University, Arar, KSA

DOI:

https://doi.org/10.15282/ijsecs.11.1.2025.5.0137

Keywords:

Internet of Things (IoT), Cybersecurity, Cyber Anomalies, Anomaly Detection, Cyberattack Classification, Machine learning.

Abstract

Rapid IoT device proliferation creates critical security vulnerabilities often missed by conventional methods. This vital research evaluates seven machine learning models (Random Forest, Gradient Boosting, Neural Networks, kNN, SVM, Decision Tree, and Naive Bayes) for robust IoT anomaly detection using comprehensive ToN-IoT and BoT-IoT datasets. Random Forest and Gradient Boosting significantly advanced IoT security, demonstrating superior, often perfect, and performance on key metrics like AUC, accuracy, and F1. Neural Networks also excelled. SVM and kNN achieved high accuracy but showed varied sensitivity to rare attacks. Naive Bayes struggled with data complexity, while Decision Tree's operational failure on one dataset stressed the need for careful validation. This study underscores machine learning's potential to enhance IoT resilience. Performance variations and challenges such as class imbalance necessitate tailored solutions. These findings establish a foundation for future work in ensemble methods, explainable AI (XAI), feature engineering, and strategies for managing large-scale imbalanced data to fortify IoT security.

References

[1] A. Chatterjee and B. S. Ahmed, "IoT anomaly detection methods and applications: A survey," Internet of Things, vol. 19, p. 100568, 2022.

[2] J. Demšar et al., "Orange: data mining toolbox in Python," the Journal of machine Learning research, vol. 14, no. 1, pp. 2349-2353, 2013.

[3] M. Gao, L. Wu, Q. Li, and W. Chen, "Anomaly traffic detection in IoT security using graph neural networks," Journal of Information Security and Applications, vol. 76, p. 103532, 2023.

[4] X. Sáez-de-Cámara, J. L. Flores, C. Arellano, A. Urbieta, and U. Zurutuza, "Clustered federated learning architecture for network anomaly detection in large scale heterogeneous IoT networks," Computers & Security, vol. 131, p. 103299, 2023.

[5] D. Aggarwal, A. B. Saxena, and D. Sharma, "Mitigating Cybersecurity Risks in IoT: A Layered Approach to Threat Detection and Prevention," in 2025 4th International Conference on Sentiment Analysis and Deep Learning (ICSADL), 2025: IEEE, pp. 501-505.

[6] A. Abusitta, G. H. de Carvalho, O. A. Wahab, T. Halabi, B. C. Fung, and S. Al Mamoori, "Deep learning-enabled anomaly detection for IoT systems," Internet of Things, vol. 21, p. 100656, 2023.

[7] A. Devagopal, V. Menon, S. Ezekiel, and P. Chaudhary, "Exploring the tractability of data fusion models for detecting anomalies in IoT-based dataset," in Big data V: learning, analytics, and applications, 2023, vol. 12522: SPIE, pp. 82-89.

[8] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset," Future Generation Computer Systems, vol. 100, pp. 779-796, 2019.

[9] L. Aversano, M. L. Bernardi, M. Cimitile, R. Pecori, and L. Veltri, "Effective anomaly detection using deep learning in IoT systems," Wireless Communications and Mobile Computing, vol. 2021, no. 1, p. 9054336, 2021.

[10] N. Butt et al., "Intelligent deep learning for anomaly-based intrusion detection in IoT smart home networks," Mathematics, vol. 10, no. 23, p. 4598, 2022.

[11] S. Zehra et al., "Machine learning-based anomaly detection in NFV: A comprehensive survey," Sensors, vol. 23, no. 11, p. 5340, 2023.

[12] J.-P. Schulze, P. Sperl, and K. Böttinger, "Double-adversarial activation anomaly detection: Adversarial autoencoders are anomaly generators," in 2022 International Joint Conference on Neural Networks (IJCNN), 2022: IEEE, pp. 1-8.

[13] V. Mothukuri, P. Khare, R. M. Parizi, S. Pouriyeh, A. Dehghantanha, and G. Srivastava, "Federated-learning-based anomaly detection for IoT security attacks," IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2545-2554, 2021.

[14] D. Novoa-Paradela, Ó. Fontenla-Romero, and B. Guijarro-Berdiñas, "Adaptive Real-Time Method for Anomaly Detection Using Machine Learning," in Proceedings, 2020, vol. 54, no. 1: MDPI, p. 38.

[15] M. D. Nath and T. Bhattasali, "Anomaly detection using machine learning approaches," Azerbaijan Journal of High Performance Computing, vol. 3, no. 2, pp. 196-206, 2020.

