
Citation: Mireille Khacho, Ruth S. Slack. Mitochondrial dynamics in neurodegeneration: from cell death to energetic states[J]. AIMS Molecular Science, 2015, 2(2): 161-174. doi: 10.3934/molsci.2015.2.161
[1] | Naila Naz, Muazzam A Khan, Suliman A. Alsuhibany, Muhammad Diyan, Zhiyuan Tan, Muhammad Almas Khan, Jawad Ahmad . Ensemble learning-based IDS for sensors telemetry data in IoT networks. Mathematical Biosciences and Engineering, 2022, 19(10): 10550-10580. doi: 10.3934/mbe.2022493 |
[2] | Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad . Multi-step attack detection in industrial networks using a hybrid deep learning architecture. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615 |
[3] | Zhongwei Li, Wenqi Jiang, Xiaosheng Liu, Kai Tan, Xianji Jin, Ming Yang . GAN model using field fuzz mutation for in-vehicle CAN bus intrusion detection. Mathematical Biosciences and Engineering, 2022, 19(7): 6996-7018. doi: 10.3934/mbe.2022330 |
[4] | Yue Li, Wusheng Xu, Wei Li, Ang Li, Zengjin Liu . Research on hybrid intrusion detection method based on the ADASYN and ID3 algorithms. Mathematical Biosciences and Engineering, 2022, 19(2): 2030-2042. doi: 10.3934/mbe.2022095 |
[5] | Hao Zhang, Lina Ge, Guifen Zhang, Jingwei Fan, Denghui Li, Chenyang Xu . A two-stage intrusion detection method based on light gradient boosting machine and autoencoder. Mathematical Biosciences and Engineering, 2023, 20(4): 6966-6992. doi: 10.3934/mbe.2023301 |
[6] | Shivani Gaba, Ishan Budhiraja, Vimal Kumar, Aaisha Makkar . Advancements in enhancing cyber-physical system security: Practical deep learning solutions for network traffic classification and integration with security technologies. Mathematical Biosciences and Engineering, 2024, 21(1): 1527-1553. doi: 10.3934/mbe.2024066 |
[7] | Hyeji Roh, Seulgi Shin, Jinseo Han, Sangsoon Lim . A deep learning-based medication behavior monitoring system. Mathematical Biosciences and Engineering, 2021, 18(2): 1513-1528. doi: 10.3934/mbe.2021078 |
[8] | Jin Wang, Liping Wang, Ruiqing Wang . MFFLR-DDoS: An encrypted LR-DDoS attack detection method based on multi-granularity feature fusions in SDN. Mathematical Biosciences and Engineering, 2024, 21(3): 4187-4209. doi: 10.3934/mbe.2024185 |
[9] | Yufeng Qian . Exploration of machine algorithms based on deep learning model and feature extraction. Mathematical Biosciences and Engineering, 2021, 18(6): 7602-7618. doi: 10.3934/mbe.2021376 |
[10] | Jiushuang Wang, Ying Liu, Huifen Feng . IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks. Mathematical Biosciences and Engineering, 2022, 19(2): 1280-1303. doi: 10.3934/mbe.2022059 |
The Internet of Things (IoT) is a network of interconnected physical devices that are embedded with sensors, software, and other technologies that enable them to collect and exchange data over the Internet. IoT is a revolutionary technology that has a signicantlly positive impact on human lives [1,2]. IoT applications are surprisingly becoming more prevalent in our society, including smart grids, smart retail, smart homes, smart cities, and smart health care [2,3,4]. The IoT is increasingly being used in a variety of products, including wearables and smart homes, with the aim of enhancing job productivity, living comfort, and entertainment [5]. The IoT architecture consists of three layers (including perception, network, and application layer), as shown in Figure 1. The perception layer is the first layer, and it consists of sensors that track, record or measure environmental factors related to physical events in an environment, temperature, moisture, or levels of pollutants. The network layer is built on top of the perception layer and comprises a variety of switches and routers that facilitate connectivity, enabling the transmission of information shared by various smart devices. The application is the last layer that consists of systems for processing and collecting data from detected objects in order to produce meaningful information that may be used to make decisions. Using this architecture, a number of essential applications have been developed, including smart grids, mobility, distribution channels, agriculture, and healthcare systems [6,7,8].
It is always necessary to secure these systems in order to prevent cyber attacks that can lead to service disruption, unauthorized access, data tampering, and illegal access [9]. Several researchers have focused on intrusion detection systems (IDS) by utilizing different machine learning (ML) and deep learning (DL) algorithms to detect malicious activities in IoT networks [10].
However, the existing systems are focused on a single layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. Moreover, the existing systems still need improvements in the detection process of cyberattacks. To overcome these limitations, this paper proposes an intrusion detection framework for IoT networks that covers all three layers in IoT architectures (including the perception layer, network layer, and application layer). The proposed hybrid model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can analyze sequential data effectively, making it a suitable choice for intrusion detection in IoT environments. In addition, this work utilized data pre-processing techniques such as cleaning, encoding, feature filtering, shuffling, and normalization. The significance of the proposed model is further reinforced by utilizing the ToN-IoT dataset, which was specifically collected for the three-layered IoT architecture. The following are the major contributions of this work:
● This paper proposes a hybrid deep learning intelligent intrusion detection framework for IoT networks. The hybrid model consists of RNN and GRU algorithms.
● This study covers all three layers in the IoT architecture (including perception layer, network layer, and application layer).
● Compared the performance of the proposed scheme with other existing advanced DL and traditional ML techniques.
The remainder of the article is organized as follows. Section 2 discusses IoT layered architecture. Section 3 presents intrusions in IoT networks. IDS and its sub-types are presented in Section 4. Section 5 discusses related work and presents a literature comparison. A step-by-step methodology of the proposed system is presented in Section 6. Section 7 provides a detailed analysis of the results and a comparison with state-of-the-art models, and also presents the discussion. This work is concluded in Section 8.
IoT networks require a flexible and layered design to link various devices, but there is no universal reference model for IoT architecture. The 3-layered IoT architecture is widely accepted and used in the literature, defining the IoT architecture in terms of the perception, network, and application layers. It provides a clear and concise framework for designing IoT systems that is easier to understand than a 5-layered architecture. However, the choice of architecture depends on the specific use case and requirements of the system being designed. Figure 1 illustrates the three-layer architecture of IoT, consisting of the perception layer, network layer, and application layer. The perception layer consists of sensors, actuators, and other devices that interact with the physical environment. The network layer is responsible for connecting the devices in the perception layer to the cloud or other back-end systems. The application layer is where the data is processed, analyzed, and used to make decisions. The importance of this figure in the present work is that it provides a high-level overview of the IoT architecture, which helps in understanding the data flow and identifying potential attack surfaces in the network. However, there are two more layers: The processing layer and business layer, in a five-layer IoT model [11]. The IoT five-layer architecture is depicted in Figure 2, this figure is important because it provides a more detailed view of the IoT network structure than the three-layer architecture. It helps readers to understand the different layers of the IoT network and how they interact with each other, each layer explains as follows.
The perception layer has a physical/hardware layer in an IoT architecture which includes real objects of various sizes and forms. This involves components such as sensors, controllers, actuators, and machines [12]. Information gathering, information processing, information storage, and object identification are all handled by this layer. Naming and addressing IoT objects are done by this layer of an IoT model. The devices in the IoT are tracked using digital identities. A Universal Unique Identifier (UUID) is one way to give an object a special identity. Similar addressing techniques, such as IPv6 and IPv4, are utilized to address objects in an IoT network [13].
For transmitting data to processing systems, such as servers, the network layer of an IoT model utilizes a variety of communication methods among physical smart devices. This communication could only be done via secure connections through cables or wireless. This layer can handle a number of technology types and can be extended for the transfer of sensor data. Several communication methods for IoT devices are presented in the existing literature, this includes Wi-Fi, Bluetooth's specialized range, ZigBee for small areas, and 4G and 5G for broad IoT environments [14].
Middleware is another name for processing layer in an IoT model. Significant amounts of data are sent to this layer via the network layer. After receiving the data, processing layer, as the name suggests, evaluates, analyses, and saves the data in the associated cloud database. Network attacks at this layer affect the security of databases and the cloud. The most well-known threats at this layer are SQL injection (SQLi) attacks, browser attacks, and flooding attacks.
The application layer of an IoT model serves as a global supervisor of the IoT application-specific services. Home automation, intelligent agriculture, smart cities, intelligent healthcare, and smart industry are a few examples of IoT applications that the application layer deals with.
The creation of reliable and effective business models, the management of business regulations, and the deployment of optimal investment are some of the major responsibilities of the business layer in an IoT network. This is based on the fact that business models are created by evaluating the effectiveness of current applications and services. The use of technology and the ways in which services are presented to customers/clients may hence be used to measure the success of the IoT system.
An IoT-based network still suffers from various problems, such as security issues, that prevent such systems from becoming widely used. Intrusion in IoT networks is a significant concern due to the widespread use of IoT devices in various domains such as healthcare, transportation, smart cities, and industrial automation. These devices are interconnected, and they continuously generate, process, and transmit sensitive data. However, the inherent vulnerabilities of IoT devices and the lack of security measures make them an easy target for cyber attackers.
IoT devices have limited processing power and memory, which makes it difficult to implement traditional security mechanisms such as firewalls, IDS, and antivirus software. Moreover, IoT devices often operate in hostile environments, such as outdoor locations and factories, which make them more susceptible to physical attacks. The combination of these factors makes it challenging to secure IoT devices from intrusions. Security vulnerabilities can be associated with each layer in IoT three/five-layer architecture models.
Several attacks associated with different layers of an IoT network are depicted in Figure 3. This figure illustrates the different types of intrusions that can occur in each layer of the IoT network. The perception layer can be attacked by physical tampering, the network layer can be attacked by eavesdropping, denial of service (DoS) attacks, and routing attacks, and the application layer can be attacked by malware and data manipulation attacks. These are presented based on IoT three-layer architecture but can be easily extended to five-layer architecture. For example, attacks such as those stemming from application layer vulnerabilities, e.g., code injection and buffer overflow, network layer vulnerabilities, e.g., congestion and black hole attacks, and perception layer vulnerabilities, e.g., jamming and eavesdropping attacks, are explained as follows.
This layer operates on the information received from the network layer in order to deliver user services. Data integrity, data dependability, customer confidentiality, and the capacity to safeguard critical/private/sensitive information are security concerns associated with this layer. As the name suggests, attacks on this layer are application-specific which will have a severe impact on the application programs. The application layer threats include phishing assaults, buffer overflows, manipulation of confidential data, and authentication and authorization attacks [12].
● Code injection: This attack involves injecting malicious content into a system by taking advantage of programming mistakes. In order to launch a code injection attack, scanning is frequently employed to obtain details about a target system. Attackers take advantage of the public nature of IoT software updates which will lead them to insert malicious code into such devices and take control of an IoT network as a whole. Code injection can be employed for a number of reasons such as data theft, gaining unauthorized access to a system, and worm propagation [15,16,17].
● Cross-site scripting (XSS): It is a cyber-attack in which a web application's weaknesses are hunted for inserting a malicious script. This suggests that phishing, cookie theft, or network attacks against an entire company might all have an impact on user information [18].
● Buffer overflow: Since a predetermined memory layout is used by many applications to store information and code chunks [16,17]. In this attack, hackers used a system's security vulnerabilities to violate the limits of the system's code and data block. Buffer overflow is one of the most frequent attacks on applications and software. As an example, an automated production program called WelinTech KinView 6.53 HistrySvr was vulnerable to heap buffer overflow [19].
