LNKDSEA: Machine Learning Based IoT/IIoT

2023 International Conference on Advances in Electronics, Communication, Computing and Intelligent Information Systems (ICAECIS) | 979-8-3503-4805-7/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICAECIS58353.2023.10170095

Attack Detection Method

Manasa Koppula Leo Joseph L.M.I
Dept. Electronics and Communication Engineering Dept. Electronics and Communication Engineering
SR University SR University
Warangal, India Warangal, India
[email protected] [email protected]

Abstract— The Internet of Things (IoT) brings together
more devices that can communicate with one another while
requiring little user input. IoT is one of the computer disciplines
that is expanding rapidly, but the fact is that with the
increasingly intimidating Internet world, IoT is susceptible to
different kinds of cyberattacks. Practical defenses against this,
including network anomaly detection, must be built to secure
IoT networks. Attacks cannot be completely prevented forever,
but practical defense depends on the ability to identify an attack
as soon as possible. IoT systems cannot be protected by
conventional high-end security solutions because IoT devices
have a limited amount of storage and processing capability. This
suggests the need for the creation of smart network-based
solutions for cyberattacks, such as Machine Learning (ML).
Although the application of ML methods in detecting attacks
has numerous studies in recent years, attack detection in IoT
networks has received less attention. The major goal of this
study is to create and evaluate a hybrid ensemble algorithm
called LNKDSEA (Logistic regression, Na¨ıve Bayes, K-nearest
neighbor, Decision tree, and Support vector machine-based
Ensemble Algorithm). The proposed approach can efficiently
identify IoT network attacks including DDoS, information
gathering, Malware, Injection attacks, and Man-in-The-Middle-
Attack. The edge-IIoTset dataset is used to evaluate the
proposed model. During the implementation stage, the proposed
technique is evaluated by employing binary and multi-class (6
and 15 Class) classifications of cyberattacks, and high
performance is accomplished.
used for a very prolonged time to monitor manufacturing
apparatuses and processes and are a crucial component of
essential infrastructures. They carry out real-time device
monitoring and interaction, real-time information gathering
and analysis, and real-time event recording for all production
system occurrences. By integrating IoT technology into these
systems, improvement of network intelligence, automation
and optimizing industrial operations can be done [5].
IoT devices differ from traditional IT infrastructure in that
they have limited CPU, memory, and power capabilities and
are frequently used in adversarial, unstable, and diversified
environments. The integrated gadgets provide a huge selection
of digital services to help with daily activities. As a result, one
can quickly share data, control things over great distances, and
operate them. IoT device adoption is occurring quickly and
widely, which raises serious security issues. The key security
issues in the IoT space include authentication, authorization,
system setup, validation, access control, storage of data, and
administration verification. At any point, crucial information
could be altered or leaked [6]. There is no assurance related to
the privacy of customers, the security of IoT systems, or the
content they carry. In order to promote the widespread
adoption of IoT, strong security is necessary to give users a
sense of privacy regarding their data.

Keywords— Internet of Things, cyberattacks, anomaly

detection, Machine Learning

I. INTRODUCTION
The phrase Internet of Things was introduced by Kevin
Ashwin in 1999 [1]. The connectivity of objects that are
outfitted with various kinds of sensors, cutting-edge
technologies, and software is referred to as IoT [2].
Technology is reshaping the IT industry and becoming the
next significant technological advance after the Internet. The Fig. 1. Challenges with the security of IoT and IIoT Device [7].
number of IoT devices is anticipated to increase from more
than 15 billion in 2015 to more than 75 billion in 2025.
According to this forecast, at least 25 individual IoT gadgets
will be owned by every individual. IoT is therefore anticipated
to significantly alter everyone’s lives soon[3] The idea driving
IoT is to enable connections between people and intelligent
objects at any time, from any location to anyone and anything,
through any channel and platform. Thus, by adopting this
goal, IoT areas of application will continually and
significantly expand for every element of life. People can now
remotely detect and respond to circumstances thanks to the Fig. 2. Additional help required for IoT and IIoT devices [7]
wide adoption of IoT devices [4]. IoT’s wide range of
applications, scalability, and compatibility for smart systems
have all contributed to its recent spectacular rise. According to Tripwire’s survey, 99% of respondents have
trouble keeping their IoT devices secure, and 88% said they
The Industrial Internet of Things (IIoT) main idea is to use do not even presently have enough capabilities to do so [7]. In
IoT technologies in industrial control systems and have been terms of various industries, as per Kaspersky, organizations in

