Artificial intelligence model for internet of things attack detection using machine learning algorithms

Anduamlak Abebe; Seffi Gebeyehu; Abebaw Alem

doi:10.12688/f1000research.161643.1

Home Browse Artificial intelligence model for internet of things attack detection...

ALL Metrics

Views

Downloads

Get PDF

Get XML

Export

▬

✚

Research Article

Artificial intelligence model for internet of things attack detection using machine learning algorithms

[version 1; peer review: 1 approved with reservations]

Anduamlak Abebe ¹, Seffi Gebeyehu², Abebaw Alem³

PUBLISHED 25 Feb 2025

Author details Author details

¹ Computer Science, Debre Tabor University, Debre Tabor, Amhara, Ethiopia
² Computer Science, Bahir Dar University, Bahir Dar, Amhara, Ethiopia
³ Information Technology, Debre Tabor University, Debre Tabor, Amhara, Ethiopia

Anduamlak Abebe
Roles: Conceptualization, Data Curation, Formal Analysis, Investigation, Methodology, Resources, Software, Supervision, Validation, Visualization, Writing – Original Draft Preparation, Writing – Review & Editing

Seffi Gebeyehu
Roles: Formal Analysis, Methodology, Resources, Software, Validation, Writing – Review & Editing

Abebaw Alem
Roles: Conceptualization, Investigation, Methodology, Resources, Supervision, Writing – Review & Editing

OPEN PEER REVIEW

REVIEWER STATUS

This article is included in the Artificial Intelligence and Machine Learning gateway.

This article is included in the Cybersecurity collection.

Abstract

Background

The rapid growth of the Internet of Things (IoT) has brought transformative benefits across industries, yet it also presents significant security challenges due to the proliferation of connected devices.

Methods

This study proposes an artificial intelligence (AI) model leveraging machine learning algorithms to detect and classify multiple types of IoT attacks, including distributed denial of service (DDoS), reconnaissance, brute force, spoofing, and Mirai attacks, using the CICIoT2023 dataset. The dataset was divided into training and testing sets to ensure accurate performance assessment. After training, the models were tested, and their effectiveness was evaluated through metrics like accuracy and confusion matrices.

Results and conclusions

Among the algorithms used, the decision tree model outperformed than others, achieving an impressive accuracy of 98.34%. In contrast, Bayes classifiers, support vector machines (SVM), and logistic regression achieved accuracy rates of 92%, 91.5%, and 75%, respectively. These results highlight the significant potential of machine learning techniques in detecting and mitigating various IoT attacks, offering promising avenues for enhancing IoT security. The improvement of the performance of the IoT attack detection model using large datasets and the appropriate using deep learning algorithms with their parameters will be our future consideration in the domain.

Keywords

Internet of Things, cyber-attacks, Internet of Things security, machine learning

Corresponding author: Anduamlak Abebe

Competing interests: No competing interests were disclosed.

Grant information: The author(s) declared that no grants were involved in supporting this work.

Copyright: © 2025 Abebe A et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

How to cite: Abebe A, Gebeyehu S and Alem A. Artificial intelligence model for internet of things attack detection using machine learning algorithms [version 1; peer review: 1 approved with reservations]. F1000Research 2025, 14:230 (https://doi.org/10.12688/f1000research.161643.1) First published: 25 Feb 2025, 14:230 (https://doi.org/10.12688/f1000research.161643.1) Latest published: 25 Feb 2025, 14:230 (https://doi.org/10.12688/f1000research.161643.1)

1. Introduction

The Internet of Things (IoT) is a network of hundreds of millions of gadgets that can communicate with one another with little help from users. IoT attack is a type of cyber-attack that targets systems made up of physical things, cars, buildings, and other objects integrated with software that allows them to exchange or collect data.¹ As described by Anwer A. & et al.,² there were about 28 billion IoT devices in use in 2018. By 2022, this sum is predicted to reach 49.1 billion, and the IoT is projected to reach a display size of approximately ten trillion. IoT is acknowledged as a technique for appropriate mechanisms connected via servers, sensors, and different software.²

According to the Ethiopian Information Network Security Administration (INSA) director report, they saved 23.2 billion birrs by defending against cyber-attacks. During 2022/2023, more than 6,859 cyber-attacks occurred and only 6,768 cyber-attacks got solutions. Banking and financial institutions, national intelligence security services, media institutions, selected governmental institutions, regional offices, health and higher institutions are the most targeted centers. According to the report, website attacks, malware attacks, port scans, distributed denial of service (DDoS), and structured query language (SQL) Injection are the most frequently occurring types of attacks in Ethiopia during 2022/23.³

