Scalable Intrusion Detection in IoT Networks: A Big Data Analytics Approach

Year 2026, Volume: 10 Issue: 1 , 230 - 243 , 16.12.2025

Jeremia Mgungile , Özgür Tonkal

https://doi.org/10.31127/tuje.1793847

Cited By: 1

https://izlik.org/JA79YS28XP

Abstract

Smart objects have grown in popularity and acceptance over the past period due to their decreasing size, greater intelligence, and lower costs. The Internet of Things (IoT) connects physical devices, including actuators, sensors, and cameras, to a network via the Internet. The widespread use of IoT devices has led to an exponential rise in network traffic volume and complexity, creating new challenges for real-time network security and threat detection. This study attempts to design an intrusion detection system which is scalable and capable of handling the vast number and variety of IoT traffic. It is based on improving the scalability and precision of the detection of threats by employing machine learning (ML) and deep learning (DL) techniques and hybrid model. The model is trained and tested on the CIC IoT DIAD 2024 dataset, a large high-volume dataset consisting of diversified IoT traffic, benign and malicious activity. It includes extensive data preprocessing, feature selection, and training of various models. Features were selected using an Analysis of Variance (ANOVA)–based feature selection technique to reduce computational overhead and time complexity while mitigating the curse of dimensionality and enhancing model accuracy. The resulting optimal feature subset was then used to train and evaluate several classifiers, including Decision Trees, K-Nearest Neighbors (KNN), Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) networks, and a hybrid CNN–LSTM model. The models are compared using typical measures of performance such as accuracy, precision, recall, F1-score, and confusion matrix. The results indicate that hybrid deep learning models specifically the CNN-LSTM outperformed the other models in recognizing binary attacks achieving the highest performance with accuracy of 94.08% followed by CNN and LSTM with accuracies of 93.37% and 93.24% respectively. In contrast, the traditional machine learning model, Decision trees demonstrated superior performance in multi-class classification, achieving an accuracy of 98.25% defeating KNN (90%) as well as the hybrid deep learning model (CNN-LSTM – 88.30%). This, work paves the foundation for the implementation of scalable intrusion detection models in real IoT infrastructures. The future of the work is to integrate the developed models using massive data streaming infrastructures in support of real-time intrusion detection in large-scale, dynamic IoT infrastructures.

Keywords

Internet of things , Big data , Machine Learning , Deep Learning , Intrusion Detection

Ethical Statement

This study does not involve any experiments with human participants or animals and does not require ethical committee approval.