655

Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
 the industrial sector are worried regarding security
vulnerabilities and data breaches 53% of the time, trailed by a
shortage of in-house experts at 35%. Utility companies are
equally worried, with comparable percentages of 50% and
44% [8]. A poorly identified Session Manager backdoor that
was installed as a destructive module inside the well-known
Microsoft-edited web server Internet Information Services
(IIS) has been discovered by Kaspersky experts. Once it has
spread, Session Manager makes a variety of harmful
operations possible, from email collection to total command
over the infrastructure of the victim. The recently found
backdoor, which was first used in late March 2021, has
affected NGOs and governmental organizations in Africa,
South Asia, Europe, and the Middle East. The majority of the
targeted businesses continue to be infected [9], [10].
Information from Kaspersky Security Awareness Platform’s
phishing software reveals that employees frequently fail to
recognize dangers concealed in emails containing notices of
delivery problems and company difficulties. Approximately
one in five (16 to 18%) recipients of the email templates that
imitated these phishing emails clicked on the link [10]. In Q1
2022, there were 4.5 times as many Distributed Denial of
Service (DDoS) attacks than there were in Q1 2021, with a
significant portion of the assaults most likely the consequence
of hacker’s movement. The threats, especially those directed
at banks and governmental resources, also demonstrated an
unheard-of length for DDoS sessions [11].
Fig. 3. Barriers to IoT implementation [8]
Fig. 4. DDoS attacks occurred in Q1 2022, Q4 2021, and Q1 2021 [11].
Fig. 5. Duration of DDoS attacks: Q1 2022 and Q4 2021 as well as Q1 2021
[11].
Adversaries have access to sensitive data gathered through
IoT nodes when an IoT system is infiltrated, and they can also
stop the IoT network’s normal operations. IoT adoption will
be hindered by the lack of confidentiality, integrity, and
656
Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
information security. There are a number of well-known IoT
security risks, including information leak, spoofing, tag
cloning, Manin-the-Middle (MITM) attacks, physical
damage, hardware threats, reply attack, data access cloning,
side-channel attack, eavesdropping, Sybil attack, device
tampering, backoff manipulation, malicious code injection,
signal jamming, granted time slots, Distributed Denial of
Service (DDoS), etc [12]–[14].
The capability of a smart device to automate or alter a
knowledge-based condition can be characterized as machine
learning (ML), which is regarded as a crucial component of an
IoT application. ML is utilized in tasks like classification and
regression because they have the capacity to extract useful
insights from data produced by machines. Similarly, ML is
able to offer security amenities in an IoT network. The
practice of ML in the detection of attack issues is a topic that
is receiving a lot of attention, and ML is being employed more
and more in many cybersecurity scenarios. Only a small
amount of research has been done on effective detection
strategies appropriate for IoT contexts, despite the fact that
numerous findings in the literature have employed ML
algorithms to identify the superlative methods to find
cyberattacks. Since 2019, Kaspersky has received 116
submissions and has been granted 53 patents for innovations
involving ML. The preponderance of these patents pertains to
methods for anti-phishing, critical infrastructure protection,
malware detection, and security information and management
(SIEM) [15]. The research in this field demonstrates that ML-
based strategies can bring innovative defenses to safeguard the
IoT systems.
Fig. 6. Kaspersky ML patents from 2018 to 2022 by field of application [15].
By examining the effectiveness of employing ML
algorithms to detect IoT security threats, The proposed
method adds to the literature as a means of security against
IoT attack behavior.The most recent real-time cyber security
dataset for IIoT and IoT systems is called Edge-IIoTset. It is a
novel dataset that is used to verify the detection algorithms
[16]. The dataset’s main relevant features were chosen using
a correlation map. Good efficiency was attained by
implementing the hybrid method using five distinct ML
algorithms in the development process. Logistic Regression
(LR), Decision Tree Classifier (DTC), Support Vector
Machine (SVM), K-nearest neighbors (KNN), and Naive
Bayes (NB) are the ML algorithms that are used in this paper.
The remainder of this paper is organized as Section II
describes the literature review in related areas; In section III
mentioned the proposed methodology; Section IV describes
the implementation steps of the proposed algorithm along with
the dataset and basic ML algorithms used; In section V results
of the proposed model and its evaluations are presented. The