It is difficult to produce IoT security data that is useful for actual applications for several reasons. Having a vast network made up of multiple actual IoT devices, akin to the topologies of actual IoT applications, is one of the primary issues. Due to the widespread adoption of IoT, its inherent mobility, and standardization limitations, numerous researchers have looked into the risks that IoT devices pose to large corporations and smart towns. As a result, smart mechanisms that can automatically detect suspicious movement on IoT devices connected to local networks are required.^2,4 The pervasive growth of the IoT creates an expanding attack surface for malicious actors. Detecting these attacks effectively is crucial for securing IoT systems and protecting sensitive data. This paper explored the use of machine learning (ML) for attack detection in IoT environments, focusing on the challenge of imbalanced datasets and potential solutions.

The IoT has become a crucial component of today’s technological landscape, as it allows various devices and systems to connect and communicate with each other over the Internet. This interconnected network of devices has revolutionized many industries, including healthcare, transportation, manufacturing, and smart homes. The IoT has become increasingly significant in today’s world by connecting everyday objects to the Internet, automating tasks and processes, enhancing data-driven decision-making, and creating new opportunities.

However, the widespread adoption of IoT devices has also introduced new security challenges and vulnerabilities. IoT devices are often designed with limited processing power and memory, making them more susceptible to attacks. Additionally, many IoT devices lack robust security features, such as encryption and secure authentication mechanisms, interconnectedness, and privacy concerns, making them easy targets for cybercriminals. There are different types of attacks targeting IoT devices namely; malware, DoS attacks, man-in-the-middle attacks, botnet attacks, and physical attacks. IoT devices, with their limited processing power, are vulnerable to cyberattacks, making them attractive targets for hackers seeking unauthorized access or control. These devices collect vast amounts of personal data, and inadequate security can lead to serious privacy breaches. Many are integrated into critical infrastructure, meaning attacks can cause widespread disruption and economic damage. Compliance with regulations is essential to avoid legal and reputational consequences. Security flaws in one device can compromise entire networks, emphasizing the need for robust protection. High-profile breaches can erode consumer trust, hinder adoption, and result in significant financial losses. If security risks are not addressed, innovation in IoT may slow down. Ensuring long-term sustainability requires continuous investment in security measures, and collaboration among organizations, developers, and policymakers is crucial for a secure IoT ecosystem.

The main contributions of this work are summarized as:

(1) Prominent result: The proposed model is focusing on evaluating ML algorithms’ performance using unbalanced datasets and the prominent result was resulted. Moreover, the authors also compared the results from the existed related works and performance has been improved.
(2) Automation and efficiency: ML algorithms can analyze large amounts of IoT network data more quickly and accurately than manual methods. This could enable the detection of attacks in real time, enhancing the security of IoT systems.
(3) Scalability: As the number of IoT devices continues to grow rapidly, ML based systems can scale efficiently to handle large networks with numerous devices, ensuring comprehensive attack identification and protection.

2. Related works

Several scholars used various methodologies to carry out studies on cyber-attack detection.

In their study,² outlined a methodology for identifying suspicious network activity. They achieved a performance result of 85.34% using a random forest (RF) algorithm. Using the NSL KDD dataset, the suggested framework was used, and the results were compared for training, prediction time, specificity, and accuracy.

In their study,⁵ several detection techniques are assessed using the recently created Bot-IoT dataset. During the implementation stage, seven distinct ML algorithms were employed, with the majority demonstrating exceptional performance. Throughout the deployment, new features were taken from the Bot-IoT dataset.

In their study,⁶ they used six distinct algorithms RF, Logistic Regression (LR), SVM, NB, K-Nearest Neighbors (KNN), and multilayer perceptron (MLP) to conduct a comparative analysis of IoT cyber-attack detection techniques.

In their study,⁷ To effectively detect attacks and abnormalities in IoT systems, the authors of the paper compared the performances of numerous ML models. LR, SVM, decision tree (DT), RF, and artificial neural network (ANN) are the ML algorithms that were employed in this case.

In their study,⁸ they performed IoT behavior classification, monitoring the expected IoT behaviors and evaluating the efficacy of our optimally selected classifiers versus the superset of specialized classifiers by applying them to our IoT traffic traces.

In their study,⁹ the study attempts to secure IoT devices by employing a Raspberry Pi as a honeypot to mimic IoT devices and verify the user’s intent, examine various attack patterns, and shield IoT devices from known threats. The purpose of these honeypots is to protect various protocols in IoT devices that are susceptible to assaults.

