An Optimized Multiclass Machine Learning Approach for Detecting Advanced Intrusions in IoT Systems
Received: 27 October 2025 | Revised: 29 November 2025 | Accepted: 7 December 2025 | Online: 9 February 2026
Corresponding author: Mostafa Ibrahim Labib
Abstract
Intrusion Detection Systems (IDS) play a vital role in securing Internet of Things (IoT) networks against cyber-attacks. Previous work used a binary classification approach to detect only Denial-of-Service (DoS) attacks. This paper presents an improved multiclass IDS that identifies multiple attack types. The proposed approach uses simulated IoTID20-based traffic datasets to classify Normal, Denial-of-Service, Mirai botnet, Man-in-the-Middle (MITM), and Scan activity attacks. The proposed approach uses a combination of feature selection methods, including correlation-based filtering and a genetic algorithm, followed by machine learning classifiers such as Decision Tree (DT), Random Forest (RF), K-Nearest Neighbors (KNN), and Support Vector Machine (SVM). Experimental results show a significant improvement in classification performance. The RF classifier with Genetic Algorithm (GA)-based feature selection achieved the highest accuracy (96.5%), followed closely by DT and SVM. Therefore, based on our theoretical and experimental comparisons, the proposed approach could be a practical step toward deploying more robust, realistic IDS models in IoT environments.
Keywords:
intrusion detection system, internet of things, denial-of-service attacks, man-in-the-middle attacks, scan activities attacks, decision tree, random forest, k-nearest neighbors, support vector machineDownloads
References
N. A. Alsharif, S. Mishra, and M. Alshehri, "IDS in IoT using Machine Learning and Blockchain," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11197–11203, Aug. 2023. DOI: https://doi.org/10.48084/etasr.5992
C. Khammassi and S. Krichen, "A GA-LR wrapper approach for feature selection in network intrusion detection," Computers & Security, vol. 70, pp. 255–277, Sept. 2017. DOI: https://doi.org/10.1016/j.cose.2017.06.005
Z. Halim et al., "An effective genetic algorithm-based feature selection method for intrusion detection systems," Computers & Security, vol. 110, Nov. 2021, Art. no. 102448. DOI: https://doi.org/10.1016/j.cose.2021.102448
R. A. Al Hasan and E. K. Hamza, "An Improved Intrusion Detection System Using Machine Learning with Singular Value Decomposition and Principal Component Analysis," International Journal of Intelligent Engineering and Systems, vol. 16, no. 4, pp. 25–38, Apr. 2023A. Verma and V. Ranga, "Machine Learning Based Intrusion Detection Systems for IoT Applications," Wireless Personal Communications, vol. 111, no. 4, pp. 2287–2310, Apr. 2020.
A. Verma and V. Ranga, "Machine Learning Based Intrusion Detection Systems for IoT Applications," Wireless Personal Communications, vol. 111, no. 4, pp. 2287–2310, Apr. 2020. DOI: https://doi.org/10.1007/s11277-019-06986-8
P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits, "Denial-of-Service detection in 6LoWPAN based Internet of Things," in 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), July 2013, pp. 600–607. DOI: https://doi.org/10.1109/WiMOB.2013.6673419
B. Ingre and A. Yadav, "Performance analysis of NSL-KDD dataset using ANN," in 2015 International Conference on Signal Processing and Communication Engineering Systems, Jan. 2015, pp. 92–96. DOI: https://doi.org/10.1109/SPACES.2015.7058223
Y. Meidan et al., "Detection of Unauthorized IoT Devices Using Machine Learning Techniques." arXiv, Sept. 14, 2017.
R. Doshi, N. Apthorpe, and N. Feamster, "Machine Learning DDoS Detection for Consumer Internet of Things Devices," in 2018 IEEE Security and Privacy Workshops (SPW), Feb. 2018, pp. 29–35. DOI: https://doi.org/10.1109/SPW.2018.00013
E. Anthi, L. Williams, and P. Burnap, "Pulse: An adaptive intrusion detection for the Internet of Things," in Living in the Internet of Things: Cybersecurity of the IoT - 2018, Mar. 2018, pp. 1–4. DOI: https://doi.org/10.1049/cp.2018.0035
Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, "Implementing Lightweight IoT-IDS on Raspberry Pi Using Correlation-Based Feature Selection and Its Performance Evaluation," in Advanced Information Networking and Applications, Cham, 2020, pp. 458–469. DOI: https://doi.org/10.1007/978-3-030-15032-7_39
N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, "Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset," Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019. DOI: https://doi.org/10.1016/j.future.2019.05.041
I. Mukherjee, N. K. Sahu, and S. K. Sahana, "Simulation and Modeling for Anomaly Detection in IoT Network Using Machine Learning," International Journal of Wireless Information Networks, vol. 30, no. 2, pp. 173–189, June 2023. DOI: https://doi.org/10.1007/s10776-021-00542-7
E. Altulaihan, M. A. Almaiah, and A. Aljughaiman, "Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms," Sensors, vol. 24, no. 2, Jan. 2024, Art. no. 713. DOI: https://doi.org/10.3390/s24020713
E. F. Khairullah and N. Alsenani, "A Comprehensive Study of Deep Learning Models for Intrusion Detection in IoT Devices," Engineering, Technology & Applied Science Research, vol. 15, no. 2, pp. 21029–21036, Apr. 2025. DOI: https://doi.org/10.48084/etasr.9490
I. Ullah and Q. H. Mahmoud, "A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks," in Advances in Artificial Intelligence, Cham, 2020, pp. 508–520. DOI: https://doi.org/10.1007/978-3-030-47358-7_52
I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, M. Zohdy, and H. Ming, "AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning," in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Jan. 2019, pp. 0305–0310. DOI: https://doi.org/10.1109/CCWC.2019.8666450
M. A. Alsheikh, S. Lin, D. Niyato, and H.-P. Tan, "Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Applications," IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1996–2018, 2014. DOI: https://doi.org/10.1109/COMST.2014.2320099
H. Tyagi and R. Kumar, "Attack and Anomaly Detection in IoT Networks Using Supervised Machine Learning Approaches," Revue d’Intelligence Artificielle, vol. 35, no. 1, pp. 11–21, Feb. 2021. DOI: https://doi.org/10.18280/ria.350102
G. Thamilarasu and S. Chawla, "Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things," Sensors, vol. 19, no. 9, Jan. 2019, Art. no. 1977. DOI: https://doi.org/10.3390/s19091977
Downloads
How to Cite
License
Copyright (c) 2026 Mostafa Ibrahim Labib, Mohamed Salah Mohamed, Amira Ibrahim El-Desokey, Fatma Harby Mohamed
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