conclusions of this paper are mentioned in Section VI.
 II. LITERATURE REVIEW
Although research on using ML techniques in the IoT
space is yet in its infancy, particularly in the area of IoT
security, there is a great deal of potential for it to yield valuable
insights from IoT data. Pattern recognition, anomaly
detection, and behavioral analysis are examples of ML
techniques that can be applied in IoT networks to identify
possible threats and halt abnormal activity.
Using malware datasets from the Android Malware
Genome Assignment across a year, Feizollah et al. [17]
examined a survey of five machine-learning classifiers.
According to the researcher, KNN is the most effective
machine learning classifier out of all the others. The main
problem this research might experience is the rapid
development of new malware, which would necessitate
periodic sample collection in order to assess performance. The
initial paper that introduced the Bot-IoT dataset contained a
presentation of the work by Moustafa et al. [18] They
evaluated the IoT dataset using SVM, LSTM, and RNN ML
models, but they did not evaluate the resilience of their models
against adversarial attacks during their research. In a different
study, Naung et al. [19] created the IoT-IDS rules using the
BoT-IoT dataset. To enable lightweight IDS systems suitable
for IoT devices, they deployed J48, ML techniques for
producing effective rules. For industrial networked control
systems, Potluri et al. [20] developed a hybrid IDS employing
SVM and deep belief networks (DBNs). They exploited the
NSL-KDD dataset, which is an obsolete collection of DoS and
integrity attacks rather than one that is particular to ICSs.
On a specially designed conveyor belt system, Eigner et
al. [21] used KNN. They created an anomaly-based attack
detection strategy using the system’s typical behavior as their
guide. They looked at how the system performed with various
‘k’s and distance measuring measures. The infiltration
scenario that has received the most attention is MITM.
Research ideas for the exposure of illegal IoT devices using
ML methods were put up by Y Meidan in [22]. They
employed the Random Forest ML technique to extract useful
attributes from the whitelist of IoT device types for this
purpose. To identify unauthorized IoT devices, they acquired
network traffic data from 17 distinct IoT devices as part of the
data collection process. In the experimental research, it
became clear that the majority of IoT devices were recognized
from the white list while some were not. A sequential
detection architecture, machine learning (ML)-based
framework for detecting botnet attacks was suggested by Yan
et al [23]. A lightweight detection system with good
performance is implemented using an effective feature
selection methodology. With three independent ML
algorithms: J48 decision tree, artificial neural network (ANN),
and Naive Bayes and the overall detection performance for
botnet attack detection is over 99 %. The experiment’s
findings showed that not only can the suggested design be
expanded to include equivalent sub-engines for new types of
assaults, but it can also detect botnet-based attacks effectively.
In a study suggested by Hasan et al. [24], the abilities of
various ML models have been examined to accurately forecast
attacks and abnormalities on IoT systems. These ML methods
include LR, SVM, DT, RF, and ANN out of all RF performed
comparatively better.
657
Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
III. PROPOSED METHODOLOGY
The dataset utilized and the proposed method for
identifying attacks in IoT networks are briefly described in
this section. After examining various available datasets, Edge-
IIoT is selected for this work because of its realism and
recentness of data. The Edge-IIoT CSV file was directly
downloaded from the internet [16]. Figure 7 provides a
general overview of the proposed methodology. The
following steps have been implemented in the proposed
method.
• The dataset pre-processing was done in the initial
stage by removing missing and duplicated values
such as Infinite Value (INF) and Not A Number
(NAN).
• In the next step, feature selection is done by using a
correlation graph. From the correlation graph,
unimportant features like timestamps, IP addresses,
payload data, constant values, and ports were
dropped.
• One extra column called Attack category is added to
the dataset for implementing multiclass classification
algorithms. By taking Attack label, Attack category,
and Attack type as output parameters for binary
classification, multi (6 and 15) class classification
models have been implemented respectively.
• For each classification (binary and multiclass),
pd.get dummies package is used to transform
categorical variables into dummy/indicator
variables.
• To divide matrices or arrays into train and test
subsets randomly, for this purpose the train test split