● Phishing attack: In these attacks, an intruder poses as a genuine user or reputable organization to steal personal/sensitive/critical information using email is phone calls are the most popular tools used for such attacks [17,20]. DDoS, password, or scanning attacks can be used to enable phishing attacks, although they do not really start phishing attacks.
● Authentication and authorization: The protection of an IoT network's confidentiality and safety depends heavily on the authentication procedure [16]. An attacker can carry out illegal actions, like opening a door in a smart home or stealing your bank account details using Amazon Alexa due to the absence of a flawless authentication system [21].
In an IoT network devices connect to the data processing center via the network layer. The intermediate layer of an IoT system, which is also the layer with the greatest vulnerabilities, plays an important role in information coordination. There are various attacks attached to this layer such as wormhole, replication, selective forwarding, hello flood, and black hole attacks. The network layer vulnerabilities and countermeasures have received the most attention in the literature. Some of the attacks associated with this layer are detailed as follows.
● DoS attack: A denial-of-service (DoS)/ distributed denial-of-service (DDoS) attack on a network involves bombarding the target with queries, which creates a lot of communications overhead [16,17]. This kind of attack will exhaust the victim node and will lead to the legitimate users being unable to access network services [16].
● Sinkhole attack: A sinkhole attack in an IoT network layer is a type of denial-of-service (DoS) attack. In this attack, the hacker used the compromised node to draw data/information from its surrounding nodes [16,22]. An intruder may deploy a rogue node in such a network to capture network activities and then manipulate sensor information afterward [22].
● Sniffing attack: As the name suggests, in this attack hackers gather network data via sniffer sensors and programs to retrieve important/sensitive/critical information from the network [16,23].
● Man-in-the-Middle attack: Actual attacks of this kind happen when two susceptible nodes are in communication. In order to interact between two target terminals, the attacker poses as a valid node on one of the nodes [16,23,24].
● Replay attack: Attackers listen in on conversations between the sender and receiver to get data. The transmission couples periodically send the incoming signal, depleting the available communication sources In this attack, hackers eavesdrop on the conversations between the sender and the receiver to steal user information. The transmission couples periodically send the incoming signal, draining the available resources [24,25], such as computing power and backend database capacity [25]. It can be caused by various types of attacks, including DoS, XSS, and scanning.
Since this layer contains sensors and other data collection devices, sometimes it is also called sensor layer. It's crucial to provide secure connectivity for the devices in this layer. These devices, the majority of which are wireless, are more complicated and have greater potential for security vulnerabilities. This makes it challenging to apply the typical internet security rules to them. The various attacks in this layer include jamming, eavesdropping, node manipulation, and hardware hacking [12,15].
● Malicious node injection: An attacker can carry out a malicious node injection attack by physically inserting a new malicious node among a group of nodes. The attacker then alters the data and sends false information to other nodes. This type of attack is executed by the attacker through multiple nodes [26].
● Physical damage: Physical damage to IoT system components can also lead to a denial of service (DoS) attack. The attacker may physically access the device, power source, or data flow between devices to cause damage [26].
● Eavesdropping: In this attack, hackers intercept the communication by listening in on the devices and the physical layer nodes [16,24]. For instance, unauthorized users may utilize an antenna to capture information sent between two parties [12,25]. A password attack can lead to an eavesdropping attack in the IoT perception layer. An attacker who is able to access IoT devices without authorization can listen in on communications if the passwords are easily guessable or crack-able.
● Tag cloning: In RFID tag cloning, hackers copy the information of an RFID electronic tag or smart card to a cloned tag. The clone tag will then have the same characteristics as the compromised tag. An attacker can achieve this by querying it is deploying infrastructure or by using debugging to gather necessary data [16,24,25]. Tag cloning attack in the IoT perception layer is caused by a scanning attack.
● Spoofing attack: In this type of attack, hackers impersonate a legitimate tag in order to gain similar access. It can be triggered by various attacks, such as DDOS, password, XSS, etc. [12,16,24]. Additionally, this kind of attack would force nodes to resend their data, thus ramping up network packets. Additionally, it speeds up the node's energy usage which leads to shortening the node's lifespan [12].
Intrusion detection systems (IDS) are frequently used to maintain track of network activity, identify malicious behaviour, evaluate its seriousness, and alert the administrator. People who steal data or cause intrusions are referred to as intruders. The main invaders are Misfeasor (legitimate user/insider), Masquerader (unauthorized user/outsider), and clandestine User (insider/outsider) [1,2,27]. The existing literature has described various types of IDS based on different criteria such as information source, analysis process, detection technique, learning method, and knowledge base. Figure 4 illustrates the different types of intrusion detection systems (IDS) that can be used to detect network intrusions in the IoT network. The types of IDS include signature-based IDS, anomaly-based IDS, and hybrid IDS.
Host-based, network-based, and hybrid-based IDS are the three primary categories of IDS depending on information sources [28]. When implemented on a local host, the host-based intrusion detection system (HIDS) may monitor and find intrusions. It relies on the file system, system calls, and network events of the host to look for intrusions and notifies the system when the intruder tries to engage in any harmful action. This type of IDS is only able to monitor attacks against the system that they are installed on. Network-based intrusion detection system (NIDS) finds attacks by examining network-related information such as network packets, broadcast domains of network protocols, traffic volume, and IP addresses. A hybrid intrusion detection system (HIDS) is a combination of multiple IDS types. The main goal in implementing HIDS is to achieve a real-time intrusion detection mechanism [2,29].
In principle, the two primary methods of intrusion detection systems are signature-based and anomaly-based.
An anomaly-based IDS also referred to as behaviour-based detection, mimics the behaviour of users, computer systems, and networks. The intrusion detection system uses a variety of ways to build a baseline from typical behavior patterns. Any major departure of the examined pattern from the norm is marked as an anomaly. The term "intrusion" refers to a device's activity that deviates from its usual behaviour [2,29,30].
An intrusion detection system that uses different signatures for anomaly detection is called signature-based IDS. As the name implies, a signature-based IDS uses a database to record the signatures or patterns of known attacks. To create a signature, the packet's properties are extracted. When an activity is detected, the IDS looks at its signature and compares it to the patterns that have already been saved in the database. If the pattern of the captured network packet matches any known signatures an alarm is set out to the system administrator. Although signature-based IDS are highly good at seeing known attacks, it is ineffective at spotting unknown attacks (also known as zero-day attacks/threats) [2,30].
IDS is essential in an attack detection process. When such behavior is found, the administrator may also receive notifications. Various ML and DL techniques may be applied to effectively manage and categorize intrusions. Modified K-Means, support vector machine (SVM), decision tree (DT) [31], principle component analysis (PCA) [32], logistic regression (LR), random forest (RF) [33], linear discriminant analysis (LDA) [34,35], and artificial neural network (ANN) [35]. Additionally, there are classifier ensembles such as extreme gradient boosting (XGB) [36], gradient boosted machine (GBM), and extremely randomized trees (ETC) [37]. These are a few of the ML methods utilized for IDSs. Similarly, DL approaches such as convolutional neural network (CNN) [38,39], recurrent neural network (RNN) [39,40,41,42,43], long short term memory (LSTM) [39,43,44], and gated recurrent unit (GRU) [39,42,43,45] are also used in IDSs. However, the DL technique has outperformed ML, especially for large datasets. Due to their support for high-dimensional characteristics, DL algorithms are appropriate for certain IoT devices that generate significant amounts of data. Additionally, DL algorithms perform better than machine learning algorithms for rapid and accurate automatic identifying of unwanted attacks. Although the major objectives of DL IoT data processing are security and privacy, it has also been extensively employed for smart city applications, big data analytics, video processing, voice processing, and image processing [46,47]. Moreover, deep learning models outperform classical machine learning techniques in terms of performance and accuracy because they can independently extract features from large volumes of data [44].
Recent studies have also shown the effectiveness of deep learning algorithms, such as convolutional neural networks (CNNs) [38,39] and recurrent neural networks (RNNs) [39,40,41,42], for intrusion detection in IoT networks. However, to the best of our knowledge, there is limited research on the use of a hybrid of RNN and GRU for intrusion detection in IoT networks. Our proposed model combines the strengths of these two deep learning algorithms and achieves superior performance in detecting different types of attacks in IoT networks. As we utilized the hybrid of two deep learning models, RNN and GRU, both have the ability to process sequential data in real-time, which is important in the context of IoT systems where data is generated in real-time and in a continuous stream. These models can analyze patterns in the data and detect anomalies in real-time, which is critical for timely responses to potential security threats. Additionally the use of data engineering techniques (cleaning, normalization) can further improve the performance of the model and make it more practical in real-time applications. These techniques can help reduce noise in the data, improve model accuracy, and speed up model training and prediction.
An RNN model is created to determine the sequential properties of data and then use the patterns to forecast future events. The RNN models have an internal memory that constantly recalls the results of calculations made in earlier phases. Any length of input may be handled by RNN. The model size stays the same, regardless of how big the input is. RNNs' internal memory, which enables them to remember important data about the input they received, is what allows them to predict the future with such accuracy. As a result, they are the preferred algorithm for sequential data, including time series, speech, text, financial data, audio, video, and a wide variety of other forms. The vanishing gradient problem is a significant flaw in the RNN model. LSTM and GRU are used to tackle the RNN's vanishing gradient problem. To establish whether the technique is more effective at resolving the vanishing gradient problem, LSTM and GRU are compared for the initial phase of developing the model in this study. The findings indicate that the accuracy of LSTM and GRU is about equal. However, compared to the model with LSTM, the model with GRU required fewer training iterations and less time for RNN to converge. RNN with GRU was consequently more appropriate for real-time scenarios. GRU employs what is referred to as the update gate and reset gate to address the RNN's problem with vanishing gradients and also the response time of GRU is fewer [48]. This paper proposes a novel approach to intrusion detection in IoT networks using a hybrid of deep learning and intelligent intrusion detection framework that utilizes RNN and GRU algorithms. This approach can analyze sequential data, making it suitable for intrusion detection in IoT environments where data is often collected sequentially. Additionally, we explain the data pre-processing techniques we used, including cleaning, encoding, feature filtering, shuffling, and normalization, which improve the model's performance.
The proposed model aims to categorize attacks across all layers of the 3-layered IoT architecture, namely the physical, network, and application layers. Intrusion detection in IoT requires analyzing data from all layers to detect any potential threats. To validate the effectiveness of the proposed model, we conducted experiments on the ToN-IoT dataset, which was specifically gathered for the three-layered IoT architecture, making our results more reliable and applicable in real-world scenarios. Our results demonstrate that the proposed hybrid model outperforms the baseline models in terms of accuracy, precision, and recall, providing better security for IoT environments. This contribution is significant for industries that rely on IoT devices, such as healthcare, finance, and logistics, as well as for the broader security of critical infrastructure. Overall, our contribution is the proposal of a novel and effective intrusion detection model that covers all layers of the IoT architecture, analyzes sequential data, and employs hybrid deep learning algorithms.
IoT has received a lot of academic attention across the world. IoT applications are surprisingly becoming more prevalent in all spheres of society, including smart grids, smart retail, smart homes, smart cities, and health care [7]. It is always necessary to secure these systems to prevent service disruption, unauthorized access, and possible cyberattacks such as tampering, illegal access, or others in order to guarantee adequate accuracy of the data and the appropriate operation of the processes in them. The development of IDS frequently employs machine learning and deep learning (ML/DL) [43]. An intrusion detection system (IDS) is a security tool used to identify and stop unauthorized network access or attacks. An IDS is used in the context of IoT networks to shield connected devices and systems from potential threats that can jeopardize their security and functioning. It is impossible to overestimate the significance of IDS in IoT networks, which are increasingly widespread in our daily lives and frequently involved in vital infrastructure like healthcare, transportation, and energy systems. Network administrators can utilize intrusion detection systems to discover security risks in real time, respond to them, and get crucial information that can be used to stop and mitigate possible attacks.