References

• Rafique, S. H., Abdallah, A., Musa, N. S., & Murugan, T. (2024). Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends. In Sensors (Vol. 24, Issue 6). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/s24061968
• Coito, T., Firme, B., Martins, M. S. E., Vieira, S. M., Figueiredo, J., & Sousa, J. M. C. (2021). Intelligent Sensors for Real-Time Decision-Making. Automation, 2(2), 62–82. https://doi.org/10.3390/automation2020004
• Liu, H., & Wang, H. (2023). Real-Time Anomaly Detection of Network Traffic Based on CNN. Symmetry, 15(6). https://doi.org/10.3390/sym15061205
• Lypa, B., Horyn, I., Zagorodna, N., Tymoshchuk, D., & Lechachenko, T. (2023). Comparison of feature extraction tools for network traffic data.
• Raji, A. A., Orimolade, J. F., & Ewetola, I. A. (2025). Design and implementation of internet of things (IoT) based scheme for testing loamy soil. Turkish Journal of Engineering, 9(2), 323–333. https://doi.org/10.31127/tuje.1553534
• Li, J., Zhao, Z., Li, R., & Zhang, H. (2018). AI-based Two-Stage Intrusion Detection for Software Defined IoT Networks. http://arxiv.org/abs/1806.02566
• Tonkal, Ö., Polat, H., Başaran, E., Cömert, Z., & Kocaoğlu, R. (2021). Machine learning approach equipped with neighbourhood component analysis for ddos attack detection in software-defined networking. Electronics (Switzerland), 10(11). https://doi.org/10.3390/electronics10111227
• Dritsas, E., & Trigka, M. (2025). A Survey on Cybersecurity in IoT. In Future Internet (Vol. 17, Issue 1). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/fi17010030
• Liu, Z., Thapa, N., Shaver, A., Roy, K., Siddula, M., Yuan, X., & Yu, A. (2021). Using embedded feature selection and cnn for classification on ccd-inid-v1—a new iot dataset. Sensors, 21(14). https://doi.org/10.3390/s21144834
• Hizal, S., Cavusoglu, U., & Akgun, D. (2024). A novel deep learning-based intrusion detection system for IoT DDoS security. Internet of Things, 28, 101336. https://doi.org/10.1016/j.iot.2024.101336
• Pradhan, A., & Mathew, R. (2020). Solutions to Vulnerabilities and Threats in Software Defined Networking (SDN). Procedia Computer Science, 171, 2581–2589. https://doi.org/10.1016/j.procs.2020.04.280
• Tseng, S. M., Wang, Y. Q., & Wang, Y. C. (2024). Multi-Class Intrusion Detection Based on Transformer for IoT Networks Using CIC-IoT-2023 Dataset. Future Internet, 16(8). https://doi.org/10.3390/fi16080284
• Singh, N., Buyya, R., & Kim, H. (2025). Securing Cloud-Based Internet of Things: Challenges and Mitigations. In Sensors (Vol. 25, Issue 1). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/s25010079
• De Keersmaeker, F., Cao, Y., Ndonda, G. K., & Sadre, R. (2023). A Survey of Public IoT Datasets for Network Security Research. IEEE Communications Surveys and Tutorials, 25(3), 1808–1840. https://doi.org/10.1109/COMST.2023.3288942
• Hossain, Md. A. (2025). Deep Learning-Based Intrusion Detection for IoT Networks: A Scalable and Efficient Approach. https://doi.org/10.21203/rs.3.rs-6042512/v1
• Al-Sarray, N. H. S., Demirhan, A., & Rahebi, J. (2025). A robust and scalable intrusion detection framework for SDN with GAN-CL-STO. Journal of Supercomputing, 81(14). https://doi.org/10.1007/s11227-025-07821-7
• El-Kenawy, E. S., & Eid, M. (2020). Hybrid gray wolf and particle swarm optimization for feature selection. International Journal of Innovative Computing, Information and Control, 16(3), 831–844. https://doi.org/10.24507/ijicic.16.03.831
• Rahman, M. A., Asyhari, A. T., Leong, L. S., Satrya, G. B., Hai Tao, M., & Zolkipli, M. F. (2020). Scalable machine learning-based intrusion detection system for IoT-enabled smart cities. Sustainable Cities and Society, 61, 102324. https://doi.org/10.1016/j.scs.2020.102324
• Musthafa, M. B., Huda, S., Kodera, Y., Ali, M. A., Araki, S., Mwaura, J., & Nogami, Y. (2024). Optimizing IoT Intrusion Detection Using Balanced Class Distribution, Feature Selection, and Ensemble Machine Learning Techniques. Sensors, 24(13). https://doi.org/10.3390/s24134293
• Khalid, H. Y. I., & Aldabagh, N. B. I. (2024). A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments. Engineering, Technology and Applied Science Research, 14(2), 13190–13200. https://doi.org/10.48084/etasr.6756
• Nazir, A., Memon, Z., Sadiq, T., Rahman, H., & Khan, I. U. (2023). A Novel Feature-Selection Algorithm in IoT Networks for Intrusion Detection. Sensors, 23(19). https://doi.org/10.3390/s23198153
• Singh, C., & Jain, A. K. (2024). A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network. E-Prime - Advances in Electrical Engineering, Electronics and Energy, 8. https://doi.org/10.1016/j.prime.2024.100543
• Alsaaidah, A., Almomani, O., Abu-Shareha, A. A., Abualhaj, M. M., & Achuthan, A. (2024). ARP Spoofing Attack Detection Model in IoT Networks Using Machine Learning: Complexity vs. Accuracy. Journal of Applied Data Sciences, 5(4), 1850–1860. https://doi.org/10.47738/jads.v5i4.374