In their study,¹⁰ Using an extended topology made up of multiple real IoT devices, they conducted a novel realistic IoT attack dataset, adopting IoT devices as both attackers and victims. They carried out, recorded, and gathered information from 33 attacks against IoT devices, categorized into seven types, and they showed how they could be replicated. Using the CICIoT2023 dataset, they assessed how well ML and deep learning algorithms classified and detected benign or malicious IoT network traffic.

In their study,¹¹ applied a hybrid deep learning technique to handle the problem of uneven data classification in attack detection. Convolutional neural networks (CNNs) and long short-term memory (LSTM) networks are two components of a hybrid deep learning model that the authors suggest using to enhance classification performance. They draw attention to the difficulties that imbalanced datasets present in precisely identifying attacks. CNNs are useful for extracting spatial properties from the data, they say, whereas LSTM networks are better at extracting temporal dependencies from sequential data. The hybrid deep learning model’s performance is compared with that of conventional ML methods by the authors through experimentation on attack datasets that are not balanced. The results demonstrate that the hybrid deep learning approach outperforms traditional methods in detecting attacks in imbalanced datasets, showcasing the effectiveness of combining CNNs and LSTM networks for improved classification accuracy.

In their study,¹² explains in detail the many ML methods that are employed to identify IoT botnets. In the IoT ecosystem, botnets pose an increasing threat, as the review emphasizes the significance of IoT security. It covers the many ML techniques and algorithms that have been put forth to identify and lessen IoT botnet threats. To give readers an understanding of the current status of this field of research, the manuscript carefully assesses the advantages and disadvantages of different methodologies. For those working on botnet detection and IoT security, the paper is an invaluable resource overall.

The study,¹³ examined how ML approaches applied to Industrial Internet of Things (IIoT) systems security are affected by imbalanced datasets. To better understand how class imbalances in datasets impact ML models’ ability to identify security vulnerabilities in IIoT environments, the study looks into how these imbalances may impact model performance and accuracy. Within the framework of IIoT security, it addressed several problems and difficulties associated with unbalanced datasets, including minority class misclassification and biased model predictions. Additionally, to improve the efficacy of machine learning-based security mechanisms in IIoT systems, the book suggests possible approaches and answers to these problems. Overall, the study provided valuable insights into the implications of imbalanced datasets on the security of IIoT and offers recommendations for improving the robustness and reliability of security measures in industrial IoT settings.

However, the security issue of IoT has not addressed yet and further investigations are required. Therefore, we the authors are focusing on such issues to improve the performances of the existing works and evaluating other ML algorithms in this paper.

3. Methods

This study followed crucial steps illustrated in the proposed IoT attack detection architecture to conduct rigorous experiments, as shown in Figure 1 designed by the authors.

Figure 1. Proposed model architectures of IoT attack detection.

This figure has been created by the author.

3.1 Dataset information

One of the most frequent problems faced by ML researchers is locating reliable datasets with the necessary properties. Regardless of the size of the dataset, selecting a specific learning technique is not as crucial as creating a well-cleaned representative dataset.¹⁴ In our investigation, we used a distinct IoT attack dataset from the CICIoT2023, which has a total of 221,834 occurrences that were recorded as Comma Separated Values (CSV) files. In our study, 42 relevant features were extracted, and the total dataset was labeled namely Benign Traffic, DDoS, Spoofing, SQL Injection, Recon, and Mirai. The following three key reasons were taken into account why selecting the aforementioned dataset: i) the dataset contains 42 attributes extracted from different categories of IoT attack features; ii) the dataset contains 221,834 dataset instances which are cleaned, imbalanced, and contain the required features as shown in Table 1; iii) the dataset contains raw datasets so that it is possible to generate new features as needed.

Table 1. Dataset information.

IoT attack classes	Collected dataset	Dataset source
Mirai	50,632	Canadian Institute for Cyber Security CICIoT2023
Recon	6,094
SQL Injection	185
Benign Traffic	21102
DDoS	137,941
Spoofing	5880
Total dataset	221,834

3.2 Data Preprocessing and feature selection

Preprocessing data and feature extraction for IoT attack detection with an imbalanced dataset is an important step to ensure the effectiveness of ML approaches. The researcher implemented dimensionality reduction, data splitting, and data cleaning. To ensure its quality and reliability, the researcher handles missing values, outliers, and any inconsistencies in the dataset.

Feature selection involves selecting and transforming relevant features from the raw data to improve the performance of the ML model. The researcher extracted 42 informative features using principal component analysis techniques.

3.3 Train-test dataset spit ratios

Train-test dataset splits are required before feeding datasets to the learning algorithms. This is because it’s anticipated that learning model(s) would be evaluated using unidentified datasets to assess how well they can forecast new IoT threats. Most studies employed train-test dataset split ratios of 80%:20%.¹⁵ However, the study groups could not agree on how much train-test dataset split ratio to use for how many dataset instances. This is why the suggested study chose a dataset split ratio that yields improved training and testing set accuracy for each classifier by using 80%:20% train-test dataset split ratios on each classifier.