The creation of intrusion detection systems (IDS) for Internet of Things (IoT) networks has become more and more common in recent years. These algorithms have shown to be successful at identifying patterns and anomalies in network traffic that might point to a possible intrusion. Such algorithms' use for intrusion detection in IoT networks has been addressed in a number of studies. To investigate the security aspects of IoT networks different ML algorithms like DT, RF, NB, etc., and DL algorithms such as LSTM, RNN, CNN, GRU were proposed [54] which we cover in the subsequent paragraphs. However, the DL approach has performed better in terms of accuracy than ML, particularly for huge datasets. Researchers creating ML algorithms must be clever and only extract features that can enhance the model since choosing features takes a lot of time and they won't know which features are valuable until they train and test their model. Thus, working with datasets with various dimensions is a problem for ML because it is not always easy to extract the most predictive features [49]. Furthermore, deep learning models are more accurate and perform better than traditional machine learning methods since they can independently extract characteristics from huge amounts of data [44].
Authors in [7] utilized an ensemble-based voting classifier, where the final forecast was obtained by combining the conventional ML algorithm with voting on its predictions. A study in [8] suggest that IoT devices become more capable of spotting anomalies in IoT networks when they use a stacking-based ensemble model. To increase the ensemble-based IDS's effectiveness and precision, [27] utilized ensemble-based IDS with XGBoost, which improves the accuracy.
In [50], authors discussed an overview of several machine learning techniques that can be employed to spot any harmful or out-of-the-ordinary data and present the most effective approach for two datasets, the first dataset was created from data exchanged between sensors and the second is UNSW-NB15. In [37], they examine the potential of machine learning classifying methods to protect their IoT from DoS attacks. The Classifiers are evaluated using well-known datasets such as CIDDS-001, UNSW-NB15, and NSL-KDD. To achieve ML features for cyber-security, including IoT, some cyber security experts have modified deep learning components. Aside from that, DL can develop new features that allow for problem-solving without the involvement of a person [51].
Authors in [52] presented a DL technique to find anomalies on IoT nodes in a household environment. In order to boost efficiency while using less computing power an IDS based on a deep convolutional neural network is proposed in [53]. In order to identify malicious attacks in IoT contexts, [54] presents a novel DL-based intrusion detection system to address the issues of protecting IoT nodes. The spider monkey optimization (SMO) algorithm and the stacked deep polynomial network (SDPN) are combined in their suggested model to obtain the best detection and recognized rates. SMO chooses the best attributes from the datasets, and SDPN categorises the output as normal or abnormal. Authors in [55] presents a novel ReliefF-IDS that uses ML and DL methods to uncover new attacks that existing systems are unable to prevent in an IoT network. [56] recommended using DL to identify intrusions using recurrent neural networks (RNN-IDS). They show through their experimental results that RNN-IDS is ideally suited for producing IDS with good accuracy and that it outperforms conventional ML both binary and multi-class techniques.
We are committed to studying various intrusion detection systems, or IDS, in-depth in this work in order to identify unusual activity in IoT networks at various layers. Although previous studies have proposed ML and DL algorithms for intrusion detection in IoT networks, they have not considered the three-layered architecture of IoT, and have focused on only one layer of the IoT architecture and have not addressed the challenges of detecting intrusions across multiple layers, which is the focus of our proposed hybrid approach. Moreover, previous studies have either focused on ML or DL, but not a combination of both, as proposed in our work. Therefore, our proposed approach fills the gap in the literature by addressing the shortcomings of the previous studies. Additionally, we can provide a comparative analysis of the performance of our proposed hybrid approach with the previous studies. This will help to further demonstrate the superiority of our proposed approach. We proposed a hybrid and intelligent intrusion detection framework by using two DL algorithms: RNN and GRU which outperforms the baseline models. We conclude this section with a tabular review of the most current and pertinent findings that have been published in the literature and are shown in Table 1.
Reference | Model/Attack Detection Mechanism | Dataset | IoT Layer Targeted | Evaluation Measures |
[7] | Ensemble Voting Classifier | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[8] | Stacking based Ensemble Model | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[27] | Ensemble Based IDS using XGBoost | KDDCup99 | IoT Network Layer | Accuracy, Precision, Recall, F1-Score, Confusion Matrix |
[37] | ML Classifiers (RF, AB, XGB, GBM, ETC) | CIDDS-001, UNSW-NB 15, NSL-KDD | IoT Network Layer | Accuracy, False positive Rate, AUC, Sensitivity |
[53] | Deep Convolutional Neural Network | IODIT20 | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[54] | DL-IDS(SMO with SDPN) | NSL-KDD | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[53] | Hybrid DL Based Model (LSTM-GRU) | CIC DOS, CI-CIDS 2017 and CSE-CIC IDS 2018 | X | Accuracy, Precision, Recall, F1-Score |
[45] | ReliefF-Based IDS (MNN, WKNN, SVM) | ToN-IoT Windows 10 Dataset | IoT Application Layer | Confusion Matrix, Accuracy, Precision, Recall, F1-Score |
[57] | DT, NB | TON-IoT Network Flow Dataset | IoT Network Layer | Confusion Matrix |
[58] | GraphSage Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[59] | DFF, CNN, RNN, DT, LR, NB | UNSW-NB15, CSE CIC-IDS2018, ToN-IoT Network Flow | IoT Network Layer | Accuracy, F1-Score, Detection Rate, False Alarm Rate |
[60] | CNN -Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, Loss, F1-Score |
Proposed Study | RNN-GRU | ToN-IoT (Telemetry dataset, Network Flow dataset, windows 7 &10 dataset) | IoT Perception Layer IoT Network Layer IoT Application Layer | Accuracy, Precision, Recall, F1-Score |
Models:- RF - Random Forest. AB - Adaa Boost. XGB- Extreme Gradient Boost. GBM - Gradient Boosted Machine. ETC - Extremely Randomized Trees. SMO - Spider Monkey Optimization. SDPN - Stacked Deep Polynomial Network. LSTM- Long Short-Term Memory. GRU - Gated Recurrent Unit. MNN- Medium Neural Network. WKNN- Weighted KNN. SVM - Support Vector Machine. |
IDS employs various approaches and frameworks to detect attacks, which are the essential elements of modern cyber-security techniques. IoT IDS has recently benefited from advancements in artificial intelligence (AI), including ML and DL approaches [61]. The RNN has proven to perform well with a sequence of data that has different input lengths. It remembers the past and therefore centers its decisions on what it has learned from the past. This indicates that RNNs utilize the data from their previous state as a source for their most recent prediction. It is possible to continue this procedure for an unlimited number of iterations in order to enable a network to transmit data across time using its hidden state [56].
RNN is the earliest algorithm that remembers its input because of its internal memory, which makes it perfect for machine learning problems requiring sequential data. The vanishing gradient problem, a significant flaw in the RNN model, hinders it to be correct. LSTM and GRU are used to tackle the RNN's vanishing gradient problem. GRU employs what is referred to as an update gate and reset gate to address the conventional RNN's problem with vanishing gradients. Additionally, in comparison with RNN, the response time of GRU is less. GRUs are an enhanced form of the traditional recurrent neural network (RNN) [48]. To establish which technique is more effective in resolving the vanishing gradient problem, LSTM and GRU are compared for the initial phase of the proposed model development in this study. The findings indicate that the accuracy of LSTM and GRU is about equal. However, compared to the model with LSTM, the model with GRU required fewer training iterations and less time for RNNs to converge. RNN with GRU was consequently more appropriate for real-time scenarios. Therefore, we proposed a three-layer hybrid deep learning model by combining RNN and GRU. We first initialize our Sequential model before including the layers. RNN is the first layer, dense with activation function relu is the second layer, and GRU with softmax as the activation function is the third layer that we added to our model as shown in Figure 5. This figure illustrates the proposed model for intrusion detection in the IoT network. It shows the different steps involved in the proposed model, including preprocessing the dataset, splitting the dataset into training and testing datasets, training the model using RNN, Dense, and GRU layers, and testing the model using the testing dataset. This figure is important because it provides readers with an overview of the proposed model and the steps involved in the model.
The architecture of the RNN consists of a sequence of repeating neural network modules that operate on a sequence of inputs. At each time step $ t $, the RNN takes an input $ x_t $ and a hidden state $ h_t $ from the previous time step and produces an output $ o_t $ and a new hidden state $ h_{t+1} $. This process is mathematically represented in Eqs (6.1) and (6.2).
$ ht+1=f(Wxh∗xt+Whh∗ht+b) $
|
(6.1) |
$ ot=g(Woh∗ht+1+bo) $
|
(6.2) |
where $ W_xh $, $ W_hh $, and $ W_{oh} $ are the weight matrices for the input-to-hidden, hidden-to-hidden, and hidden-to-output connections, respectively, b and $ b_o $ are the bias terms. f and g are the activation functions used in the hidden and output layers, respectively. The dense layer connects all the neurons of the previous layer to the current layer. The activation function used in the dense layer is ReLU, which is defined in Eq (6.3). The output of the dense layer is represented mathematically in Eq (6.4).
$ f(x)=max(0,x) $
|
(6.3) |
$ h=f(Wh∗x+b) $
|
(6.4) |
where $ W_h $ is the weight matrix for the dense layer, x is the input to the dense layer, and b is biased. The architecture of the GRU is similar to that of the RNN, but it uses a gating mechanism that allows the model to selectively update or forget information from the previous time step. The GRU has two gates, a reset gate and an update gate, which control the flow of information. The activation function used in the GRU is softmax, which is used to convert the output of the GRU into a probability distribution over the possible outputs. The GRU operations are mathematically represented in Eqs (6.5)–(6.8).
$ z=sigmoid(Wxz∗x+Whz∗h+bz) $
|
(6.5) |
$ r=sigmoid(Wxr∗x+Whr∗h+br) $
|
(6.6) |
$ h′=tanh(Wxh∗x+Whh∗(r∗h)+bh) $
|
(6.7) |
$ h=z∗h+(1−z)∗h′ $
|
(6.8) |
where $ W_{xz} $, $ W_{hz} $, $ W_{xr} $, $ W_{hr} $, $ W_{xh} $, $ W_{hh} $ are the weight matrices for the input-to-update gate, hidden-to-update gate, input-to-reset gate, hidden-to-reset gate, input-to-hidden, and hidden-to-hidden connections, respectively. $ b_x $, $ b_h $, $ b_r $, and $ b_z $ are the bias terms.
The input data to the model is a sequence of features that are extracted from the IoT network traffic. These features can include source and destination IP addresses, port numbers, packet size, and protocol type. Before feeding the data into the model, it is preprocessed, including normalization and scaling. The data is then divided into training, validation, and testing datasets.
During the model's training process, the weights are updated using backpropagation, which leverages gradient descent to minimize the loss function. The loss function evaluates the disparity between the predicted output and the actual output. The gradients are calculated with respect to the weights, and the weights are updated using the Adam optimization function. This can be achieved by analyzing data from each of the different layers and utilizing this information to identify patterns and anomalies that could signify an intrusion. The workflow of the model is as follows:
● To find patterns and anomalies, the first layer, RNN evaluates sequential data from the physical, network, and application layers.
● The output of the first layer is processed by the second layer, a dense layer, that learns features from it and uses them to identify patterns and anomalies.
