The Internet of Things (IoT) is a network of hundreds of millions of gadgets that can communicate with one another with little help from users. IoT attack is a type of cyber-attack that targets systems made up of physical things, cars, buildings, and other objects integrated with software that allows them to exchange or collect data. ¹ As described by Anwer A. & et al., ² there were about 28 billion IoT devices in use in 2018. By 2022, this sum is predicted to reach 49.1 billion, and the IoT is projected to reach a display size of approximately ten trillion. IoT is acknowledged as a technique for appropriate mechanisms connected via servers, sensors, and different software. ²

According to the Ethiopian Information Network Security Administration (INSA) director report, they saved 23.2 billion birrs by defending against cyber-attacks. During 2022/2023, more than 6,859 cyber-attacks occurred and only 6,768 cyber-attacks got solutions. Banking and financial institutions, national intelligence security services, media institutions, selected governmental institutions, regional offices, health and higher institutions are the most targeted centers. According to the report, website attacks, malware attacks, port scans, distributed denial of service (DDoS), and structured query language (SQL) Injection are the most frequently occurring types of attacks in Ethiopia during 2022/23. ³

It is difficult to produce IoT security data that is useful for actual applications for several reasons. Having a vast network made up of multiple actual IoT devices, akin to the topologies of actual IoT applications, is one of the primary issues. Due to the widespread adoption of IoT, its inherent mobility, and standardization limitations, numerous researchers have looked into the risks that IoT devices pose to large corporations and smart towns. As a result, smart mechanisms that can automatically detect suspicious movement on IoT devices connected to local networks are required. ^{2, 4} The pervasive growth of the IoT creates an expanding attack surface for malicious actors. Detecting these attacks effectively is crucial for securing IoT systems and protecting sensitive data. This paper explored the use of machine learning (ML) for attack detection in IoT environments, focusing on the challenge of imbalanced datasets and potential solutions.

The IoT has become a crucial component of today’s technological landscape, as it allows various devices and systems to connect and communicate with each other over the Internet. This interconnected network of devices has revolutionized many industries, including healthcare, transportation, manufacturing, and smart homes. The IoT has become increasingly significant in today’s world by connecting everyday objects to the Internet, automating tasks and processes, enhancing data-driven decision-making, and creating new opportunities.

However, the widespread adoption of IoT devices has also introduced new security challenges and vulnerabilities. IoT devices are often designed with limited processing power and memory, making them more susceptible to attacks. Additionally, many IoT devices lack robust security features, such as encryption and secure authentication mechanisms, interconnectedness, and privacy concerns, making them easy targets for cybercriminals. There are different types of attacks targeting IoT devices namely; malware, DoS attacks, man-in-the-middle attacks, botnet attacks, and physical attacks. IoT devices, with their limited processing power, are vulnerable to cyberattacks, making them attractive targets for hackers seeking unauthorized access or control. These devices collect vast amounts of personal data, and inadequate security can lead to serious privacy breaches. Many are integrated into critical infrastructure, meaning attacks can cause widespread disruption and economic damage. Compliance with regulations is essential to avoid legal and reputational consequences. Security flaws in one device can compromise entire networks, emphasizing the need for robust protection. High-profile breaches can erode consumer trust, hinder adoption, and result in significant financial losses. If security risks are not addressed, innovation in IoT may slow down. Ensuring long-term sustainability requires continuous investment in security measures, and collaboration among organizations, developers, and policymakers is crucial for a secure IoT ecosystem.

The main contributions of this work are summarized as: (1)

Prominent result: The proposed model is focusing on evaluating ML algorithms’ performance using unbalanced datasets and the prominent result was resulted. Moreover, the authors also compared the results from the existed related works and performance has been improved.

Several scholars used various methodologies to carry out studies on cyber-attack detection.