• Yilmaz, I., Bildirici, I. O., Yakar, M., & Yildiz, F. (2004). Color calibration of scanners using polynomial transformation. In XXth ISPRS Congress Commission V, Istanbul, Turkey (pp. 890-896).
• Singh, A. K., & Patra, A. K. (2024). Cybersecurity Support in IoT: Causes and Solutions in Engineering Article in International Journal of Scientific Research in Multidisciplinary Studies. International Journal of Scientific Research in Multidisciplinary Studies, 10(5), 107–119. www.isroset.org
• Satilmiş, H., Akleylek, S., & Yüce Tok, Z. (2025). Development of Various Stacking Ensemble-Based HIDS Using ADFA Datasets. IEEE Open Journal of the Communications Society, 6, 1170–1189. https://doi.org/10.1109/OJCOMS.2025.3538101
• Nasiri, H., & Alavi, S. A. (2022). A Novel Framework Based on Deep Learning and ANOVA Feature Selection Method for Diagnosis of COVID-19 Cases from Chest X-Ray Images. Computational Intelligence and Neuroscience, 2022, 1–11. https://doi.org/10.1155/2022/4694567
• Alani, M. M., & Miri, A. (2022). Towards an Explainable Universal Feature Set for IoT Intrusion Detection. Sensors, 22(15). https://doi.org/10.3390/s22155690
• Dirik, M. (2023). Machine learning-based lung cancer diagnosis. Turkish Journal of Engineering, 7(4), 322–330. https://doi.org/10.31127/tuje.1180931
• Costa, V. G., & Pedreira, C. E. (2023). Recent advances in decision trees: an updated survey. Artificial Intelligence Review, 56(5), 4765–4800. https://doi.org/10.1007/s10462-022-10275-5
• Ullah, S., Ahmad, J., Khan, M. A., Alkhammash, E. H., Hadjouni, M., Ghadi, Y. Y., Saeed, F., & Pitropakis, N. (2022). A New Intrusion Detection System for the Internet of Things via Deep Convolutional Neural Network and Feature Engineering. Sensors, 22(10). https://doi.org/10.3390/s22103607
• Balasubramanian, S. K., & Perumal, S. (2025). Comparative Study of BiGRU with Multi-Head Attention and CNN for Network Intrusion Detection Using a Cleaned and Balanced CSE-CIC-IDS 2018 Dataset. Turkish Journal of Engineering, 9(4), 725–737. https://doi.org/10.31127/tuje.1695208
• Cunningham, P., & Delany, S. J. (2022). K-Nearest Neighbour Classifiers-A Tutorial. In ACM Computing Surveys (Vol. 54, Issue 6). Association for Computing Machinery. https://doi.org/10.1145/3459665
• Bhadauria, A. P. S., Singh, M., Kumar, R., & Kumar, A. (2025). Real Time Intrusion Detection In Edge Computing Using Machine Learning Techniques. Turkish Journal of Engineering, 9(2), 385–393. https://doi.org/10.31127/tuje.1516046
• Jony, A. I., & Arnob, A. K. B. (2024). A long short-term memory based approach for detecting cyber attacks in IoT using CIC-IoT2023 dataset. Journal of Edge Computing, 3(1), 28–42. https://doi.org/10.55056/jec.648
• Satilmiş, H., Akleylek, S., & Tok, Z. Y. (2024). A Systematic Literature Review on Host-Based Intrusion Detection Systems. IEEE Access, 12, 27237–27266. https://doi.org/10.1109/ACCESS.2024.3367004
• Tareq, I., Elbagoury, B. M., El-Regaily, S., & El-Horbaty, E. S. M. (2022). Analysis of ToN-IoT, UNW-NB15, and Edge-IIoT Datasets Using DL in Cybersecurity for IoT. Applied Sciences (Switzerland), 12(19). https://doi.org/10.3390/app12199572
• Koroniotis, N., Moustafa, N., Sitnikova, E., & Turnbull, B. (2019). Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Generation Computer Systems, 100, 779–796. https://doi.org/10.1016/j.future.2019.05.041
• Diro, A., Chilamkurti, N., Nguyen, V. D., & Heyne, W. (2021). A comprehensive study of anomaly detection schemes in iot networks using machine learning algorithms. In Sensors (Vol. 21, Issue 24). MDPI. https://doi.org/10.3390/s21248320
• Thaljaoui, A. (2025). Intelligent network intrusion detection system using optimized deep CNN-LSTM with UNSW-NB15. International Journal of Information Technology (Singapore). https://doi.org/10.1007/s41870-025-02416-0
• Özbek, M. E., & Gelal Soyak, E. (2025). Understanding Machine Learning Model Behavior for Intrusion Detection Across Attacks. Turkish Journal of Engineering, 9(4), 768–778. https://doi.org/10.31127/tuje.1613468
• Shone, N., Ngoc, T. N., Phai, V. D., & Shi, Q. (2018). A Deep Learning Approach to Network Intrusion Detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1), 41–50. https://doi.org/10.1109/TETCI.2017.2772792
• Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access, 5, 21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418
• Chong, C., Lee, K., & Ahmed, G. (n.d.). Improving Internet Privacy, Data Protection and Security Concerns. In International Journal of Technology, Innovation and Management (IJTIM) (Vol. 1, Issue 1). https://journals.gaftim.com/index.php/ijtim/issue/view/1PublishedbyGAF-TIM,gaftim.com