function in the sklearn.model selection package was
utilized.
• Five basic ML models called LR, NB, KNN, DTC,
and SVM have implemented and calculated their
respective classification reports.
• VotingClassifier from the sklearn.ensemble package
is used for developing LNKDSEA.
Fig. 7. Overview of the Proposed method.
IV. IMPLEMENTATION
The main goal of this research is to analyze how well the
proposed algorithm detects IoT network breaches, as already
noted in the earlier section. The outline of the dataset, the ML
 techniques that are utilized, and the activities that are
performed have been discussed in this section
A. Dataset
Researchers have proposed a number of datasets in recent
years for IIoT or IoT cybersecurity. This section talks about
the importance of the Edge-IIoTset. Table I quickly and
succinctly compares widely known datasets that have
recently been utilized for IoT or IIoT-based Intrusion
Detection System advancements.
To monitor network flows and distinguish between
regular and abnormal traffic, large datasets are needed since
the solutions for different network security tasks employ ML
algorithms. To create network datasets, numerous
experiments have been carried out over time [16], [18], [25]–
[28]. As seen in Table 1, A lot of machine learning
experiments have used simulated or real-time data to verify
their results. As per the observation of Table 1, Edge-IIoTset
has a real-time dataset with 61 features, and 14 different types
of attacks, and consists of both IoT and IIoT-generated
traffic. The attack classification of Edge-IIoTset is shown in
Figure 8. The data statistics of two class classifications
(Normal and Malicious), 6-classes, and 15-class
classifications have shown in Figures 9, 10, and 11
respectively.
Fig. 8. Data classification of Edge-IIoTset.
Fig. 9. Two class classification of data.
B. ML Algorithms
Evaluation of five well-known ML classifiers, including
LR, DTC, SVM, KNN, and NB, using the Edge-IIoTset
dataset has been done.
Logistic Regression: A predictive analytic algorithm known
as a logistic regression algorithm determines the hypothesis’
range for the variable spanning 0 and 1. In order to categorize
the data, logistic regression uses the probability notion.
Training the data in the LR model is the first step in the
658
Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
procedure. The behavior of the node is reinforced by the
logistic regression analysis, which categorizes them
depending on their findings [29].
Decision Tree Classifier: Data samples are categorized
using Decision Tree (DT) classifiers based on the values of
their features. The data is set up in a tree-like structure in this
scenario, with each node denoting a dataset feature and each
branch denoting a decision rule that separates the data into
subsets based on the value of a feature. The DT classifier’s
objective is to develop a training system for learning decision
rules from training data in order to generate class labels for
the target variable [30].
Support Vector Machine: Hyper-plane is used by Support
Vector Machine (SVM) to divide the data into two or more
classes when classifying it. As the hyperplane passes across
the data points, the distance between the nearest data points
is at its maximum [30].
Fig. 10. Six class classification of data.
Fig. 11. Fifteen class classification of data
K-Nearest Neighbours: One of the straightforward and
efficient supervised learning methods is KNN. It is used to
conduct a search across the available dataset and link fresh
data points to related older ones. KNN, which performs well
with multidimensional data and is a quick algorithm while
training, is rather slow while estimating [31].
Naive Bayes: The NB is a popular supervised algorithm that
is renowned for its straightforward principles. NB could be
used, for instance, to classify traffic flow as normal or
 abnormal for any network. The NB classifier handles the
traffic classification features independently, even though they
may be reliant on one another. NB is user-friendly due to a
variety of characteristics, including its low sample demand,
and ease of implementation. On the other hand, because NB
works with features autonomously, it cannot benefit from the
interactions and connections between features [31].
To create a cumulative output that improves the accuracy
of classification and detection rate, the ensemble algorithm
aggregates the outcomes of different ML algorithms [32].
C. Development Process
The proposed method comprises five critical steps: Data
preprocessing, feature selection, Splitting data,
implementation of machine learning algorithms, and
development of the proposed algorithm.
Data Preprocessing: Pre-processing data migration
techniques are used to turn the dataset into a compatible
format for machine learning. Cleaning the data in this phase
also improves performance by getting rid of inaccurate or
superfluous data that can reduce the dataset’s correctness.