In their study, ² outlined a methodology for identifying suspicious network activity. They achieved a performance result of 85.34% using a random forest (RF) algorithm. Using the NSL KDD dataset, the suggested framework was used, and the results were compared for training, prediction time, specificity, and accuracy.

In their study, ⁵ several detection techniques are assessed using the recently created Bot-IoT dataset. During the implementation stage, seven distinct ML algorithms were employed, with the majority demonstrating exceptional performance. Throughout the deployment, new features were taken from the Bot-IoT dataset.

In their study, ⁶ they used six distinct algorithms RF, Logistic Regression (LR), SVM, NB, K-Nearest Neighbors (KNN), and multilayer perceptron (MLP) to conduct a comparative analysis of IoT cyber-attack detection techniques.

In their study, ⁷ To effectively detect attacks and abnormalities in IoT systems, the authors of the paper compared the performances of numerous ML models. LR, SVM, decision tree (DT), RF, and artificial neural network (ANN) are the ML algorithms that were employed in this case.

In their study, ⁸ they performed IoT behavior classification, monitoring the expected IoT behaviors and evaluating the efficacy of our optimally selected classifiers versus the superset of specialized classifiers by applying them to our IoT traffic traces.

In their study, ⁹ the study attempts to secure IoT devices by employing a Raspberry Pi as a honeypot to mimic IoT devices and verify the user’s intent, examine various attack patterns, and shield IoT devices from known threats. The purpose of these honeypots is to protect various protocols in IoT devices that are susceptible to assaults.

In their study, ¹⁰ Using an extended topology made up of multiple real IoT devices, they conducted a novel realistic IoT attack dataset, adopting IoT devices as both attackers and victims. They carried out, recorded, and gathered information from 33 attacks against IoT devices, categorized into seven types, and they showed how they could be replicated. Using the CICIoT2023 dataset, they assessed how well ML and deep learning algorithms classified and detected benign or malicious IoT network traffic.

In their study, ¹¹ applied a hybrid deep learning technique to handle the problem of uneven data classification in attack detection. Convolutional neural networks (CNNs) and long short-term memory (LSTM) networks are two components of a hybrid deep learning model that the authors suggest using to enhance classification performance. They draw attention to the difficulties that imbalanced datasets present in precisely identifying attacks. CNNs are useful for extracting spatial properties from the data, they say, whereas LSTM networks are better at extracting temporal dependencies from sequential data. The hybrid deep learning model’s performance is compared with that of conventional ML methods by the authors through experimentation on attack datasets that are not balanced. The results demonstrate that the hybrid deep learning approach outperforms traditional methods in detecting attacks in imbalanced datasets, showcasing the effectiveness of combining CNNs and LSTM networks for improved classification accuracy.

In their study, ¹² explains in detail the many ML methods that are employed to identify IoT botnets. In the IoT ecosystem, botnets pose an increasing threat, as the review emphasizes the significance of IoT security. It covers the many ML techniques and algorithms that have been put forth to identify and lessen IoT botnet threats. To give readers an understanding of the current status of this field of research, the manuscript carefully assesses the advantages and disadvantages of different methodologies. For those working on botnet detection and IoT security, the paper is an invaluable resource overall.

The study, ¹³ examined how ML approaches applied to Industrial Internet of Things (IIoT) systems security are affected by imbalanced datasets. To better understand how class imbalances in datasets impact ML models’ ability to identify security vulnerabilities in IIoT environments, the study looks into how these imbalances may impact model performance and accuracy. Within the framework of IIoT security, it addressed several problems and difficulties associated with unbalanced datasets, including minority class misclassification and biased model predictions. Additionally, to improve the efficacy of machine learning-based security mechanisms in IIoT systems, the book suggests possible approaches and answers to these problems. Overall, the study provided valuable insights into the implications of imbalanced datasets on the security of IIoT and offers recommendations for improving the robustness and reliability of security measures in industrial IoT settings.