As a result, for our model experiment from the total dataset, we have taken 80% (177,467) of the dataset used for training, and 20% (44,367) used for testing our model performance accuracy.

3.4 Implementation Tools and Algorithms

The study conducted extensive experiments using Python to test and train the suggested Supervised ML algorithms using high-speed computing. Python was chosen as the implementation language for the study due to its abundance of libraries and packages tailored for ML research.

We the authors employed four well-known ML algorithms, namely; decision tree, SVM with default parameters, SVM with sigmoid kernel, LR, and Naïve Bayes^16–19 to identify IoT attacks.

DTs are versatile and intuitive models that make predictions by recursively splitting the data based on different features. They are known for being interpretable and can handle both categorical and numerical data. We used default DT parameters like Max depth, minimum samples per leaf, splitting criteria, and maximum features per split.

SVM is a powerful algorithm that separates data points into different classes by finding the best hyperplane that maximizes the margin between the classes. The default parameters refer to the default values set by the algorithm, which may vary depending on the implementation. SVM can also utilize different kernels, such as the sigmoid kernel, which allows for non-linear separation of data points. The sigmoid kernel maps the data into a higher-dimensional space to find a decision boundary.

Despite its name, LR is a classification algorithm rather than a regression algorithm. It calculates the probability of an instance belonging to a certain class using a logistic function. It’s commonly used for binary classification problems. To control the degree of regularization, penalizing complex models, and reducing overfitting we used the regularization parameter (lambda). Chooses gradient descent algorithm used to find the optimal model parameters. Sets the maximum number of iterations for the solver to find the optimal parameters.

Naïve Bayes is a probabilistic classifier that calculates the probability of an instance belonging to a particular class based on Bayes’ theorem, assuming that all features are independent. We used the following key parameters to implement the Naïve Bayes algorithm for IoT attack detections. Smoothing parameter (Alpha): Adds a small value to the estimated probabilities to avoid division by zero and improve stability, especially with sparse data. Feature selection: Choosing the subset of features most relevant for classification can improve performance and interpretability.

4. Experimental result evaluation

4.1 Evaluation metrics

It’s critical to specify performance metrics appropriate for the task at hand when assessing ML models. We employed the most significant performance metrics for, the accuracy, and confusion matrix to assess our findings.²⁰

Accuracy is calculated as the sum of two accurate predictions (TP + TN) divided by the total number of data sets (P + N). The best accuracy is 1.0, and the worst is 0.00.²⁰

(1)

Accuracy = \frac{TP + TN}{P + N}

4.2 Experimental results and comparisons

To attain better performance results, we conducted data preprocessing techniques. The dataset is transformed into a structure appropriate for ML using pre-processing data transformation techniques.²¹ To make the dataset more accurate and efficient, this stage also involves cleaning it by deleting any irrelevant or corrupted data.

We employed various supervised ML techniques, including LR, DT, SVM, and NB, to carry out this investigation. DT outperformed other ML algorithms by achieving accuracy of 98.34%, as shown in Table 2.

Table 2. Applied ML algorithm performance result.

Machine learning algorithms	Accuracy %	Remark
Decision tree (DT)	98.34%
Support Vector Machine (SVM)	91.5%	With default hyperparameters
Support Vector Machine (SVM)	69.27%	With sigmoid kernel
Logistic Regression (LR)	75%
Naïve Bayes (NB)	92%

Accuracy is one of the most relevant performance evaluation metrics in ML as well as deep learning algorithms. This metric is also deployed in this work, as shown in Table 2 that shows DT was the highest-performing algorithm, followed by NB and SVM with default value. SVM with a sigmoid kernel received the lowest performance score of 69.27%, making it the least effective algorithm. Despite having a high-performance score, NB was notably slower than the other algorithms. Graphically, the performance result is shown in Figure 2.

Figure 2. Machine learning approach performance applied to the CICIoT2023 dataset.

In addition to accuracy, confusion matrix is also used to evaluate the performance. An N x N matrix, where N is the total number of target classes, is called a confusion matrix and is used to assess how well a classification model performs. The ML model’s predicted outcomes are compared with the actual target values in the matrix. The confusion matrix was obtained when we employed different ML algorithms of SVM, LR, NB, and DT algorithms respectively, as shown in Figure 3.

Figure 3. Confusion matrix obtained in the identification process conducted using different machine learning models (SVM (A), LR (B), NB (C), and DT (D)).