Fig. 12. Overview of the Proposed method.

TABLE I
Comparison Of IoT Cybersecurity Datasets

Year Dataset No. of Attacks No. of Features IoT Traffic IIoT Traffic Real-time/ Simulated
2018 N-BaIoT [25] 10 23 Yes No Real-time
2019 Bot-IoT [18] 8 46 Yes No Simulated
2020 TON-IoT [26] 9 31 Yes No Simulated
2021 X-IIoTID [27] 18 59 Yes Yes Real-time
2021 WUSTL-IIoT-2021 [28] 4 41 Yes Yes Real-time
2022 Edge-IIoTset [16] 14 61 Yes Yes Real-time

Feature Selection: It’s crucial to limit the number of
attributes and use just those needed to train and test the
algorithms in order to produce a straightforward security
solution appropriate for IoT systems. The correlation graph
served as a guide while choosing features. The model trains
and reacts more quickly when the input data features are
reduced from 61 network traffic features to 11. The selected
features of the dataset are arp.opcode, arp.hw.size,
icmp.checksum, icmp.seq.le, http.content.length,
http.response, tcp.ack, tcp.connection.syn, udp.stream,
dns.qry.name, dns.qry.qu, Figure 12 displays the correlation
graph for the entire dataset.
Splitting Data: Data is necessary for ML in order for
learning to crop up. In alongside the information needed for
training, testing data is also essential to evaluate the
algorithm’s effectiveness and gauge how effectively it works.
85 % of the Edge-IIoTset was used in the study as training
data, and the remaining 15 % was used as testing data.
Implementation of ML algorithms: Utilizing Python ML
libraries (Pandas, Matplotlib, sci-kit-learn, and NumPy), all
investigations were performed out in the Saturn cloud.
Applying the ML algorithms to the Attack label as output
(binary classification), Attack category as output (six class
classification), and Attack type as output (fifteen class
classification) with the dataset separately by using the
selected feature set given in Table 2 allowed us to organize
the evaluation of ML algorithms for the dataset into three
types of classification.
Development of LNKDSEA: By taking previously
implemented ML algorithms (LR, DTC, SVM, KNN, and
NB) as base models, a hybrid ensemble algorithm with the
Votingclassifier technique has been developed.
V. PERFORMANCE EVALUATION
A. Performance Metrics
Metrics obtained from the confusion matrix are typically
used to evaluate the quality of ML algorithms. The confusion
matrix parameters are described as follows.
• The amount of attack packets that were accurately
identified as attacks is known as True Positive (TP).
• The number of normal packets that were correctly
identified as normal is known as True Negative (TN).
• False Positive (FP) packets are those that are
mistakenly identified as attacks despite being normal
packets.
• The amount of attack packets that were mistakenly
identified as regular packets is represented by False
Negative (FN).
The metrics utilized in this research to assess the
effectiveness of the ML algorithms are as follows, and they
are dependent on the confusion matrix parameters.

659

Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
 Accuracy = (T N + T P)/(T N + T P + F N + F P) (1)
Recall(R) = T P/(T P + F N) (2)
Precision(P) = T P/(T P + F P) (3)
F1 − Score(F1) = 2/[(1/Precision) + (1/Recall)] (4)
B. Results and Analysis
The assessment of ML algorithms for the Edge-IIoTset has
been divided into three separate class classifications, namely
binary and multi (6 and 15) class classifications, as was
mentioned in the earlier section. Figure 13 shows the accuracy
of basic ML algorithms along with the proposed algorithm for
binary and multiclass classifications. The proposed method
reached 80.12% accuracy, and had the highest multiclass
classification (15-Class) accuracy, while the DT classifier,
which earned 33.52% accuracy, had the lowest. For multiclass
classification (6-Class), the proposed model achieved the
maximum accuracy with a score of 84.97%, while the DT
classifier had the lowest accuracy at 56.62%. Three models,
including LR, SVM, KNN, NB, and the proposed method,
achieved 99.99% for binary classification (2-Class), while the
DT classifier reached 99.97%. These results demonstrate that,
when compared to conventional ML techniques (LR, DTC,
SVM, KNN, NB), the proposed method is effective at
detecting cyberattacks in IoT/IIoT. Fig. 13. Performance analysis graph of Classic ML and the proposed
algorithms.
TABLE II
Six-Class Classification Report Using Both The Proposed And Conventional ML Algorithms

TABLE III
Fifteen-Class Classification Report Using Both The Proposed And Conventional ML Algorithms