● In order to further enhance the detection of patterns and anomalies, the third and final layer, GRU, analyzes the output of the second layer and learns long-term dependencies in the data.
The number of inputs to these layers varies depending on the features of the datasets for the three layers of the IoT network. For instance, in the telemetry dataset, we remove the date, time, and timestamp, and feed the remaining four features to the model. In the network dataset, we feed the source port, destination port, IP address, and other features to the model. Similarly, for the OS log files (such as Windows 10 or Windows 7), features are selected using the ReliefF method and provided to the model.
The dataset is created by assembling data from a variety of sources. IoT-based datasets are important for assessing IoT security and several researchers utilize them for their experiments. Many datasets are provided in the existing research for measuring the performance of IDS. For example, DARPA (1998), KDD-CUP99 (1998), NSL-KDD (2009), BOT-IOT(2018), CIC-IDS (2017), UNSWNB (2015), ISCX (2012), CIC-IDS (2017), and TON-IoT (2020). The existing datasets don't adequately capture crucial IoT/IIoT properties. For example, many IoT/IIoT services do not have a variety of normal and attack events, nor do they incorporate heterogeneous data sources. Furthermore, these datasets are not intended for three-layer architecture, in particular, [1,62]. We used TON-IOT datasets for the evaluation because this dataset is specifically designed for three-layer architecture. The data in this dataset was acquired from the telemetry data of IoT/IIoT services, Windows and Linux operating system datasets, and network traffic datasets. They were created under a variety of attack scenarios. Moreover, the data within these datasets are distinct from one another. This is because the collected datasets are coming from many sources [1,2]. The utilized TON_IoT dataset statistics is shown in the Table 2.
IoT Layers | Dataset Files | Total Record | Normal Instances | Scanning Attack | DOS / DDOS Attack | Ransom-ware Attack | Backdoor Attack | Injection Attack | XSS Attack | Password Attack | Total Attacks |
Physical Layer | IoT Fridge Sensor | 59, 944 | 35, 000 | 0 | 5000 | 2902 | 5000 | 5000 | 2042 | 5000 | 24, 944 |
Physical Layer | IoT Garage Door Sensor | 59, 587 | 35, 000 | 529 | 5000 | 2902 | 5000 | 5000 | 1156 | 5000 | 24, 587 |
Physical Layer | IoT GPS Tracker | 58, 960 | 35, 000 | 550 | 5000 | 2833 | 5000 | 5000 | 577 | 5000 | 23, 960 |
Physical Layer | IoT Modbus Sensor | 51, 106 | 35, 000 | 529 | 0 | 0 | 5000 | 5000 | 577 | 5000 | 16, 106 |
Physical Layer | IoT Motion Light Sensor | 59, 488 | 35, 000 | 1775 | 5000 | 2264 | 5000 | 5000 | 449 | 5000 | 24, 488 |
Physical Layer | IoT Thermostat Sensor | 52, 774 | 35, 000 | 61 | 0 | 2264 | 5000 | 5000 | 449 | 5000 | 17, 774 |
Physical Layer | IoT Weather Sensor | 59, 260 | 35, 000 | 529 | 5000 | 2865 | 5000 | 5000 | 866 | 5000 | 24, 260 |
Network layer | Network Flow | 461, 043 | 300, 000 | 18, 615 | 19, 986 | 13, 738 | 18, 710 | 19, 964 | 14, 516 | 19, 847 | 161, 043 |
Application Layer | windows 10 | 21, 104 | 10, 000 | 0 | 4608 | 15 | 447 | 612 | 1269 | 3628 | 11, 104 |
Application Layer | windows 7 | 15, 980 | 10, 000 | 226 | 2134 | 82 | 1779 | 998 | 4 | 757 | 5980 |
The TON IoT dataset was created by the cyber range and IoT labs at UNSW Canberra using a realistic model of a regular-size network in Australia. It comprises telemetry data of IoT/IIoT services, network traffic, and pperating systems logs of the IoT network. The comparison of the Ton-IoT dataset is presented in Table 3.
Dataset | Attack Labels | Diverse Attack Scenarios | Separate Dataset for Each IoT Layer | Year |
KDDCUP99 | Yes | No | No | 1998 |
NSL-KDD | Yes | No | No | 1998 |
LWSNDR | Yes | No | No | 2010 |
UNSW-NB15 | Yes | Yes | No | 2015 |
AWID | Yes | Yes | No | 2015 |
ISCX | Yes | Yes | No | 2017 |
UNSW-IOT | Yes | Yes | No | 2018 |
BOT-IOT | Yes | Yes | No | 2019 |
RPL-NIDDS17 | Yes | Yes | No | 2017 |
CICIDS2017 | Yes | Yes | No | 2017 |
ToN-IoT | Yes | Yes | Yes | 2020 |
Before applying any machine learning approach to the dataset, it is essential to preprocess the raw data to ensure high accuracy and improve the machine learning process. In this study, we performed several preprocessing steps on the ToN-IoT dataset, including removing duplicates, handling missing values, and scaling the data to ensure all features are on the same scale. These steps were applied to ensure the dataset is appropriately formatted and suitable for training and testing our proposed mode. To prepare the ToN-IoT dataset for the evaluation of the proposed model, we go through the following steps:
● Cleaning: Before training an ML model, a dataset must be examined for blank and undefinable entries. Any records with empty or undefinable values will cause problems during model training. There are several methods for cleaning datasets with empty and undefinable entries. In this experiment, we employed the ToN-IoT datasets that included physical layer/telemetry, network traffic, and OS logs. We leveraged Python libraries, including Pandas and NumPy, to verify the datasets for missing and/or infinite values as part of the cleaning process. Boolean functions were used to check for missing and/or unending values. False indicates that the dataset is clean, whereas true indicates the presence of missing or infinite values. The first layer of the dataset did not contain any empty or undefined entries, whereas the second and third layers of the datasets had missing value records. To address the issue of missing values, we filled in the missing values using the median of each feature.
● Features encoding: Feature encoding is the process of transforming categorical attributes into numerical ones. The label encoding (LE) technique is employed where each categorical attribute value is converted to numeric values.
● Features filtering: Each dataset has a different set of features, and certain features may cause over-fitting or under-fitting, leading to a negative impact on the model's performance. Therefore, some features should be excluded from the dataset. Another issue is the time complexity associated with these features, particularly for datasets with numerous features, including insignificant ones that cannot affect the output label. For feature selection, there are primarily three techniques: intrinsic, wrapper, and filter methods. For the telemetry dataset, we remove the date, time, and timestamp features. According to [62], these three features may contribute to the issue of over-fitting while the dataset is being trained using ML algorithms. Timestamp, source port, destination port, and IP address were removed from the network layer data of the dataset because they had the potential to cause over-fitting of ML algorithms during the training phase. For the OS log files, such as Windows 10 or Windows 7, the features were selected using the ReliefF method. The Windows 7 dataset contained 133 features, including two additional class-label features for either normal or attack data. The twenty-five most important features were selected using the ReliefF method. Similarly, the Windows 10 dataset contained 125 features along with the class label and attack type parameters [62]. Twenty important features were selected for the Windows 10 dataset using the ReliefF method, which were then fed into the model.
● Balancing strategies: Each dataset comprises numerous records. We need to ensure that each class has the same amount of occurrences or small changes before training and testing the model. Under-sampling and over-sampling are the two main strategies for balancing the number of instances in each class. For balancing the network dataset and OS log files dataset, we utilized synthetic minority oversampling technique (SMOTE) method [63,64]. This is applied to attack classes. The SMOTE technique eliminates the over-fitting problem by offering artificial minority class samples. For the scientific community in unbalanced classification, SMOTE pre-processing approach became a pioneer. In ML and data mining, SMOTE is regarded as one of the most important data pre-processing/sampling methods [63].
● Normalization: Scaling, mapping, and other pre-processing techniques are examples of normalization. It involves transforming the data to create a new data range based on an existing one. Normalization can be quite beneficial for prediction or forecasting purposes as it helps to remove any variations or biases in the data, making it easier for the model to learn the underlying patterns and relationships [65]. In the normalization process, data is adjusted to fit within a specific range, typically between 0 and 1. If the dataset already has values in a similar range, normalization may not be necessary. However, for datasets with values that are vastly different in range, such as one feature having values between 0 and 1 while another has values between 100 and 1000, normalization becomes crucial to ensure the model is properly trained. One of the most commonly used techniques for normalization is the Min-Max Scaler approach [66]. In this paper, we standardized values between 0 and 1 using this approach to scale our research data.
The experimental findings and comparisons of the suggested model with state-of-the-art approaches in several layers are presented in this section.
The proposed model's effectiveness was tested on a machine used for testing that had an Intel (R) Core (TM) i5 CPU with a clock speed of 3.20 GHz, 8 GB of RAM, and was running on the Windows 10 Pro operating system. The model was implemented using Python 3.0 programming language in VScode and Jupyter notebook with ipynb support. VScode is a popular code editor, and Jupyter notebook is an interactive computing environment that allows for easy experimentation with code. The fact that the model outputs results after each cell of the code is important because it allows for easy debugging and troubleshooting. TensorFlow's Keras package was used for implementing the model. Keras is a high-level neural network API that makes it easy to build and train deep learning models. The use of Keras simplifies the implementation of the model and can save time and effort.
True positive (TP), true negative (TN), false positive (FP), and false negative (FN) values are used to evaluate the performance of a model. In addition to these values, existing research has used precision, recall, F1-score, and accuracy to evaluate the performance of the model. Therefore, we have used all these metrics to evaluate our proposed model and compare our results with existing work.
Our proposed model was tested through three experiments. The first experiment focused on the Telemetry or physical layer dataset. The second experiment examined the network traffic or network layer dataset of ToN-IoT, while the third experiment evaluated the OS log files of both Windows 10 and Windows 7 datasets. The model was trained over ten epochs, utilizing the binary-cross entropy function for loss. We used two optimization functions including Adam and Adamax optimizers to test the proposed model.
