An Intelligent Intrusion Detection System for Internet of Things Attack Detection and Identification Using Machine Learning

Keywords: Internet of things networks, Intrusion detection system, Machine learning, Intelligent attack classification, Identification


The usability and scalability of Internet of things (IoT) technology are expanding in such a way that they facilitate human living standards. However, they increase the vulnerabilities and attack vectors over IoT networks as well. Thus, more security challenges could be expected and encountered, and more security services and solutions should be provided. Although many security techniques propose and promise good solutions for that intrusion detection systems IDSs still considered the best. Many works proposed machine learning (ML)-based IDSs for IoT attack detection and classification. Nevertheless, they suffer from two main gaps. First, few of the works utilized or could analyze an up-to-date version of IoT-based attack behaviors. Second, few of the works can be considered as multi-class attack detection and classification. Therefore, this work proposes an intelligent IDS (IIDS) by exploiting the ability of ML algorithms to classify and identify malicious from benign behaviors among IoT network packets. Three ML classifier algorithms are investigated, which are K-Nearest Neighbor, support vector machine, and artificial neural network. The developed models have been trained and tested as binary and multi-class classifiers against 15 types of attacks and benign. This work employs an up-to-date dataset known as IoT23, which covers millions of malicious and benign behaviors of IoT-connected devices. The process of developing the proposed IIDSs goes under different preprocessing phases and methods, such as null value solving, SMOTE method for the imbalanced datasets, data normalization, and feature selections. The results present IIDSs as good binary and multi-class classifiers even for zero-day attacks.


Download data is not yet available.

Author Biographies

Trifa S. Othman, Department of Software Engineering, Faculty of Engineering, Koya University, Koya KOY45, Kurdistan Region - F.R. Iraq

Trifa S. Othman is an M.Sc. student at the department of Software Engineering, Koya University, Iraq.

Saman M. Abdullah, Department of Software Engineering, Faculty of Engineering, Koya University, Koya KOY45, Kurdistan Region - F.R. Iraq

Saman M. Abdullah is an Assistant Prof. at the Department of Software Engineering, Faculty of Engineering Koya University. He got the B.Sc. degree in Electronic Einggering, the M.Sc. degree in Computer Security and the Ph.D. degree in Malware Detection Systems. His research interests are in IoT Security, Machine Learning and Data Science. Dr. Saman is a member of IEEE and ACM Society.


Abdulla, S.M., Al-Dabagh, N.B., and Zakaria, O., 2010. Identify features and parameters to devise an accurate intrusion detection system using artificial neural network. International Journal of Computer and Information Engineering, 4, pp.1553-1557.

Alfarshouti, A.M., and Almutairi, S.M., 2022. An intrusion detection system in IoT environment using KNN and SVM classifiers. Webology, 19, pp.130-143.

Aslam, M., Ye, D., Tariq, A., Asad, M., Hanif, M., Ndzi, D., Chelloug, S.A., Elaziz, M.A., Al-Qaness, M.A.A., and Jilani, S.F., 2022. Adaptive machine learning based distributed denial-of-services attacks detection and mitigation system for SDN-enabled IoT. Sensors(Basel), 22, p.2697.

Bhandari, A., 2020. Everything you Should Know about Confusion Matrix for Machine Learning’, Analytics Vidhya. Available from:,by%20the%20machine%20learning%20model [Last accessed on 2022 Aug 26].

Chen, K., Zhang, S., Li, Z., Zhang, Y., Deng, Q., Ray, S., and Jin, Y., 2018. Internet-of-things security and vulnerabilities: Taxonomy, challenges, and practice. Journal of Hardware and Systems Security, 2, pp.97-110.

Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., and Buchanan, W.J., 2021. An experimental analysis of attack classification using machine learning in IoT networks. Sensors (Basel), 21, p.446.

Fatayer, T.S., and Azara, M.N., 2019. IoT secure communication using ANN classification algorithms. In: 2019 International Conference on Promising Electronic Technologies (ICPET). IEEE, New Jersey, pp.142-146.

Garcia, S., Parmisano, A., and Erquiaga, M.J., 2020. IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic. Stratosphere Lab., TechRep, Praha, Czech Republic.

Giusto, D., Iera, A., Morabito, G., and Atzori, L., 2010. The Internet of Things: 20th Tyrrhenian Workshop on Digital Communications. Springer Science and Business Media, Berlin.

Gopi, R., Sathiyamoorthi, V., Selvakumar, S., Manikandan, R., Chatterjee, P., Jhanjhi, N.Z., and Luhach, A.K., 2021. Enhanced method of ANN based model for detection of DDoS attacks on multimedia internet of things. Multimedia Tools and Applications, pp.1-19.

Hanif, S., Ilyas, T., and Zeeshan, M., 2019. Intrusion Detection in IoT using Artificial Neural Networks on UNSW-15 Dataset. In: 2019 IEEE 16th International Conference on Smart Cities: Improving Quality of Life using ICT & IoT and AI (HONET-ICT). IEEE, New Jerssey, pp.152-156.

Ho, E.S.L., 2022. Data security challenges in deep neural network for healthcare IoT systems. In: Security and Privacy Preserving for IoT and 5G Networks. Springer, Berlin.