In addition to comparing and evaluating the performance of the ML algorithms deployed in this work, the authors also compared such algorithms with the existed related works, as shown in Table 3. In most of cases, the performance improvements have been achieved in the state-of-the-art even though there are different limitations and challenges that need further investigations in the domain area.

Table 3. Result comparison from the related works.

Related works	Title of related work	Methods used	Performance %
⁵	Internet of Things Cyberattacks Detection Using Machine Learning	NB	79%
²	Attack Detection in IoT Using Machine Learning	SVM, RF	85.34%
⁴	Cyberattack Detection Using Machine Learning	KNN & RF	88%
⁷	Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches	DT, RF & ANN	99.4%
¹⁰	Botnet Attack Detection in IoT Using Machine Learning Technique	DT, LR	94%
Our proposed work	Artificial intelligence model for internet of things attack detection using machine learning algorithms	DT, NB, SVM, LR	98.34%

5. Conclusions

IoT security attacks have been a hot issue in recent time. This paper aimed to design a multi-class IoT attack detection model using ML algorithms. The employed four supervised ML algorithms, namely; DT, SVM, LR, and NB were used to address the proposed problem related to identifying IoT attacks. The recent Canadian Institute of Cyber Security CICIoT2023 dataset, which contains the imbalanced instances and multi-class types of attacks with six classes, was used for designing and evaluating the proposed model. The dataset was splited into 80%:20% ratio for training and testing the model, respectively. The experiments are conducted using Python in Google Co-Lab.

To evaluate the model performance, we used tabular representation (accuracy) and confusion matrix for each employed algorithm. The prominent performance result has been found. In DT, we attained the maximum prediction accuracy rate of 98.34%. DT outperforms SVM at 91.5%, LR at 75%, and Bayes classifiers (NB) at 92%. Our model performs superior accuracy in the prediction of these IoT attacks when compared to other benchmarks of ML classification approaches.

In the area of IoT threat detection, our suggested model result offers several contributions, including resolving unbalanced data issues, enhancing detection precision, increasing imbalanced data awareness, improving performance, and forwarding future directions in the area. Therefore, the result could be enhancing security, reducing response time, and enabling adaptive defense to provide a significant contribution to the domain of IoT security. The work on IoT security attack identification using ML approaches holds great promise in improving IoT security.

However, there are different limitations faced in designing IoT security attacking systems. The first limitation was the dataset used could be too small or homogeneous for a reliable assessment and generalizability. The second limitation was the adversarial attacks that can manipulate IoT network traffic to evade or mislead ML based detection systems and can exploit vulnerabilities in the ML models themselves or manipulate the input data, making it difficult for the system to detect attacks accurately. The last but not the least limitation was only the ML algorithms have been employed in this work rather than deep learning algorithms that are important for performance improvements in large dataset.

Based on the limitations mentioned earlier, the improvement of the performance of IoT attack detection model using large datasets and the appropriate deep learning algorithms with their parameters will be our future consideration in the domain.

Ethics and consent

Ethical approval and consent were not required.

Data availability

All necessary data available from Kaggle and download it after filling CIC DATASET DOWNLOAD FORM for “CIC_IOT_Dataset2023” form. https://www.unb.ca/cic/datasets/iotdataset-2023.html.