The Perception layer plays a critical role in gathering data from a variety of IoT devices and sensors. To assess the performance of the proposed model for binary classification of cyberattacks, we utilized the Perception layer data of the ToN-IoT dataset, which includes data from seven different IoT devices. To evaluate the proposed model's performance on heterogeneous sensor data, we combined the seven individual sensor data into a single CSV file, and the results for the merged file are shown alongside the individual files in Table 4. The results indicate that Adam performs better than Adamax. Table 5 compares the binary classification results of the proposed model with the most recent approaches. According to the results, the proposed Hybrid model outperforms existing models for the majority of the data files from individual IoT sensors.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Garage Door | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT GPS Tracker | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Modbus | Adam | 0.85 | 0.85 | 0.8 | 0.78 |
Sensor | Adamax | 0.83 | 0.82 | 0.79 | 0.76 |
IoT Motion | Adam | 0.8 | 0.8 | 0.78 | 0.8 |
Light Sensor | Adamax | 0.75 | 0.78 | 0.75 | 0.74 |
IoT Thermostat | Adam | 0.98 | 0.99 | 0.98 | 0.98 |
Sensor | Adamax | 0.93 | 0.95 | 0.91 | 0.93 |
IoT Weather | Adam | 0.8 | 0.83 | 0.86 | 0.84 |
Sensor | Adamax | 0.78 | 0.79 | 0.82 | 0.81 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | [4], [24] | LR | 0.57 | 0.34 | 0.58 | 0.43 |
LDA | 0.77 | 0.79 | 0.77 | 0.77 | ||
RF | 0.97 | 0.97 | 0.97 | 0.97 | ||
NB | 0.5 | 0.53 | 0.51 | 0.51 | ||
SVM | 0.81 | 0.86 | 0.82 | 0.8 | ||
LSTM | 1 | 1 | 1 | 1 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Garage Door | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT GPS Tracker | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Modbus Sensor | [4], [24] | LR | 0.67 | 0.46 | 0.68 | 0.55 |
LDA | 0.67 | 0.46 | 0.68 | 0.55 | ||
RF | 0.97 | 0.98 | 0.98 | 0.98 | ||
NB | 0.67 | 0.46 | 0.68 | 0.55 | ||
SVM | 0.67 | 0.46 | 0.68 | 0.55 | ||
LSTM | 0.68 | 0.47 | 0.68 | 0.55 | ||
Proposed Study | 0.85 | 0.8 | 0.78 | 0.8 | ||
IoT Motion Light | [4], [24] | LR | 0.58 | 0.34 | 0.59 | 0.43 |
LDA | 0.58 | 0.34 | 0.59 | 0.43 | ||
RF | 0.58 | 0.34 | 0.59 | 0.43 | ||
NB | 0.58 | 0.34 | 0.59 | 0.43 | ||
SVM | 0.58 | 0.34 | 0.59 | 0.43 | ||
LSTM | 0.59 | 0.35 | 0.59 | 0.44 | ||
Proposed Study | 0.8 | 0.78 | 0.78 | 0.8 | ||
IoT Thermostat Sen | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 0.91 | 0.91 | 0.92 | 0.9 | ||
IoT Weather Sen | [4], [24] | LR | 0.58 | 0.6 | 0.59 | 0.53 |
LDA | 0.6 | 0.59 | 0.6 | 0.53 | ||
RF | 0.84 | 0.84 | 0.84 | 0.84 | ||
NB | 0.69 | 0.72 | 0.69 | 0.67 | ||
SVM | 0.63 | 0.68 | 0.63 | 0.55 | ||
LSTM | 0.82 | 0.82 | 0.81 | 0.8 | ||
Proposed Study | 0.99 | 0.97 | 0.96 | 0.95 | ||
Combined | [4], [24] | LR | 0.61 | 0.37 | 0.61 | 0.46 |
Data Files | LDA | 0.68 | 0.74 | 0.68 | 0.62 | |
RF | 0.85 | 0.87 | 0.85 | 0.85 | ||
NB | 0.62 | 0.63 | 0.62 | 0.51 | ||
SVM | 0.61 | 0.37 | 0.61 | 0.46 | ||
LSTM | 0.81 | 0.83 | 0.81 | 0.8 | ||
Proposed Study | 0.83 | 0.86 | 0.86 | 0.83 |
The proposed hybrid model has been evaluated for binary class classification on the network layer data of the ToN-IoT dataset. We conducted experiments using the Adam and Adamax optimization functions, and the assessment results are presented in Table 6. Based on the results evaluations, the Adam optimizer performance is optimum for the selected dataset. For the network layer dataset, the proposed model delivers excellent classification performance, achieving a 99% accuracy, 98% precision, 99% recall, and 98% F1-Measure score. Comparison of the proposed model with the existing solutions, as shown in Table 7. The results indicate that the proposed hybrid model outperforms existing techniques.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Network Flow | Adam | 0.99 | 0.98 | 0.98 | 0.99 |
Dataset | Adamax | 0.97 | 0.96 | 0.95 | 0.96 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Network Traffic | [25] | DT | 0.97 | 0.96 | 0.96 | 0.95 |
RF | 0.96 | 0.95 | 0.97 | 0.93 | ||
KNN | 0.97 | 0.98 | 0.95 | 0.94 | ||
XGB | 0.98 | 0.97 | 0.94 | 0.92 | ||
Proposed Study | 0.99 | 0.99 | 0.98 | 0.97 |
The proposed hybrid model has been evaluated for binary classification on the application layer data of the ToN-IoT dataset. The evaluation results of our experiments using the Adam and Adamax optimization functions are presented in Table 8. The results show that the model achieved optimal performance on Adam optimizer with 98% accuracy, 98% precision, 97% recall, and 98% F1-Measure score for the windows 10 log files. Similarly, for the windows 7 log files dataset, the binary classification performance achieved 84% accuracy, 85% precision, 84% recall, and 87% F1-Measure. The performance of the Adam optimizer was found optimal for windows 10 data files based on the result assessments. The findings of the evaluation indicate that the Adam optimizer yields the best results for the selected dataset. Table 9 show binary classification results of the proposed model are compared with those of the latest approaches. The outcomes indicate that the proposed hybrid model performance is optimum as compared to the existing techniques.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Windows 10 | Adam | 0.98 | 0.98 | 0.97 | 0.98 |
Adamax | 0.94 | 0.95 | 0.94 | 0.95 | |
Windows 7 | Adam | 0.99 | 0.95 | 0.94 | 0.96 |
Adamax | 0.94 | 0.89 | 0.86 | 0.84 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Windows 7 | [12] | KNN | 0.92 | 0.68 | 0.95 | 0.79 |
SVM | 0.75 | 0.006 | 0.006 | 0.006 | ||
Proposed Study | 0.98 | 0.97 | 0.98 | 0.97 | ||
Windows 10 | [19] | RF | 0.9 | 0.94 | 0.92 | 0.91 |
NB | 0.92 | 0.82 | 0.85 | 0.87 | ||
DT | 0.93 | 0.94 | 0.92 | 0.9 | ||
Proposed Study | 0.88 | 0.94 | 0.96 | 0.9 |
The proposed model is employed for multi-class classification using the Perception layer data files of the ToN-IoT datasets. The ToN-IoT dataset includes a feature known as "type", which contains 7 unique names for IoT attacks. The type of attack that occurs is determined through multi-classifications. The results of the multi-classification for perception-layer data files are presented in Table 10, indicating that the Adam optimizer outperforms Adamax.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | Adam | 0.78 | 0.79 | 0.76 | 0.68 |
Adamax | 0.75 | 0.72 | 0.7 | 0.62 | |
IoT Garage Door | Adam | 0.85 | 0.83 | 0.85 | 0.85 |
Adamax | 0.78 | 0.77 | 0.79 | 0.76 | |
IoT GPS Tracker | Adam | 0.95 | 0.95 | 0.95 | 0.95 |
Adamax | 0.88 | 0.87 | 0.85 | 0.85 | |
IoT Modbus Sensor | Adam | 0.98 | 0.97 | 0.97 | 0.98 |
Adamax | 0.91 | 0.9 | 0.91 | 0.89 | |
IoT Motion Light | Adam | 0.76 | 0.75 | 0.78 | 0.76 |
Adamax | 0.72 | 0.69 | 0.71 | 0.68 | |
IoT Thermostat | Adam | 0.86 | 0.87 | 0.88 | 0.87 |
Adamax | 0.76 | 0.8 | 0.81 | 0.79 | |
IoT Weather | Adam | 0.98 | 0.99 | 0.99 | 0.97 |
Adamax | 0.95 | 0.96 | 0.93 | 0.94 |
The proposed hybrid model was evaluated for multi-class classification on the network layer data of the ToN-IoT dataset. We conducted experiments using the Adam and Adamax optimization functions and present the assessment results in Table 11. Based on the evaluation results, it is observed that the Adam optimizer outperforms the Adamax optimizer for the selected dataset. The proposed model delivers excellent multi-class classification performance for the network layer dataset, achieving 99% accuracy, 98% precision, 98% recall, and 97% F1-Measure score.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Network Traffic | Adam | 0.99 | 0.99 | 0.98 | 0.97 |
Adamax | 0.96 | 0.95 | 0.97 | 0.93 |
Table 12 presents the proposed model results on application layer data of the utilized dataset. The results indicate that our proposed model achieved optimal results using the Adam optimizer, delivering excellent multi-class classification performance for the windows 7 log files dataset in the application layer. The model achieved an 88% accuracy, 86% precision, 97% recall, and 88% F1-Measure score. Similarly, for the windows 10 log files dataset, the multi-class classification performance achieved 84% accuracy, 85% precision, 84% recall, and 87% F1-Measure.
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Windows 7 | Adam | 0.88 | 0.86 | 0.87 | 0.88 |
Adamax | 0.81 | 0.8 | 0.79 | 0.8 | |
windows 10 | Adam | 0.84 | 0.85 | 0.84 | 0.87 |
Adamax | 0.78 | 0.79 | 0.78 | 0.79 |
In order to evaluate the performance of our proposed system, we conducted a comparative analysis with existing research that was developed for the same ToN-IoT 2020 dataset. To assess the effectiveness of our model, we employed several evaluation criteria, including accuracy, precision, recall, and f1-measure, and compared the results with those obtained by existing systems from the literature.
This study proposes a novel intrusion detection system for IoT based on a hybrid RNN and GRU model. The proposed approach is validated on the ToN-IoT datasets, demonstrating its effectiveness in detecting a range of common attacks and outperforming existing state-of-the-art approaches. This work has important implications for the field of intrusion detection in IoT, as it showcases the potential of DL techniques for improving the accuracy and effectiveness of existing systems. By optimizing the proposed approach through extensive data engineering, we achieved significant improvements in performance, which could have important implications for real-world applications of intrusion detection in IoT. However, there are still some limitations to the proposed approach that should be addressed in future research. For example, the proposed system heavily relies on the ToN-IoT dataset, which may not fully capture the range of attacks that might be encountered in real-world scenarios.
The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.
The authors are thankful to the Deanship of Scientific Research at Najran University for funding this work under the Research Groups Funding program grant code (NU/RG/SERC/12/3).
The authors declare there is no conflict of interest.