According to Radanliev et al., ¹⁴ as data strategies evolve, dependency models have become increasingly valuable for managing contemporary cyber risk challenges. These models aid in cyber risk estimation and general impact assessments by illustrating the intricate relationships among various digital components. The literature underscores the importance of a comprehensive understanding of cyber risks, particularly in relation to the Internet of Things (IoT), where conventional assessment methods may fall short. The paper advocates for the adoption of innovative risk assessment and management strategies that can effectively address the unique challenges presented by emerging IoT cyber threats. By utilizing these methods, the cybersecurity community can enhance its defenses and better navigate the constantly shifting landscape of digital vulnerabilities.

According to Radanliev et al., ¹⁵ the study focuses on the role of AI-based Bill of Materials (BOMs) in ensuring the trustworthiness and quality of AI systems, evaluating CHERI’s security features for addressing cybersecurity threats, and using AI techniques to identify and analyze threats, exploits, and vulnerabilities in Software Bill of Materials (SBOMs). The results indicate that combining CHERI with AI BOMs significantly improves the security and transparency of AI systems. This integration not only aids in identifying and mitigating specific threats and vulnerabilities but also enhances trust and security within AI systems, highlighting the potential of AI-driven approaches to bolster the security of SBOMs.

However, the security issue of IoT has not addressed yet and further investigations are required. Therefore, we the authors are focusing on such issues to improve the performances of the existing works and evaluating other ML algorithms in this paper.

This study followed crucial steps illustrated in the proposed IoT attack detection architecture to conduct rigorous experiments, as shown in Figure 1 designed by the authors.

IoT security attacks have been a hot issue in recent time. This paper aimed to design a multi-class IoT attack detection model using ML algorithms. The employed four supervised ML algorithms, namely; DT, SVM, LR, and NB were used to address the proposed problem related to identifying IoT attacks. The recent Canadian Institute of Cyber Security CICIoT2023 dataset, which contains the imbalanced instances and multi-class types of attacks with six classes, was used for designing and evaluating the proposed model. The dataset was splited into 80%:20% ratio for training and testing the model, respectively. The experiments are conducted using Python in Google Co-Lab.

To evaluate the model performance, we used tabular representation (accuracy) and confusion matrix for each employed algorithm. The prominent performance result has been found. In DT, we attained the maximum prediction accuracy rate of 98.34%. DT outperforms SVM at 91.5%, LR at 75%, and Bayes classifiers (NB) at 92%. Our model performs superior accuracy in the prediction of these IoT attacks when compared to other benchmarks of ML classification approaches.

In the area of IoT threat detection, our suggested model result offers several contributions, including resolving unbalanced data issues, enhancing detection precision, increasing imbalanced data awareness, improving performance, and forwarding future directions in the area. Therefore, the result could be enhancing security, reducing response time, and enabling adaptive defense to provide a significant contribution to the domain of IoT security. The work on IoT security attack identification using ML approaches holds great promise in improving IoT security.

The findings from the multi-class IoT attack detection model highlight several urgent actions for the industry, including the need to expand and diversify datasets for reliability, build resilience against adversarial attacks, enhance detection precision through continual algorithm refinement, promote awareness and education on IoT security challenges, and foster collaboration among stakeholders, researchers, and cybersecurity experts to strengthen defense mechanisms.

The design of IoT security attack detection systems faces several limitations. Firstly, the dataset used may be too small or homogeneous, affecting the reliability and general applicability of the assessments. Secondly, adversarial attacks can manipulate IoT network traffic, potentially evading machine learning detection systems and exploiting vulnerabilities within the models or their input data, making accurate detection challenging. Lastly, the study relied solely on machine learning algorithms rather than incorporating deep learning methods, which are crucial for enhancing performance with larger datasets.

Based on the limitations mentioned earlier, the improvement of the performance of IoT attack detection model using large datasets and the appropriate deep learning algorithms with their parameters will be our future consideration in the domain.

Ethical approval and consent were not required.