References

1. Abdul-Qawy AS, Magesh E, Tadisetty S: The Internet of Things (IoT): An Overview. Int. J. Eng. Res. Appl. 2015.
2. Tharwat A: Classification assessment methods. Applied Computing and Informatics. 2020; 17(1): 168–192. Publisher Full Text
3. Belay TE: Web Security Vulnerability Analysis of Ethiopian Government Offices. 2nd world conference on Engineering and Technology. Brussels, Belgium: 2021.
4. Soka S: Cyber attack assessment report in Ethiopia during 2023. Addis Abeba: INSA-የኢንፎርሜሽን መረብ ደህንነት አስተዳደር; 2023.
5. Haseeb J, Mansoori M, Al-Sahaf H, et al.: IoT Attacks: Features Identification and Clustering. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Western Sydney: 2020.
6. Jadel Alsamiri KA: Internet of Things Cyber Attacks Detection using Machine Learning. (IJACSA) International Journal of Advanced Computer Science and Applications. 2019; 10. Publisher Full Text
7. Mohammed AHK, Jebamikyous H-H, et al.: IoT Cyber-Attack Detection: A Comparative Analysis. ACM. 2021. Publisher Full Text
8. Deepthi Reddy SK: Cyber Attacks Detection using Machine Learning. Neuroquantology. 2022.
9. Hasan M, Islam MM, Zarif MII, et al.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Elsevier B.V.; 2019. Publisher Full Text
10. Pashamokhtari A, Batista G, Gharakheili HH: Efficient IoT Traffic Inference: from Multi-View Classification to Progressive Monitoring. ACM Transactions on Internet of Things. 2023. Publisher Full Text
11. Goyal U, Krishna A, Kumar A, et al.: Detection And Prevention Of Cyber Attacks On Multi-purpose IoT Devices Using Honeypot. 2nd International Conference on “Advancement in Electronics & Communication Engineering (AECE 2022)”. 2022.
12. Neto ECP, Dadkhah S, Ferreira R, et al.: CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors. 2023; 23: 5941. 2023. PubMed Abstract | Publisher Full Text | Free Full Text
13. Anwer M, Khan SM, Farooq MU, et al.: Attack Detection in IoT using Machine Learning. Engineering, Technology & Applied Science Research. 2021; 11(3): 7273–7278. Publisher Full Text
14. Laurent Sindayigaya AD: Machine Learning Algorithms: A Review. International Journal of Science and Research (IJSR). 2022; 11: 1127–1133. 2319-7064. Publisher Full Text
15. Sarke IH: Machine Learning: Algorithms, Real-World Applications and Research Directions. Springer Nature Singapore; Publisher Full Text
16. Manisha KCJ, Manjramkar A: Cyber Security Using Machine Learning Techniques. Advances in Computer Science Research. 2023. Publisher Full Text
17. Shaukat K, Luo S, Chen S, et al.: Cyber Threat Detection Using Machine Learning Techniques: A Performance Evaluation Perspective. 2020 International Conference on Cyber Warfare and Security (ICCWS). Islamabad, Pakistan: 2020.
18. Kibreab Adane BB: Machine learning and deep learning based phishing websites detection: the current gaps and next directions. Review of Computer Engineering Research. 2022; 9(1): 13–29. Publisher Full Text
19. Abdullahi M, Baashar Y, Alhussian H, et al.: Detecting Cybersecurity Attacks in Internet of Things Using Artificial Intelligence Methods: A Systematic Literature Review. Electronics. 2022; 11(2): 198. 2022. Publisher Full Text
20. Nazir A, He J, Zhu N, et al.: Advancing IoT security: A systematic review of machine learning approaches for the detection of IoT botnets. Journal of King Saud University - Computer and Information Sciences. 2023; 35(10): 101820. Publisher Full Text
21. Zolanvari M, Teixeira MA, Jain R: Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning. 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). 2018.

Comments on this article Comments (0)

Version 1

VERSION 1 PUBLISHED 25 Feb 2025

Author details Author details

Seffi Gebeyehu
Roles: Formal Analysis, Methodology, Resources, Software, Validation, Writing – Review & Editing

Abebaw Alem
Roles: Conceptualization, Investigation, Methodology, Resources, Supervision, Writing – Review & Editing

Competing interests

No competing interests were disclosed.

Grant information

The author(s) declared that no grants were involved in supporting this work.

Article Versions (1)

version 1

Published: 25 Feb 2025, 14:230

https://doi.org/10.12688/f1000research.161643.1

© 2025 Abebe A et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Download

Export To

metrics

	Views	Downloads
F1000Research	-	-
PubMed Central Data from PMC are received and updated monthly.	-	-

Citations

SEE MORE DETAILS

CITE

how to cite this article

Abebe A, Gebeyehu S and Alem A. Artificial intelligence model for internet of things attack detection using machine learning algorithms [version 1; peer review: 1 approved with reservations]. F1000Research 2025, 14:230 (https://doi.org/10.12688/f1000research.161643.1)

NOTE: If applicable, it is important to ensure the information in square brackets after the title is included in all citations of this article.

track

receive updates on this article

Track an article to receive email alerts on any updates to this article.

Open Peer Review

Version 1

VERSION 1

PUBLISHED 25 Feb 2025

Views

Reviewer Report 17 Mar 2025

Petar Radanliev, University of Oxford, Oxford, England, UK

Approved with Reservations

https://doi.org/10.5256/f1000research.177702.r370251

The article is well-structured and well-written. It deserves consideration for indexing. There are some corrections, which I outline in more detail below:

The article is a bit short, I am not certain about the journal page limit, but if you have space, try to expand with a focus on contribution. One way to improve your contributions is to improve your review and compare existing literature and knowledge. For example, you have done a great job reviewing so many articles, but only a few articles on cyber risk from future developments in new technologies, such as AI, which seems to be all the rage at the moment. There are recent articles on this topic that review recent and relevant literature, for example, on the related topic of cybersecurity threats, exploits, and vulnerabilities in new software bills of materials with artificial intelligence - see: [Ref 1] and on the related topic of ‘AI security and cyber risk in IoT systems’ - see: [Ref 2] It would be interesting to see a few sentences reviewing and comparing your work in relations to these recent studies in related topics.