[1] |
Newmeyer DD, Ferguson-Miller S (2003) Mitochondria: releasing power for life and unleashing the machineries of death. Cell 112: 481-490. doi: 10.1016/S0092-8674(03)00116-8
![]() |
[2] | Attwell D, Laughlin SB (2001) An energy budget for signaling in the grey matter of the brain. J Cereb Blood Flow Metab 21: 1133-1145. |
[3] | Kann O, Kovács R (2007) Mitochondria and neuronal activity. Am J Physiol Cell Physiol 292: C641-C657. |
[4] |
Detmer SA, Chan DC (2007) Functions and dysfunctions of mitochondrial dynamics. Nat Rev Mol Cell Biol 8: 870-879. doi: 10.1038/nrm2275
![]() |
[5] | Chan DC (2006) Mitochondria: dynamic organelles in disease, aging, and development. Cell125: 1241-1252. |
[6] |
Nunnari J, Suomalainen A (2012) Mitochondria: in sickness and in health. Cell 148: 1145-1159. doi: 10.1016/j.cell.2012.02.035
![]() |
[7] | Burté F, Carelli V, Chinnery PF, et al. (2015) Disturbed mitochondrial dynamics and neurodegenerative disorders. Nat Rev Neurol 11: 11-24. |
[8] |
Archer SL (2013) Mitochondrial dynamics--mitochondrial fission and fusion in human diseases. N Engl J Med 369: 2236-2251. doi: 10.1056/NEJMra1215233
![]() |
[9] |
Itoh K, Nakamura K, Iijima M, et al. (2013) Mitochondrial dynamics in neurodegeneration. Trends Cell Biol 23: 64-71. doi: 10.1016/j.tcb.2012.10.006
![]() |
[10] |
Benard G, Rossignol R (2008) Ultrastructure of the mitochondrion and its bearing on function and bioenergetics. Antioxid Redox Signal 10: 1313-1342. doi: 10.1089/ars.2007.2000
![]() |
[11] |
Chan DC (2012) Fusion and fission: interlinked processes critical for mitochondrial health. Annu Rev Genet 46: 265-287. doi: 10.1146/annurev-genet-110410-132529
![]() |
[12] |
Liesa M, Shirihai OS (2013) Mitochondrial Dynamics in the Regulation of Nutrient Utilization and Energy Expenditure. Cell Metabolism 17: 491-506. doi: 10.1016/j.cmet.2013.03.002
![]() |
[13] | Khacho M, Tarabay M, Patten D, et al. (2014) Acidosis overrides oxygen deprivation to maintain mitochondrial function and cell survival. Nat Commun 5: 3550. |
[14] | Stroud DA, Ryan MT (2013) Mitochondria: Organization of Respiratory Chain Complexes Becomes Cristae-lized. CURBIO 23: R969-R971. |
[15] | Germain M (2015) OPA1 and mitochondrial solute carriers in bioenergetic metabolism. Mol Cell Oncol [in press]. |
[16] |
Patten DA, Wong J, Khacho M, et al. (2014) OPA1-dependent cristae modulation is essential for cellular adaptation to metabolic demand. EMBO J 33: 2676-2691. doi: 10.15252/embj.201488349
![]() |
[17] |
Cogliati S, Frezza C, Soriano ME, et al. (2013) Mitochondrial cristae shape determines respiratory chain supercomplexes assembly and respiratory efficiency. Cell 155: 160-171. doi: 10.1016/j.cell.2013.08.032
![]() |
[18] |
Mannella CA (2006) Structure and dynamics of the mitochondrial inner membrane cristae. Biochimica et Biophysica Acta (BBA). Mol Cell Res 1763: 542-548. doi: 10.1016/j.bbamcr.2006.04.006
![]() |
[19] |
Song Z, Ghochani M, McCaffery JM, et al. (2009) Mitofusins and OPA1 mediate sequential steps in mitochondrial membrane fusion. Mol Biol Cell 20: 3525-3532. doi: 10.1091/mbc.E09-03-0252
![]() |
[20] |
Cipolat S, Martins de Brito O, Dal Zilio B, et al. (2004) OPA1 requires mitofusin 1 to promote mitochondrial fusion. Proc Natl Acad Sci USA 101: 15927-15932. doi: 10.1073/pnas.0407043101
![]() |
[21] |
Chen H, Detmer SA, Ewald AJ, et al. (2003) Mitofusins Mfn1 and Mfn2 coordinately regulate mitochondrial fusion and are essential for embryonic development. J Cell Biol 160: 189-200. doi: 10.1083/jcb.200211046
![]() |
[22] |
Meeusen S, DeVay R, Block J, et al. (2006) Mitochondrial inner-membrane fusion and crista maintenance requires the dynamin-related GTPase Mgm1. Cell 127: 383-395. doi: 10.1016/j.cell.2006.09.021
![]() |
[23] |
Frezza C, Cipolat S, Martins de Brito O, et al. (2006) OPA1 controls apoptotic cristae remodeling independently from mitochondrial fusion. Cell 126: 177-189. doi: 10.1016/j.cell.2006.06.025
![]() |
[24] |
Smirnova E, Griparic L, Shurland DL, et al. (2001) Dynamin-related protein Drp1 is required for mitochondrial division in mammalian cells. Mol Biol Cell 12: 2245-2256. doi: 10.1091/mbc.12.8.2245
![]() |
[25] |
Losón OC, Song Z, Chen H, et al. (2013) Fis1, Mff, MiD49, and MiD51 mediate Drp1 recruitment in mitochondrial fission. Mol Biol Cell 24: 659-667. doi: 10.1091/mbc.E12-10-0721
![]() |
[26] |
Li S, Xu S, Roelofs BA, et al. (2015) Transient assembly of F-actin on the outer mitochondrial membrane contributes to mitochondrial fission. J Cell Biol 208: 109-123. doi: 10.1083/jcb.201404050
![]() |
[27] |
Friedman JR, Lackner LL, West M, et al. (2011) ER tubules mark sites of mitochondrial division. Science 334: 358-362. doi: 10.1126/science.1207385
![]() |
[28] |
Korobova F, Ramabhadran V, Higgs HN (2013) An actin-dependent step in mitochondrial fission mediated by the ER-associated formin INF2. Science 339: 464-467. doi: 10.1126/science.1228360
![]() |
[29] |
Gomes LC, Di Benedetto G, Scorrano L (2011) During autophagy mitochondria elongate, are spared from degradation and sustain cell viability. Nat Cell Biol 13: 589-598. doi: 10.1038/ncb2220
![]() |
[30] |
Tondera D, Grandemange S, Jourdain A, et al. (2009) SLP-2 is required for stress-induced mitochondrial hyperfusion. EMBO J 28: 1589-1600. doi: 10.1038/emboj.2009.89
![]() |
[31] |
Mannella CA (2006) The relevance of mitochondrial membrane topology to mitochondrial function. Biochim Biophys Acta 1762: 140-147. doi: 10.1016/j.bbadis.2005.07.001
![]() |
[32] |
Gomes LC, Di Benedetto G, Scorrano L (2011) Essential amino acids and glutamine regulate induction of mitochondrial elongation during autophagy. Cell Cycle 10: 2635-2639. doi: 10.4161/cc.10.16.17002
![]() |
[33] |
Molina AJA, Wikstrom JD, Stiles L, et al. (2009) Mitochondrial networking protects beta-cells from nutrient-induced apoptosis. Diabetes 58: 2303-2315. doi: 10.2337/db07-1781
![]() |
[34] | Khacho M, Tarabay M, Patten D, et al. (2014) Acidosis overrides oxygen deprivation to maintain mitochondrial function and cell survival. Nat Commun 5: 3550. |
[35] |
Kijima K, Numakura C, Izumino H, et al. (2005) Mitochondrial GTPase mitofusin 2 mutation in Charcot-Marie-Tooth neuropathy type 2A. Hum Genet 116: 23-27. doi: 10.1007/s00439-004-1199-2
![]() |
[36] |
Züchner S, Mersiyanova IV, Muglia M, et al. (2004) Mutations in the mitochondrial GTPase mitofusin 2 cause Charcot-Marie-Tooth neuropathy type 2A. Nat Genet 36: 449-451. doi: 10.1038/ng1341
![]() |
[37] |
Alexander C, Votruba M, Pesch UE, et al. (2000) OPA1, encoding a dynamin-related GTPase, is mutated in autosomal dominant optic atrophy linked to chromosome 3q28. Nat Genet 26:211-215. doi: 10.1038/79944
![]() |
[38] |
Delettre C, Lenaers G, Griffoin JM, et al. (2000) Nuclear gene OPA1, encoding a mitochondrial dynamin-related protein, is mutated in dominant optic atrophy. Nat Genet 26: 207-210. doi: 10.1038/79936
![]() |
[39] |
Knott AB, Perkins G, Schwarzenbacher R, et al. (2008) Mitochondrial fragmentation in neurodegeneration. Nat Rev Neurosci 9: 505-518. doi: 10.1038/nrn2417
![]() |
[40] |
Cavallucci V, Bisicchia E, Cencioni MT, et al. (2014) Acute focal brain damage alters mitochondrial dynamics and autophagy in axotomized neurons. Cell Death Disease 5: e1545-12. doi: 10.1038/cddis.2014.511
![]() |
[41] |
Oettinghaus B, Licci M, Scorrano L, et al. (2012) Less than perfect divorces: dysregulated mitochondrial fission and neurodegeneration. Acta Neuropathol 123: 189-203. doi: 10.1007/s00401-011-0930-z
![]() |
[42] |
Dodson MW, Guo M (2007) Pink1, Parkin, DJ-1 and mitochondrial dysfunction in Parkinson's disease. Curr Opin Neurobiol 17: 331-337. doi: 10.1016/j.conb.2007.04.010
![]() |
[43] |
Wood-Kaczmar A, Gandhi S, Wood NW (2006) Understanding the molecular causes of Parkinson's disease. Trends Mol Med 12: 521-528. doi: 10.1016/j.molmed.2006.09.007
![]() |
[44] |
Yang Y, Ouyang Y, Yang L, et al. (2008) Pink1 regulates mitochondrial dynamics through interaction with the fission/fusion machinery. Proc Natl Acad Sci USA 105: 7070-7075. doi: 10.1073/pnas.0711845105
![]() |
[45] |
Deng H, Dodson MW, Huang H, et al. (2008) The Parkinson's disease genes pink1 and parkin promote mitochondrial fission and/or inhibit fusion in Drosophila. Proc Natl Acad Sci USA 105:14503-14508. doi: 10.1073/pnas.0803998105
![]() |
[46] |
Poole AC, Thomas RE, Andrews LA, et al. (2008) The PINK1/Parkin pathway regulates mitochondrial morphology. Proc Natl Acad Sci USA 105: 1638-1643. doi: 10.1073/pnas.0709336105
![]() |
[47] |
Wang H, Song P, Du L, et al. (2011) Parkin ubiquitinates Drp1 for proteasome-dependent degradation: implication of dysregulated mitochondrial dynamics in Parkinson disease. J Biol Chem 286: 11649-11658. doi: 10.1074/jbc.M110.144238
![]() |
[48] |
Wang X, Yan MH, Fujioka H, et al. (2012) LRRK2 regulates mitochondrial dynamics and function through direct interaction with DLP1. Hum Mol Genet 21: 1931-1944. doi: 10.1093/hmg/dds003
![]() |
[49] |
Niu J, Yu M, Wang C, et al. (2012) Leucine-rich repeat kinase 2 disturbs mitochondrial dynamics via Dynamin-like protein. J Neurochem 122: 650-658. doi: 10.1111/j.1471-4159.2012.07809.x
![]() |
[50] |
Wang X, Su B, Lee H-G, et al. (2009) Impaired balance of mitochondrial fission and fusion in Alzheimer's disease. J Neurosci 29: 9090-9103. doi: 10.1523/JNEUROSCI.1357-09.2009
![]() |
[51] |
Calkins MJ, Manczak M, Mao P, et al. (2011) Impaired mitochondrial biogenesis, defective axonal transport of mitochondria, abnormal mitochondrial dynamics and synaptic degeneration in a mouse model of Alzheimer's disease. Hum Mol Genet 20: 4515-4529. doi: 10.1093/hmg/ddr381
![]() |
[52] |