Table II provides the obtained model results of classic as
well as the proposed ML techniques in terms of Precision,
Recall, and F1-Score under multiclass classification (6-Class).
As demonstrated, the proposed model has the maximum level
of the precision rate for two types of attacks: DDoS (98%) and
MITM attacks (100% ). The MITM attack (100%) and
malware attack (95%) are the two types of attacks for which
the LR model provides the highest precision rate. For the
MITM attack, the SVM provides the maximum precision rate
(100% ). The MITM attack (100%) and the Injection attack
(71%) are the two types of attacks for which the KNN
provides the maximum precision rate. For two kinds of
vulnerabilities, namely the MITM (100%) and the information
gathering attack (80%), the NB provides the highest precision

660

Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
 rate. The proposed method outperformed all of the
aforementioned algorithms when precision, recall, and F1-
score averages were compared; the results were 89%, 89%,
and 88%, respectively.
Table III offers the achieved model results of classic as
well as the proposed ML techniques in terms of Precision,
Recall, and F1-Score under multiclass (15-Class)
classification. It is observed that the proposed algorithm
provides the greatest precision for ICMP flood DDoS (100%),
Backdoor (96%), UDP flood DDoS (100%), MITM (100%),
Port Scanning (67%), and SQL Injection (49%). The LR gives
its best precision rate for HTTP flood DDoS (89%), ICMP
flood DDoS (100%), TCP SYN flood DDoS (100%), UDP
flood DDoS (100%), MITM (100%), Port Scanning (67%),
and SQL Injection (49%). The LR gives the highest precision
rate for HTTP flood DDoS (89%), ICMP flood DDoS (100%),
Uploading (68%), and MITM (100%). The DTC gives its best
precision rate for TCP SYN Flood DDoS (100%). The SVM
gives the greatest precision rate for five types of attacks,
namely, HTTP flood DDoS (89%), UDP flood DDoS (100%),
OS fingerprinting (100%), Uploading (68%), and MITM
(100%). The KNN gives its best precision rate for five types
of attacks, namely, UDP flood DDoS (100%), Uploading
(68%), OS fingerprinting (100%), Cross-site scripting (XSS)
(66%), and MITM (100%). The NB gives the highest
precision rate for five types of attacks, namely, UDP flood
DDoS (100%), Password (100%), Ransomware (100%),
Vulnerability Scanning (100%), and MITM (100%). In both
binary and multi-class classification, all the algorithms give
results with 100% precision, recall, and F1-score. The
proposed method outperformed all of the aforementioned
algorithms when precision, recall, and F1- score averages
were compared; the results were 79%, 78%, and 78%,
respectively.
VI. CONCLUSION
Through the combination of the fundamental machine
learning algorithms LR, DTC, SVM, KNN, and NB, the goal
of this work was to design a hybrid ensemble method called
LNKDSEA to identify IoT network attacks. The EdgeIIoT
was utilized as a dataset in this scenario because of its recent
creation, extensive attack diversity, and variety of network
protocols. By using a correlation graph, features were chosen
during implementation. Finally, the data was applied to five
popular machine-learning algorithms with a variety of
features. The proposed method was created using the
previously mentioned five algorithms and a voting classifier
function imported from sklearn.ensemble. Employing binary
and multi (6 and 15) class classifications of attacks, the
proposed algorithm was evaluated. For binary classification
(2-Class: Normal and Malicious), the proposed model, as
well as the aforementioned five basic algorithms, achieved
above 99% accuracy. For 6-Class (DDoS, Information
gathering, Injection, MITM, Malware, and Normal)
classification and 15-Class (Backdoor, DDoS HTTP, DDoS
ICMP, DDoS TCP, DDoS UDP, OS Fingerprinting, MITM,
Normal, Password, Port scanning, Ransomware, SQL
injection, Uploading, Vulnerability scan, XSS), the proposed