- in conclusion, could you highlight your conclusions on what urgent measures can be taken to help the industry adapt to these findings?

I hope the comments and feedback are helpful, and well done for writing such an interesting article. I am looking forward to reading the updated version.

Is the work clearly and accurately presented and does it cite the current literature?

Yes
Is the study design appropriate and is the work technically sound?

Yes
Are sufficient details of methods and analysis provided to allow replication by others?

Yes
If applicable, is the statistical analysis and its interpretation appropriate?

I cannot comment. A qualified statistician is required.
Are all the source data underlying the results available to ensure full reproducibility?

Partly
Are the conclusions drawn adequately supported by the results?

Yes

References

1. Radanliev P, Santos O, Brandon-Jones A: Capability hardware enhanced instructions and artificial intelligence bill of materials in trustworthy artificial intelligence systems: analyzing cybersecurity threats, exploits, and vulnerabilities in new software bills of materials with artificial intelligence. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology. 2024. Publisher Full Text
2. Radanliev P, De Roure D, Maple C, Nurse JRC, et al.: AI security and cyber risk in IoT systems.Front Big Data. 2024; 7: 1402745 PubMed Abstract | Publisher Full Text

Competing Interests: No competing interests were disclosed.

Reviewer Expertise: AI security, IoT, cyber risk, blockchchain security, post-quantum cryptography.

I confirm that I have read this submission and believe that I have an appropriate level of expertise to confirm that it is of an acceptable scientific standard, however I have significant reservations, as outlined above.

CITE

Report a concern

Author Response 21 Mar 2025

Anduamlak Abebe, Computer Science, Debre Tabor University, Debre Tabor, Ethiopia

21 Mar 2025

Author Response

Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We ... Continue reading Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We will revise as per your comment.
Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We will revise as per your comment.
Competing Interests: No any competing interest Close
Report a concern
Respond or Comment

COMMENTS ON THIS REPORT

Author Response 21 Mar 2025

Anduamlak Abebe, Computer Science, Debre Tabor University, Debre Tabor, Ethiopia

21 Mar 2025

Author Response

Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We ... Continue reading Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We will revise as per your comment.
Thank you for your constructive comment. We acknowledge the reviewer’s concerns regarding to expansion of existing literature and knowledge comparision. We also acknowledge the reviewer’s concerns regarding the conclusion section.
We will revise as per your comment.
Competing Interests: No any competing interest Close
Report a concern

Comments on this article Comments (0)

Version 1

VERSION 1 PUBLISHED 25 Feb 2025

Open Peer Review

Reviewer Status

Reviewer Reports

	Invited Reviewers
	1
Version 1 25 Feb 25	read

Petar Radanliev, University of Oxford, Oxford, UK

Comments on this article

All Comments(0)

Add a comment

Browse by related subjects

Back to all reports

Reviewer Report

10 Views

17 Mar 2025 | for Version 1

Petar Radanliev, University of Oxford, Oxford, England, UK

10 Views Cite this report Responses(1)

Approved With Reservations

Is the work clearly and accurately presented and does it cite the current literature?

Yes
Is the study design appropriate and is the work technically sound?

Yes
Are sufficient details of methods and analysis provided to allow replication by others?

Yes
If applicable, is the statistical analysis and its interpretation appropriate?

I cannot comment. A qualified statistician is required.
Are all the source data underlying the results available to ensure full reproducibility?

Partly
Are the conclusions drawn adequately supported by the results?

Yes

References

Competing Interests

No competing interests were disclosed.

Reviewer Expertise

AI security, IoT, cyber risk, blockchchain security, post-quantum cryptography.

Respond to this report

Responses (1)

Alongside their report, reviewers assign a status to the article:

Approved - the paper is scientifically sound in its current form and only minor, if any, improvements are suggested

Approved with reservations - A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.

Not approved - fundamental flaws in the paper seriously undermine the findings and conclusions

[1] 1. Abdul-Qawy AS, Magesh E, Tadisetty S: The Internet of Things (IoT): An Overview. Int. J. Eng. Res. Appl. 2015.

[2] 2. Tharwat A: Classification assessment methods. Applied Computing and Informatics. 2020; 17(1): 168–192. Publisher Full Text

[3] 3. Belay TE: Web Security Vulnerability Analysis of Ethiopian Government Offices. 2nd world conference on Engineering and Technology. Brussels, Belgium: 2021.