Manczak M, Calkins MJ, Reddy PH (2011) Impaired mitochondrial dynamics and abnormal interaction of amyloid beta with mitochondrial protein Drp1 in neurons from patients with Alzheimer's disease: implications for neuronal damage. Hum Mol Genet 20: 2495-2509. doi: 10.1093/hmg/ddr139
![]() |
[53] |
Bossy-Wetzel E, Petrilli A, Knott AB (2008) Mutant huntingtin and mitochondrial dysfunction. Trends Neurosci 31: 609-616. doi: 10.1016/j.tins.2008.09.004
![]() |
[54] |
Song W, Chen J, Petrilli A, et al. (2011) Mutant huntingtin binds the mitochondrial fission GTPase dynamin-related protein-1 and increases its enzymatic activity. Nat Med 17: 377-382. doi: 10.1038/nm.2313
![]() |
[55] |
Jendrach M, Pohl S, Vöth M, et al. (2005) Morpho-dynamic changes of mitochondria during ageing of human endothelial cells. Mech Ageing Dev 126: 813-821. doi: 10.1016/j.mad.2005.03.002
![]() |
[56] |
Chauhan A, Vera J, Wolkenhauer O (2014) The systems biology of mitochondrial fission and fusion and implications for disease and aging. Biogerontology 15: 1-12. doi: 10.1007/s10522-013-9474-z
![]() |
[57] |
Scheckhuber CQ, Erjavec N, Tinazli A, et al. (2007) Reducing mitochondrial fission results in increased life span and fitness of two fungal ageing models. Nat Cell Biol 9: 99-105. doi: 10.1038/ncb1524
![]() |
[58] | Crane JD, Devries MC, Safdar A, et al. (2010) The effect of aging on human skeletal muscle mitochondrial and intramyocellular lipid ultrastructure. J Gerontol A Biol Sci Med Sci 65:119-128. |
[59] |
Daum B, Walter A, Horst A, et al. (2013) Age-dependent dissociation of ATP synthase dimers and loss of inner-membrane cristae in mitochondria. Proc Natl Acad Sci USA 110:15301-15306. doi: 10.1073/pnas.1305462110
![]() |
[60] | Stauch KL, Purnell PR, Fox HS (2014) Aging synaptic mitochondria exhibit dynamic proteomic changes while maintaining bioenergetic function. Aging (Albany NY) 6: 320-334. |
[61] |
Barsoum MJ, Yuan H, Gerencser AA, et al. (2006) Nitric oxide-induced mitochondrial fission is regulated by dynamin-related GTPases in neurons. EMBO J 25: 3900-3911. doi: 10.1038/sj.emboj.7601253
![]() |
[62] |
Frank S, Gaume B, Bergmann-Leitner ES, et al. (2001) The role of dynamin-related protein 1, a mediator of mitochondrial fission, in apoptosis. Dev Cell 1: 515-525. doi: 10.1016/S1534-5807(01)00055-7
![]() |
[63] |
Almeida A, Delgado-Esteban M, Bolaños JP, et al. (2002) Oxygen and glucose deprivation induces mitochondrial dysfunction and oxidative stress in neurones but not in astrocytes in primary culture. J Neurochem 81: 207-217. doi: 10.1046/j.1471-4159.2002.00827.x
![]() |
[64] | Schinder AF, Olson EC, Spitzer NC, et al. (1996) Mitochondrial dysfunction is a primary event in glutamate neurotoxicity. J Neurosci 16: 6125-6133. |
[65] |
Grohm J, Kim S-W, Mamrak U, et al. (2012) Inhibition of Drp1 provides neuroprotection in vitro and in vivo. Cell Death Differ 19: 1446-1458. doi: 10.1038/cdd.2012.18
![]() |
[66] |
Jahani-Asl A, Pilon-Larose K, Xu W, et al. (2011) The mitochondrial inner membrane GTPase, optic atrophy 1 (Opa1), restores mitochondrial morphology and promotes neuronal survival following excitotoxicity. J Biol Chem 286: 4772-4782. doi: 10.1074/jbc.M110.167155
![]() |
[67] |
Jahani-Asl A, Cheung EC, Neuspiel M, MacLaurin JG, Fortin A, et al. (2007) Mitofusin 2 protects cerebellar granule neurons against injury-induced cell death. J Biol Chem 282:23788-23798. doi: 10.1074/jbc.M703812200
![]() |
[68] |
Zanelli SA, Trimmer PA, Solenski NJ (2006) Nitric oxide impairs mitochondrial movement in cortical neurons during hypoxia. J Neurochem 97: 724-736. doi: 10.1111/j.1471-4159.2006.03767.x
![]() |
[69] |
Liu X, Hajnoczky G (2011) Altered fusion dynamics underlie unique morphological changes in mitochondria during hypoxia-reoxygenation stress. Cell Death Differ 18: 1561-1572. doi: 10.1038/cdd.2011.13
![]() |
[70] |
Dagda RK, Cherra SJ, Kulich SM, et al. (2009) Loss of PINK1 function promotes mitophagy through effects on oxidative stress and mitochondrial fission. J Biol Chem 284: 13843-13855. doi: 10.1074/jbc.M808515200
![]() |
[71] |
Lutz AK, Exner N, Fett ME, et al. (2009) Loss of parkin or PINK1 function increases Drp1-dependent mitochondrial fragmentation. J Biol Chem 284: 22938-22951. doi: 10.1074/jbc.M109.035774
![]() |
[72] |
Grünewald A, Gegg ME, Taanman J-W, et al. (2009) Differential effects of PINK1 nonsense and missense mutations on mitochondrial function and morphology. Exp Neurol 219: 266-273. doi: 10.1016/j.expneurol.2009.05.027
![]() |
[73] |
Cui M, Tang X, Christian WV, et al. (2010) Perturbations in mitochondrial dynamics induced by human mutant PINK1 can be rescued by the mitochondrial division inhibitor mdivi-1. J Biol Chem 285: 11740-11752. doi: 10.1074/jbc.M109.066662
![]() |
[74] |
Rappold PM, Cui M, Grima JC, et al. (2014) Drp1 inhibition attenuates neurotoxicity and dopamine release deficits in vivo. Nat Commun 5: 5244. doi: 10.1038/ncomms6244
![]() |
[75] |
Su Y-C, Qi X (2013) Inhibition of excessive mitochondrial fission reduced aberrant autophagy and neuronal damage caused by LRRK2 G2019S mutation. Hum Mol Genet 22: 4545-4561. doi: 10.1093/hmg/ddt301
![]() |
[76] |
Zhang N, Wang S, Li Y, et al. (2013) A selective inhibitor of Drp1, mdivi-1, acts against cerebral ischemia/reperfusion injury via an anti-apoptotic pathway in rats. Neurosci Lett 535:104-109. doi: 10.1016/j.neulet.2012.12.049
![]() |
[77] | Cui M, Ding H, Chen F, et al. (2014) Mdivi-1 Protects Against Ischemic Brain Injury via Elevating Extracellular Adenosine in a cAMP/CREB-CD39-Dependent Manner. Mol Neurobiol [in press]. |
[78] |
Zhao Y-X, Cui M, Chen S-F, et al. (2014) Amelioration of ischemic mitochondrial injury and Bax-dependent outer membrane permeabilization by Mdivi-1. CNS Neurosci Ther 20: 528-538. doi: 10.1111/cns.12266
![]() |
[79] |
Youle RJ, van der Bliek AM (2012) Mitochondrial fission, fusion, and stress. Science 337:1062-1065. doi: 10.1126/science.1219855
![]() |
[80] |
Ramonet D, Perier C, Recasens A, et al. (2013) Optic atrophy 1 mediates mitochondria remodeling and dopaminergic neurodegeneration linked to complex I deficiency. Cell Death Differ 20: 77-85. doi: 10.1038/cdd.2012.95
![]() |
[81] |
Cipolat S, Rudka T, Hartmann D, et al. (2006) Mitochondrial rhomboid PARL regulates cytochrome c release during apoptosis via OPA1-dependent cristae remodeling. Cell 126:163-175. doi: 10.1016/j.cell.2006.06.021
![]() |
[82] |
Germain M, Mathai JP, McBride HM, et al. (2005) Endoplasmic reticulum BIK initiates DRP1-regulated remodelling of mitochondrial cristae during apoptosis. EMBO J 24: 1546-1556. doi: 10.1038/sj.emboj.7600592
![]() |
[83] |
Montessuit S, Somasekharan SP, Terrones O, et al. (2010) Membrane remodeling induced by the dynamin-related protein Drp1 stimulates Bax oligomerization. Cell 142: 889-901. doi: 10.1016/j.cell.2010.08.017
![]() |
[84] |
Rambold AS, Kostelecky B, Elia N, et al. (2011) Tubular network formation protects mitochondria from autophagosomal degradation during nutrient starvation. Proc Natl Acad Sci USA 108: 10190-10195. doi: 10.1073/pnas.1107402108
![]() |
[85] |
Hall CN, Klein-Flügge MC, Howarth C, et al. (2012) Oxidative phosphorylation, not glycolysis, powers presynaptic and postsynaptic mechanisms underlying brain information processing. J Neurosci 32: 8940-8951. doi: 10.1523/JNEUROSCI.0026-12.2012
![]() |
[86] |
Bolaños JP, Almeida A, Moncada S (2010) Glycolysis: a bioenergetic or a survival pathway? Trends Biochem Sci 35: 145-149. doi: 10.1016/j.tibs.2009.10.006
![]() |
[87] |
Kasischke KA, Vishwasrao HD, Fisher PJ, et al. (2004) Neural activity triggers neuronal oxidative metabolism followed by astrocytic glycolysis. Science 305: 99-103. doi: 10.1126/science.1096485
![]() |
[88] |
Vander Heiden MG, Cantley LC, Thompson CB (2009) Understanding the Warburg effect: the metabolic requirements of cell proliferation. Science 324: 1029-1033. doi: 10.1126/science.1160809
![]() |
[89] | Kroemer G, Pouyssegur J (2008) Tumor cell metabolism: cancer“s Achilles” heel. Cancer Cell13: 472-482. |
[90] |
Hsu PP, Sabatini DM (2008) Cancer cell metabolism: Warburg and beyond. Cell 134: 703-707. doi: 10.1016/j.cell.2008.08.021
![]() |
[91] |
Zorzano A, Liesa M, Sebastián D, et al. (2010) Mitochondrial fusion proteins: dual regulators of morphology and metabolism. Semin Cell Dev Biol 21: 566-574. doi: 10.1016/j.semcdb.2010.01.002
![]() |
[92] |
Amati-Bonneau P, Guichet A, Olichon A, et al. (2005) OPA1 R445H mutation in optic atrophy associated with sensorineural deafness. Ann Neurol 58: 958-963. doi: 10.1002/ana.20681
![]() |
[93] |
Zanna C, Ghelli A, Porcelli AM, et al. (2008) OPA1 mutations associated with dominant optic atrophy impair oxidative phosphorylation and mitochondrial fusion. Brain 131: 352-367 doi: 10.1093/brain/awm335
![]() |
[94] |
Pich S, Bach D, Briones P, et al. (2005) The Charcot-Marie-Tooth type 2A gene product, Mfn2, up-regulates fuel oxidation through expression of OXPHOS system. Hum Mol Genet 14:1405-1415. doi: 10.1093/hmg/ddi149
![]() |
[95] |
Agier V, Oliviero P, Lainé J, et al. (2012) Defective mitochondrial fusion, altered respiratory function, and distorted cristae structure in skin fibroblasts with heterozygous OPA1 mutations. Biochim Biophys Acta 1822: 1570-1580. doi: 10.1016/j.bbadis.2012.07.002
![]() |
[96] |
Chen H, Vermulst M, Wang YE, et al. (2010) Mitochondrial fusion is required for mtDNA stability in skeletal muscle and tolerance of mtDNA mutations. Cell 141: 280-289. doi: 10.1016/j.cell.2010.02.026
![]() |
[97] |
Ono T, Isobe K, Nakada K, et al. (2001) Human cells are protected from mitochondrial dysfunction by complementation of DNA products in fused mitochondria. Nat Genet 28:272-275. doi: 10.1038/90116
![]() |
[98] |