algorithm outperformed other basic ML algorithms with
accuracy 84.97% and 80.12% respectively.
661
Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.
REFERENCES
[1] K. Ashton, RELA TED CONTENT RFID-Powered Handhelds Guide
Visitors at Shanghai Expo Despite Sluggish Growth, Taiwan’s RFID
Industry Remains Committed Mobile RTLS Tracks Health-care Efficiency
RFID Journal LIVE! 2010 Report, Part 2 That ‘Internet of Things’ Thing.
2010.
[2] Sita Rani, Aman Kataria, Vishal Sharma, Smarajit Ghosh, Vinod Karar,
Kyungroul Lee, and Chang Choi, Threats and Corrective Measures for IoT
Security with Observance of Cybercrime: A Survey. Wireless
Communications and Mobile Computing, vol. 2021. Hindawi Limited, 2021.
DOI: 10.1155/2021/5579148.
[3] I. Butun, P. Osterberg, and H. Song, Security of the Internet of Things:
Vulnerabilities, Attacks, and Countermeasures. IEEE Communications
Surveys and Tutorials, vol. 22, no. 1, pp. 616–644, Jan. 2020, DOI:
10.1109/COMST.2019.2953364.
[4] M. Abomhara and G. M. Køien, Security and Privacy in the Internet of
Things: Current Status and Open Issues. 2014 International Conference on
Privacy and Security in Mobile Systems (PRISMS), 2014, pp. 1-8, DOI:
10.1109/PRISMS.2014.6970594.
[5] M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan, and R. Jain,
Machine Learning-Based Network Vulnerability Analysis of Industrial
Internet of Things. IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6822–
6834, Aug. 2019, DOI: 10.1109/JIOT.2019.2912022.
[6] F. Li, Y. Han, and C. Jin, Practical access control for sensor networks in
the context of the Internet of Things,” Computer Communications. vol. 89–
90, pp. 154–164, Sep. 2016, DOI: 10.1016/j.comcom.2016.03.007.
[7] IoT and IIoT Security Survey: What More Connected Devices Mean for
Industrial Security. Tripwire Research. [Online]. Available:
https://www.tripwire.com/-
/media/tripwiredotcom/files/research/tripwiredimensional-research-2021-
iot-and-iiot-securityreport.pdf?rev=80d075ff2d0b46b88f16fd74e585fb00
[8] Best Practice Cyber Immunity2022. ARCWhite PaperJune 2022.
[Online]. Available: https://itupdate.com.au/redirect?
publication=29870andtype=1andslot=0andsectionId=0
[9] Kaspersky discovers poorly detected backdoor, targeting governments
and NGOs around the globe. Kaspersky report. [Online]. Available:
www.kaspersky.com.
[10] Best bite Kaspersky reveals phishing emails that employees find most
confusing Kaspersky. Kaspersky report. [Online]. Available:
www.kaspersky.com.
[11] Cyberwar in Ukraine leads to all-time-high levels of DDoS attacks
Kaspersky. Kaspersky report. [Online]. Available: www.kaspersky.com.
[12] A. Tewari and B. B. Gupta, Security, privacy and trust of different layers
in Internet-of-Things (IoTs) framework. Future Generation Computer
Systems, vol. 108, pp. 909–920, Jul. 2020, DOI:
10.1016/j.future.2018.04.027.
[13] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, A Survey
on Internet of Things: Architecture, Enabling Technologies, Security and
Privacy, and Applications. IEEE Internet of Things Journal, vol. 4, no. 5, pp.
1125–1142, Oct. 2017, DOI: 10.1109/JIOT.2017.2683200.
[14] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, A Survey on Security and
Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal, vol.
4, no. 5, pp. 1250–1258, Oct. 2017, doi: 10.1109/JIOT.2017.2694844.
[15] The number of machine learning inventions patented by Kaspersky has
increased 19 times over the past three years Kaspersky. Kaspersky report.
[Online]. Available: www.kaspersky.com.
[16] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, Edge-
IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and
IIoT Applications for Centralized and Federated Learning. IEEE Access, vol.
10, pp. 40281–40306, 2022, DOI: 10.1109/ACCESS.2022.3165809.
[17] A. Feizollah, N. Badrul Anuar, R. Salleh, F. Amalina, uf Ridzuan Ma,
and S. Shamshirband, A Study Of Machine Learning Classifiers for