Iman, A.I.N., 2022. Low Rate DDOS attack Detection using KNN on SD-IOT. Universitas Muhammadiyah Malang, Indonesia.

Islam, U., Muhammad, A., Mansoor, R., Hossain, M.S., Ahmad, I., Eldin, E.T., Khan, J.A., Ur Rehman, A., and Shafiq, M., 2022. Detection of Distributed Denial of Service (DDoS) attacks in IOT based monitoring system of banking sector using machine learning models. Sustainability, 14, p.8374.

Kareem, M.I., and Jasim, M.N., 2022. Fast and accurate classifying model for denial-of-service attacks by using machine learning. Bulletin of Electrical Engineering and Informatics, 11, pp.1742-1751.

Kumari, K., and Mrunalini, M., 2022. Detecting denial of service attacks using machine learning algorithms. Journal of Big Data, 9, p.56.

Lee, S.J., and Zeng, X., 2008. A Modular Method for Estimating Null Values in Relational Database Systems. In: 2008 Eighth International Conference on Intelligent Systems Design and Applications. IEEE, New Jerssey, pp.415-419.

Li, W., Yi, P., Wu, Y., Pan, L., and Li, J., 2014. A new intrusion detection system based on KNN classification algorithm in wireless sensor network. Journal of Electrical and Computer Engineering, 2014, p.240217.

Li, Z., Rios, A.L.G., and Trajković, L., 2021. Classifying Denial of Service Attacks Using Fast Machine Learning Algorithms. In: 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, New Jerssey, pp.1221-1226.

Majeed Alhammadi, N.A., 2022. Comparative study between (SVM) and (KNN) classifiers by using (PCA) to improve of intrusion detection system. Iraqi Journal of Intelligent Computing and Informatics (IJICI), 1, pp.22-33.

Malik, M., and Dutta, M., 2022. Security Challenges in Internet of Things (IoT) integrated power and energy (PaE) systems. In: Intelligent Data Analytics for Power and Energy Systems. Springer Nature, Berlin, pp.555-566.

Mehmood, A., Khan, A.N., and Elhadef, M., 2022. HeuCrip: A malware detection approach for internet of battlefield things. Cluster Computing, 26, pp.977-992.

Nagisetty, A., and Gupta, G.P., 2019. Framework for Detection of Malicious Activities in IoT Networks using Keras Deep Learning Library. In: 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). IEEE, United States, pp.633-637.

Nawir, M., Amir, A., Yaakob, N., and Bi Lynn, O., 2016. Internet of Things (IoT): Taxonomy of Security Attacks. In: 2016 3rd International Conference on Electronic Design (ICED). IEEE, United States, pp.321-326.

Garcia, S., Parmisano, A. and Equiaga, M.J. (2020). IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic (Version 1.0.0) [Data Set]. Europe: Zenodo.

Picon Ruiz, A., Gila, A.A., Irusta, U., and Huguet, J.E., 2020. Why deep learning performs better than classical machine learning? Dyna Ingenieria E Industria, 95, pp.119-122.

Radivilova, T., Kirichenko, L., Ageiev, D., and Bulakh, V., 2019. Classification Methods of Machine Learning to Detect DDoS Attacks. In: 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE, United States, pp. 207-210.

Saharkhizan, M., Azmoodeh, A., Dehghantanha, A., Choo, K.K.R., and Parizi, R.M., 2020. An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic. IEEE Internet of Things Journal, 7, pp.8852-8859.

Sanmorino, A., 2019. A study for DDOS attack classification method. Journal of Physics: Conference Series, 2019, p.012025.

Sewak, M., Sahay, S.K., and Rathore, H., 2018. Comparison of Deep Learning and the Classical Machine Learning Algorithm for the Malware Detection. In: 2018 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). IEEE, United States, pp.293-296.

Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., and Sakurai, K., 2019. A Sequential Scheme for Detecting Cyber Attacks in IoT Environment. In: 2019 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conferenced on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/ CBDCom/CyberSciTech). IEEE, United States, pp.238-244.

Tabassum, A., Erbad, A., Lebda, W., Mohamed, A., and Guizani, M., 2022. FEDGAN-IDS: Privacy-preserving IDS using GAN and federated learning. Computer Communications, 192, pp.299-310.

Tabassum, A., Erbad, A., Mohamed, A., and Guizani, M., 2021. Privacy preserving distributed IDS using incremental learning for IoT health systems. IEEE Access, 9, pp.14271-14283.

Weller-Fahy, D.J., Borghetti, B.J., and Sodemann, A.A., 2014. A survey of distance and similarity measures used within network intrusion anomaly detection. IEEE Communications Surveys and Tutorials, 17, pp.70-91.

Wongvorachan, T., He, S., and Bulut, O., 2023. A comparison of undersampling, oversampling, and SMOTE methods for dealing with imbalanced classification in educational data mining. Information, 14, p.54.

How to Cite
Othman, T. S. and Abdullah, S. M. (2023) “An Intelligent Intrusion Detection System for Internet of Things Attack Detection and Identification Using Machine Learning”, ARO-THE SCIENTIFIC JOURNAL OF KOYA UNIVERSITY, 11(1), pp. 126-137. doi: 10.14500/aro.11124.