[4] 4. Soka S: Cyber attack assessment report in Ethiopia during 2023. Addis Abeba: INSA-የኢንፎርሜሽን መረብ ደህንነት አስተዳደር; 2023.

[5] 5. Haseeb J, Mansoori M, Al-Sahaf H, et al.: IoT Attacks: Features Identification and Clustering. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Western Sydney: 2020.

[6] 6. Jadel Alsamiri KA: Internet of Things Cyber Attacks Detection using Machine Learning. (IJACSA) International Journal of Advanced Computer Science and Applications. 2019; 10. Publisher Full Text

[7] 7. Mohammed AHK, Jebamikyous H-H, et al.: IoT Cyber-Attack Detection: A Comparative Analysis. ACM. 2021. Publisher Full Text

[8] 8. Deepthi Reddy SK: Cyber Attacks Detection using Machine Learning. Neuroquantology. 2022.

[9] 9. Hasan M, Islam MM, Zarif MII, et al.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Elsevier B.V.; 2019. Publisher Full Text

[10] 10. Pashamokhtari A, Batista G, Gharakheili HH: Efficient IoT Traffic Inference: from Multi-View Classification to Progressive Monitoring. ACM Transactions on Internet of Things. 2023. Publisher Full Text

[11] 11. Goyal U, Krishna A, Kumar A, et al.: Detection And Prevention Of Cyber Attacks On Multi-purpose IoT Devices Using Honeypot. 2nd International Conference on “Advancement in Electronics & Communication Engineering (AECE 2022)”. 2022.

[12] 12. Neto ECP, Dadkhah S, Ferreira R, et al.: CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors. 2023; 23: 5941. 2023. PubMed Abstract | Publisher Full Text | Free Full Text

[13] 13. Anwer M, Khan SM, Farooq MU, et al.: Attack Detection in IoT using Machine Learning. Engineering, Technology & Applied Science Research. 2021; 11(3): 7273–7278. Publisher Full Text

[14] 14. Laurent Sindayigaya AD: Machine Learning Algorithms: A Review. International Journal of Science and Research (IJSR). 2022; 11: 1127–1133. 2319-7064. Publisher Full Text

[15] 15. Sarke IH: Machine Learning: Algorithms, Real-World Applications and Research Directions. Springer Nature Singapore; Publisher Full Text

[16] 16. Manisha KCJ, Manjramkar A: Cyber Security Using Machine Learning Techniques. Advances in Computer Science Research. 2023. Publisher Full Text

[17] 17. Shaukat K, Luo S, Chen S, et al.: Cyber Threat Detection Using Machine Learning Techniques: A Performance Evaluation Perspective. 2020 International Conference on Cyber Warfare and Security (ICCWS). Islamabad, Pakistan: 2020.

[18] 18. Kibreab Adane BB: Machine learning and deep learning based phishing websites detection: the current gaps and next directions. Review of Computer Engineering Research. 2022; 9(1): 13–29. Publisher Full Text

[19] 19. Abdullahi M, Baashar Y, Alhussian H, et al.: Detecting Cybersecurity Attacks in Internet of Things Using Artificial Intelligence Methods: A Systematic Literature Review. Electronics. 2022; 11(2): 198. 2022. Publisher Full Text

[20] 20. Nazir A, He J, Zhu N, et al.: Advancing IoT security: A systematic review of machine learning approaches for the detection of IoT botnets. Journal of King Saud University - Computer and Information Sciences. 2023; 35(10): 101820. Publisher Full Text

[21] 21. Zolanvari M, Teixeira MA, Jain R: Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning. 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). 2018.

Artificial intelligence model for internet of things attack detection using machine learning algorithms

Abstract

Background

Methods

Results and conclusions

Keywords

1. Introduction

2. Related works

3. Methods

Figure 1. Proposed model architectures of IoT attack detection.

3.1 Dataset information

Table 1. Dataset information.

3.2 Data Preprocessing and feature selection

3.3 Train-test dataset spit ratios

3.4 Implementation Tools and Algorithms

4. Experimental result evaluation

4.1 Evaluation metrics

(1)

4.2 Experimental results and comparisons

Table 2. Applied ML algorithm performance result.

Figure 2. Machine learning approach performance applied to the CICIoT2023 dataset.

Figure 3. Confusion matrix obtained in the identification process conducted using different machine learning models (SVM (A), LR (B), NB (C), and DT (D)).

Table 3. Result comparison from the related works.

5. Conclusions

Ethics and consent

Data availability

References

Comments on this article Comments (0)

Open Peer Review

Comments on this article Comments (0)

Open Peer Review

Reviewer Status

Reviewer Reports

Comments on this article

Browse by related subjects

Competing Interests Policy

Stay Updated