Anomaly-Based Mobile Botnet Detection. Malaysian Journal of Computer
Science, 26(4), 251–265.
[18] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, Towards the
development of realistic botnet dataset in the Internet of Things for network
forensic analytics: Bot-IoT dataset. Future Generation Computer Systems,
vol. 100, pp. 779–796, Nov. 2019, DOI: 10.1016/j.future.2019.05.041.
[19] Y. Naung Soe, Y. Feng, P. Insap Santosa, R. Hartanto, and K. Sakurai,
Rule Generation for Signature Based Detection Systems of Cyber
AttacksinIoTEnvironments. Bulletin of Networking, Computing, Systems,
and Software – www.bncss.org, ISSN 2186-5140Volume 8, Number 2,
pages 93–97, July 2019.
[20] Sasanka Potluri, Navin Francis Henry, Christian Diedrich, Evaluation
of Hybrid Deep Learning Techniques for Ensuring Security in Networked
Control Systems. 22nd IEEE International Conference on Emerging
 Technologies and Factory Automation September 12-15, 2017, Limassol,
Cyprus.
[21] O. Eigner, P. Kreimel, and P. Tavolato, Detection of man-in-the-middle
attacks on industrial control networks. in Proceedings - 2016 International
Conference on Software Security and Assurance, ICSSA 2016, Feb. 2017,
pp. 64–69. DOI: 10.1109/ICSSA.2016.19.
[22] Meidan Y, Bohadana M, Shabtai A, Ochoa M, Tippenhauer N, Guarnizo
J, Elovici Y, Detection of Unauthorized IoT Devices Using Machine
Learning Techniques. [Online]. Available: http://arxiv.org/abs/1709.04647.
[23] Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, Machine
learning-based IoT-botnet attack detection with sequential architecture.
Sensors (Switzerland), vol. 20, no. 16, pp. 1–15, Aug. 2020, DOI:
10.3390/s20164372.
[24] M. Hasan, M. Milon Islam, M. Ishrak Islam Zarif, and M. Hashem,
Attack and anomaly detection in IoT sensors in IoT sites using machine
learning approaches. 2019, DOI: 10.1016/j.iot.2019.10.
[25] Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A,
Breitenbacher D, Elovici Y, N-BaIoT-Network-based detection of IoT
botnet attacks using deep autoencoders. IEEE Pervasive Computing, vol. 17,
no. 3, pp. 12–22, Jul. 2018, DOI: 10.1109/MPRV.2018.03367731.
[26] Nour Moustafa, Marwa Keshk, Essam Debie, and Helge Janicke,
Federated TONIoT Windows Datasets for EvaluatingAI-based Security
Applications. 2020 IEEE 19th International Conference on Trust, Security
and Privacy in Computing and Communications proceedings 29 December
2020-1 January 2021, Guangzhou, China.
[27] M. Al-Hawawreh, E. Sitnikova, and N. Aboutorab, X-IIoTID: A
Connectivity-Agnostic and Device-Agnostic Intrusion Data Set for
Industrial Internet of Things. IEEE Internet of Things Journal, vol. 9, no. 5,
pp. 3962–3977, Mar. 2022, DOI: 10.1109/JIOT.2021.3102056.
[28] M. Zolanvari, M. A. Teixeira, R, Jain, M Zolanvari, and A. Ghubaish,
Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine
Learning. 2021.2018 IEEE International Conference on Intelligence and
Security Informatics (ISI). IEEE, 2018.
[29] M. S. B. Judyflavia, P. Sowmiyaa, S. Srianvika, and P. Poojitha, IoT
botnet detection using machine learning. Int J Health Sci (Qassim), pp.
5952–5962, Apr. 2022, DOI: 10.53730/ijhs.v6ns2.6551.
[30] A. Thakkar and R. Lohiya, A Review on Machine Learning and Deep
Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and
Challenges. Archives of Computational Methods in Engineering, vol. 28, no.
4, pp. 3211–3243, Jun. 2021, DOI: 10.1007/s11831-020- 09496-0.
[31] J. Alsamiri and K. Alsubhi, Internet of Things Cyber Attacks Detection
using Machine Learning. 2019. [Online]. Available: www.ijacsa.thesai.org.
[32] H. M. Gomes, J. P. Barddal, A. F. Enembreck, and A. Bifet, A survey
on ensemble learning for data stream classification. ACM Computing
Surveys, vol. 50, no. 2. Association for Computing Machinery, Mar. 01,
2017. DOI: 10.1145/3054925.

662

Authorized licensed use limited to: King Fahd University of Petroleum and Minerals. Downloaded on October 03,2024 at 19:41:29 UTC from IEEE Xplore. Restrictions apply.