AI-BASED1 INTRUSION1 DETECTION1 IN1 AN1 IOT1 ENVIRONMENT
Faculty
Department
Year of Publication
upload
Publication Type
Abstract
The1 increasing1 adoption1 of1 Internet1 of1 Things1 (IoT)1 devices1 has1 resulted1 in1 an1 expanded1 attack1 surface,1 making1 IoT1 networks1 highly1 vulnerable1 to1 cyber1 threats.1 Traditional1 intrusion1 detection1 systems1 (IDS)1 often1 struggle1 to1 cope1 with1 the1 high-dimensional,1 dynamic,1 and1 heterogeneous1 nature1 of1 IoT1 traffic.1 This1 creates1 a1 pressing1 need1 for1 intelligent,1 adaptive,1 and1 highly1 efficient1 detection1 models1 capable1 of1 identifying1 complex1 attack1 behaviours1 with1 minimal1 false1 alarms.1 Motivated1 by1 these1 challenges,1 this1 study1 proposes1 a1 hybrid1 Convolutional1 Neural1 Network–Long1 Short-Term1 Memory1 (CNN–LSTM)1 model1 designed1 to1 improve1 the1 accuracy,1 reliability,1 and1 responsiveness1 of1 intrusion1 detection1 in1 IoT1 environments.1 The1 main1 aim1 and1 objective1 of1 this1 research1 is1 to1 develop1 a1 robust1 hybrid1 IDS1 capable1 of1 accurately1 classifying1 IoT1 network1 traffic1 as1 normal1 or1 malicious.1
The1 methodology1 adopted1 involved1 dataset1 preprocessing,1 feature1 selection,1 normalization,1 and1 reshaping1 for1 sequential1 learning.1 A1 CNN1 layer1 was1 used1 to1 extract1 spatial1 patterns1 from1 network1 traffic1 features,1 while1 an1 LSTM1 layer1 captured1 temporal1 dependencies.1 The1 combined1 architecture1 was1 trained1 using1 supervised1 learning,1 with1 performance1 evaluated1 using1 accuracy,1 precision,1 recall,1 F1-score,1 confusion1 matrix1 analysis,1 and1 the1 ROC–AUC1 curve.
The1 results1 shows1 the1 high1 effectiveness1 of1 the1 hybrid1 approach.1 The1 model1 achieved1 an1 overall1 accuracy1 of1 99.91%,1 indicating1 its1 ability1 to1 correctly1 classify1 most1 network1 traffic1 samples.1 A1 precision1 of1 98.4%1 shows1 a1 low1 false-positive1 rate,1 while1 a1 recall1 of1 97.9%1 confirms1 that1 the1 model1 successfully1 detected1 nearly1 all1 attack1 attempts.1 The1 F1-score1 of1 98.1%1 reflects1 a1 strong1 balance1 between1 precision1 and1 recall.1 Confusion1 matrix1 analysis1 revealed1 9,8301 true1 normal1 detections1 and1 9,6701 true1 attack1 detections,1 with1 only1 1201 false1 positives1 and1 801 false1 negatives.1 The1 model1 also1 achieved1 an1 AUC1 of1 0.992,1 demonstrating1 excellent1 discriminatory1 power1 and1 overall1 robustness1 in1 distinguishing1 between1 benign1 and1 malicious1 IoT1 traffic.
Despite1 its1 strong1 performance,1 the1 model1 has1 some1 limitations.1 It1 relies1 heavily1 on1 the1 quality1 and1 diversity1 of1 the1 training1 dataset,1 which1 may1 affect1 generalization1 to1 unseen1 or1 evolving1 attack1 patterns.1 Additionally,1 the1 computational1 cost1 of1 training1 hybrid1 deep1 learning1 models1 may1 limit1 deployment1 on1 resource-constrained1 IoT1 devices,1 suggesting1 the1 need1 for1 future1 optimization1 techniques1 and1 lightweight1 architectures.
The1 methodology1 adopted1 involved1 dataset1 preprocessing,1 feature1 selection,1 normalization,1 and1 reshaping1 for1 sequential1 learning.1 A1 CNN1 layer1 was1 used1 to1 extract1 spatial1 patterns1 from1 network1 traffic1 features,1 while1 an1 LSTM1 layer1 captured1 temporal1 dependencies.1 The1 combined1 architecture1 was1 trained1 using1 supervised1 learning,1 with1 performance1 evaluated1 using1 accuracy,1 precision,1 recall,1 F1-score,1 confusion1 matrix1 analysis,1 and1 the1 ROC–AUC1 curve.
The1 results1 shows1 the1 high1 effectiveness1 of1 the1 hybrid1 approach.1 The1 model1 achieved1 an1 overall1 accuracy1 of1 99.91%,1 indicating1 its1 ability1 to1 correctly1 classify1 most1 network1 traffic1 samples.1 A1 precision1 of1 98.4%1 shows1 a1 low1 false-positive1 rate,1 while1 a1 recall1 of1 97.9%1 confirms1 that1 the1 model1 successfully1 detected1 nearly1 all1 attack1 attempts.1 The1 F1-score1 of1 98.1%1 reflects1 a1 strong1 balance1 between1 precision1 and1 recall.1 Confusion1 matrix1 analysis1 revealed1 9,8301 true1 normal1 detections1 and1 9,6701 true1 attack1 detections,1 with1 only1 1201 false1 positives1 and1 801 false1 negatives.1 The1 model1 also1 achieved1 an1 AUC1 of1 0.992,1 demonstrating1 excellent1 discriminatory1 power1 and1 overall1 robustness1 in1 distinguishing1 between1 benign1 and1 malicious1 IoT1 traffic.
Despite1 its1 strong1 performance,1 the1 model1 has1 some1 limitations.1 It1 relies1 heavily1 on1 the1 quality1 and1 diversity1 of1 the1 training1 dataset,1 which1 may1 affect1 generalization1 to1 unseen1 or1 evolving1 attack1 patterns.1 Additionally,1 the1 computational1 cost1 of1 training1 hybrid1 deep1 learning1 models1 may1 limit1 deployment1 on1 resource-constrained1 IoT1 devices,1 suggesting1 the1 need1 for1 future1 optimization1 techniques1 and1 lightweight1 architectures.
Supervisor(s)
co-supervisor