[16] C. Malathi and I. N. Padmaja, "Identification of cyber attacks using machine learning in smart IoT networks," Materials Today: Proceedings, vol. 80, pp. 2518-2523, 2023.

[17] A. D. Khaleefah and H. M. Al-Mashhadi, "Detection of iot botnet cyber attacks using machine learning," Informatica, vol. 47, no. 6, 2023.

[18] F. Abbasi, M. Naderan, and S. E. Alavi, "Anomaly detection in Internet of Things using feature selection and classification based on Logistic Regression and Artificial Neural Network on N-BaIoT dataset," in 2021 5th International Conference on Internet of Things and Applications (IoT), 2021: IEEE, pp. 1-7.

[19] E. Benkhelifa, T. Welsh, and W. Hamouda, "A critical review of practices and challenges in intrusion detection systems for IoT: Toward universal and resilient systems," IEEE communications surveys & tutorials, vol. 20, no. 4, pp. 3496-3509, 2018.

[20] N. Moustafa, "A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets," Sustainable Cities and Society, vol. 72, p. 102994, 2021.

[21] A. Al Obaidli, D. Mansour, M. A. Shafi’i, N. B. Halima, and A. Al-Ghushami, "Machine learning approach to anomaly detection attacks classification in iot devices," in 2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC), 2023: IEEE, pp. 1-6.

[22] A. Borghesi, A. Bartolini, M. Lombardi, M. Milano, and L. Benini, "Anomaly detection using autoencoders in high performance computing systems," in Proceedings of the AAAI Conference on artificial intelligence, 2019, vol. 33, no. 01, pp. 9428-9433.

[23] E. Istratova, M. Grif, and D. Dostovalov, "Application of traditional machine learning models to detect abnormal traffic in the internet of things networks," in International Conference on Computational Collective Intelligence, 2021: Springer, pp. 735-744.

[24] Z. Ahmad et al., "Anomaly detection using deep neural network for IoT architecture," Applied Sciences, vol. 11, no. 15, p. 7050, 2021.

[25] P. Kumar, R. Kumar, G. P. Gupta, R. Tripathi, A. Jolfaei, and A. N. Islam, "A blockchain-orchestrated deep learning approach for secure data transmission in IoT-enabled healthcare system," Journal of Parallel and Distributed Computing, vol. 172, pp. 69-83, 2023.

[26] A. R. Gad, M. Haggag, A. A. Nashat, and T. M. Barakat, "A distributed intrusion detection system using machine learning for IoT based on ToN-IoT dataset," International Journal of Advanced Computer Science and Applications, vol. 13, no. 6, 2022.

[27] J. R. Quinlan, "Induction of decision trees," Machine learning, vol. 1, no. 1, pp. 81-106, 1986.

[28] D. E. Rumelhart, G. E. Hinton, and R. J. Williams, "Learning representations by back-propagating errors," nature, vol. 323, no. 6088, pp. 533-536, 1986.

[29] C. Cortes and V. Vapnik, "Support-vector networks," Machine learning, vol. 20, no. 3, pp. 273-297, 1995.

[30] T. Cover and P. Hart, "Nearest neighbor pattern classification," IEEE transactions on information theory, vol. 13, no. 1, pp. 21-27, 1967.

[31] A. McCallum and K. Nigam, "A comparison of event models for naive bayes text classification," in AAAI-98 workshop on learning for text categorization, 1998, vol. 752, no. 1: Madison, WI, pp. 41-48.

[32] L. Breiman, "Random forests," Machine learning, vol. 45, no. 1, pp. 5-32, 2001.

[33] T. Chen and C. Guestrin, "Xgboost: A scalable tree boosting system," in Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, 2016, pp. 785-794.

[34] G. Guo, X. Pan, H. Liu, F. Li, L. Pei, and K. Hu, "An IoT intrusion detection system based on TON IoT network dataset," in 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), 2023: IEEE, pp. 0333-0338.

Downloads

Published

2025-08-08

Issue

Vol. 11 No. 1 (2025): International Journal of Software Engineering and Computer Systems

Section

Full Length Article

License

Copyright (c) 2025 Hiba Ahmed, Razan Alharith, Ashraf Osman Ibrahim,* and Nada Adam

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

[1]
A. O. Ibrahim Elsayed, H. Ahmed, R. Alharith, and N. Adam, “MACHINE LEARNING FOR IOT SECURITY: DETECTING AND MITIGATING CYBER ANOMALIES”, IJSECS, vol. 11, no. 1, pp. 59–69, Aug. 2025, doi: 10.15282/ijsecs.11.1.2025.5.0137.

Similar Articles

1-10 of 54

You may also start an advanced similarity search for this article.