Hackenbrock CR (1968) Chemical and physical fixation of isolated mitochondria in low-energy and high-energy states. Proc Natl Acad Sci USA 61: 598-605. doi: 10.1073/pnas.61.2.598
![]() |
[99] | Hackenbrock CR (1966) Ultrastructural bases for metabolically linked mechanical activity in mitochondria. I. Reversible ultrastructural changes with change in metabolic steady state in isolated liver mitochondria. J Cell Biol 30: 269-297. |
[100] | Hackenbrock CR (1968) Ultrastructural bases for metabolically linked mechanical activity in mitochondria. II. Electron transport-linked ultrastructural transformations in mitochondria. J Cell Biol 37: 345-369. |
1. | Swathi Ch, Suresh Babu Kare, 2024, A Comprehensive Analysis of Network Intrusion Detection in Internet of Things and Wireless Networks, 979-8-3503-7311-0, 01, 10.1109/ICDSNS62112.2024.10691047 | |
2. | Renjie Chu, Peiyuan Jin, Hanli Qiao, Quanxi Feng, Intrusion detection in the IoT data streams using concept drift localization, 2023, 9, 2473-6988, 1535, 10.3934/math.2024076 | |
3. | Imane Rakine, Kamal El Guemmat, Sara Ouahabi, Issam Atouf, Mohamed Talea, 2024, IoT Intrusion Detection: A Review of ML and DL-Based Approaches, 979-8-3503-0950-8, 1, 10.1109/IRASET60544.2024.10548107 | |
4. | Yanmeng Mo, Huige Li, Dongsheng Wang, Gaqiong Liu, An intrusion detection system based on convolution neural network, 2024, 10, 2376-5992, e2152, 10.7717/peerj-cs.2152 | |
5. | Manohar Srinivasan, Narayanan Chidambaram Senthilkumar, Class imbalance data handling with optimal deep learning-based intrusion detection in IoT environment, 2024, 28, 1432-7643, 4519, 10.1007/s00500-023-09610-x | |
6. | Asadullah Momand, Sana Ullah Jan, Naeem Ramzan, ABCNN-IDS: Attention-Based Convolutional Neural Network for Intrusion Detection in IoT Networks, 2024, 136, 0929-6212, 1981, 10.1007/s11277-024-11260-7 | |
7. | Aigul Adamova, Tamara Zhukabayeva, Nurgalym Adamov, Machine Learning Algorithms for Intrusion Detection in IoT-enabled Smart Homes, 2024, 241, 18770509, 427, 10.1016/j.procs.2024.08.059 | |
8. | Arun Kumar Pipersenia, M.S. Nidhya, Sandeep Kumar Jain, 2024, Identifying and Addressing Security Vulnerabilities in Hybrid Network Security Algorithms, 979-8-3503-8334-8, 1, 10.1109/ICOCWC60930.2024.10470765 | |
9. | Zhiqi Li, Weidong Fang, Chunsheng Zhu, Guannan Song, Wuxiong Zhang, 2024, Toward Deep Learning based Intrusion Detection System: A Survey, 9798400717857, 25, 10.1145/3688574.3688578 | |
10. | M. Karthikeyan, D. Manimegalai, Karthikeyan RajaGopal, Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection, 2024, 14, 2045-2322, 10.1038/s41598-023-50554-x | |
11. | Asmaa BENCHAMA, Khalid ZEBBARA , Novel Approach to Intrusion Detection: Introducing GAN-MSCNN-BILSTM with LIME Predictions, 2023, 2, 2953-4917, 202, 10.56294/dm2023202 | |
12. | Emad-Ul-Haq Qazi, Tanveer Zia, Muhammad Hamza Faheem, Khurram Shahzad, Muhammad Imran, Zeeshan Ahmed, Zero-Touch Network Security (ZTNS): A Network Intrusion Detection System Based on Deep Learning, 2024, 12, 2169-3536, 141625, 10.1109/ACCESS.2024.3466470 | |
13. | Fatiha Benabderrahmane, Samir Selmane, Nardjes Bouchemal, 2023, Enhancing Security in Healthcare IoT Systems: Mitigating Threats and Protecting Patient Data, 979-8-3503-0488-6, 141, 10.1109/ICSC58660.2023.10449802 | |
14. | Ashok Kumar K, Shajin F.H, Sayyad Jilani, Elvin Kuruvilla, Optimized Bayesian regularization-back propagation neural network using data-driven intrusion detection system in Internet of Things, 2024, 2308-0477, 1, 10.1080/23080477.2024.2376971 | |
15. | Priyesh Kulshrestha, T. V. Vijay Kumar, Machine learning based intrusion detection system for IoMT, 2024, 15, 0975-6809, 1802, 10.1007/s13198-023-02119-4 | |
16. | Anandaraj Mahalingam, Ganeshkumar Perumal, Gopalakrishnan Subburayalu, Mubarak Albathan, Abdullah Altameem, Riyad Saleh Almakki, Ayyaz Hussain, Qaisar Abbas, ROAST-IoT: A Novel Range-Optimized Attention Convolutional Scattered Technique for Intrusion Detection in IoT Networks, 2023, 23, 1424-8220, 8044, 10.3390/s23198044 | |
17. | Mohammed S. Alshehri, Oumaima Saidani, Fatma S. Alrayes, Saadullah Farooq Abbasi, Jawad Ahmad, A Self-Attention-Based Deep Convolutional Neural Networks for IIoT Networks Intrusion Detection, 2024, 12, 2169-3536, 45762, 10.1109/ACCESS.2024.3380816 | |
18. |
Asmaa BENCHAMA,
Novel Approach to Intrusion Detection: Introducing GAN-MSCNN-BILSTM with LIME Predictions
, 2024, 1556-5068, 10.2139/ssrn.4857415 |
|
19. | Varaprasad R, Prabhu Chakkaravarthy A, Veeresha M, 2024, A Comprehensive Analysis of Intrusion Detection System using Machine Learning and Deep Learning Algorithms, 979-8-3503-6066-0, 1, 10.1109/IACIS61494.2024.10721636 | |
20. | Shwe Sin Myat Than, Akari Myint Soe, Aung Htein Maw, 2024, A Comparative Analysis of CNN, LSTM, and Autoencoder Models of IoT Intrusion Detection, 979-8-3315-1004-6, 1, 10.1109/ICAIT65209.2024.10754916 | |
21. | M. D. Sakibul Islam, Aminu Yusuf, Muhammad Dikko Gambo, Abdulaziz Y. Barnawi, A Novel Few-Shot ML Approach for Intrusion Detection in IoT, 2024, 2193-567X, 10.1007/s13369-024-09805-w | |
22. | Mohammed Mouiti, Ayyoub El Hariri, Mohamed Lazaar, Leveraging optuna for hyperparameter tuning in GANs: a novel solution for class imbalance in IoT datasets, 2024, 6, 2631-8695, 045257, 10.1088/2631-8695/ad9ced | |
23. | J. Maruthupandi, S. Sivakumar, B. Lakshmi Dhevi, S. Prasanna, R. Karpaga Priya, Shitharth Selvarajan, An intelligent attention based deep convoluted learning (IADCL) model for smart healthcare security, 2025, 15, 2045-2322, 10.1038/s41598-024-84691-8 | |
24. | Abdolmanan Babaei Goushlavandani, Peyman Bayat, Gholamhossein Ekbatanifard, Detecting attacks on the internet of things network in the computing fog layer with an embedded learning approach based on clustering and blockchain, 2025, 28, 1386-7857, 10.1007/s10586-024-04898-2 | |
25. | Qinyue Wu, Hui Xu, Mengran Liu, Applying an Improved Dung Beetle Optimizer Algorithm to Network Traffic Identification, 2024, 78, 1546-2226, 4091, 10.32604/cmc.2024.048461 | |
26. | Amardeep Singh, Hamad Ali Abosaq, Saad Arif, Zohaib Mushtaq, Muhammad Irfan, Ghulam Abbas, Arshad Ali, Alanoud Al Mazroa, Securing Cloud-Encrypted Data: Detecting Ransomware-as-a-Service (RaaS) Attacks through Deep Learning Ensemble, 2024, 79, 1546-2226, 857, 10.32604/cmc.2024.048036 | |
27. | Muhammad Zawad Mahmud, Samiha Islam, Shahran Rahman Alve, Al Jubayer Pial, 2024, Optimized IoT Intrusion Detection using Machine Learning Technique, 979-8-3315-3440-0, 167, 10.1109/RAAICON64172.2024.10928532 | |
28. | Duaa Shoukat, Adnan Akhunzada, Muhammad Taimoor Khan, Ahmad Sami Al-Shamayleh, Mueen Uddin, Hashem Alaidaros, 2025, Chapter 11, 978-981-97-8587-2, 109, 10.1007/978-981-97-8588-9_11 |
Reference | Model/Attack Detection Mechanism | Dataset | IoT Layer Targeted | Evaluation Measures |
[7] | Ensemble Voting Classifier | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[8] | Stacking based Ensemble Model | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[27] | Ensemble Based IDS using XGBoost | KDDCup99 | IoT Network Layer | Accuracy, Precision, Recall, F1-Score, Confusion Matrix |
[37] | ML Classifiers (RF, AB, XGB, GBM, ETC) | CIDDS-001, UNSW-NB 15, NSL-KDD | IoT Network Layer | Accuracy, False positive Rate, AUC, Sensitivity |
[53] | Deep Convolutional Neural Network | IODIT20 | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[54] | DL-IDS(SMO with SDPN) | NSL-KDD | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[53] | Hybrid DL Based Model (LSTM-GRU) | CIC DOS, CI-CIDS 2017 and CSE-CIC IDS 2018 | X | Accuracy, Precision, Recall, F1-Score |
[45] | ReliefF-Based IDS (MNN, WKNN, SVM) | ToN-IoT Windows 10 Dataset | IoT Application Layer | Confusion Matrix, Accuracy, Precision, Recall, F1-Score |
[57] | DT, NB | TON-IoT Network Flow Dataset | IoT Network Layer | Confusion Matrix |
[58] | GraphSage Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[59] | DFF, CNN, RNN, DT, LR, NB | UNSW-NB15, CSE CIC-IDS2018, ToN-IoT Network Flow | IoT Network Layer | Accuracy, F1-Score, Detection Rate, False Alarm Rate |
[60] | CNN -Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, Loss, F1-Score |
Proposed Study | RNN-GRU | ToN-IoT (Telemetry dataset, Network Flow dataset, windows 7 &10 dataset) | IoT Perception Layer IoT Network Layer IoT Application Layer | Accuracy, Precision, Recall, F1-Score |
Models:- RF - Random Forest. AB - Adaa Boost. XGB- Extreme Gradient Boost. GBM - Gradient Boosted Machine. ETC - Extremely Randomized Trees. SMO - Spider Monkey Optimization. SDPN - Stacked Deep Polynomial Network. LSTM- Long Short-Term Memory. GRU - Gated Recurrent Unit. MNN- Medium Neural Network. WKNN- Weighted KNN. SVM - Support Vector Machine. |
IoT Layers | Dataset Files | Total Record | Normal Instances | Scanning Attack | DOS / DDOS Attack | Ransom-ware Attack | Backdoor Attack | Injection Attack | XSS Attack | Password Attack | Total Attacks |
Physical Layer | IoT Fridge Sensor | 59, 944 | 35, 000 | 0 | 5000 | 2902 | 5000 | 5000 | 2042 | 5000 | 24, 944 |
Physical Layer | IoT Garage Door Sensor | 59, 587 | 35, 000 | 529 | 5000 | 2902 | 5000 | 5000 | 1156 | 5000 | 24, 587 |
Physical Layer | IoT GPS Tracker | 58, 960 | 35, 000 | 550 | 5000 | 2833 | 5000 | 5000 | 577 | 5000 | 23, 960 |
Physical Layer | IoT Modbus Sensor | 51, 106 | 35, 000 | 529 | 0 | 0 | 5000 | 5000 | 577 | 5000 | 16, 106 |
Physical Layer | IoT Motion Light Sensor | 59, 488 | 35, 000 | 1775 | 5000 | 2264 | 5000 | 5000 | 449 | 5000 | 24, 488 |
Physical Layer | IoT Thermostat Sensor | 52, 774 | 35, 000 | 61 | 0 | 2264 | 5000 | 5000 | 449 | 5000 | 17, 774 |
Physical Layer | IoT Weather Sensor | 59, 260 | 35, 000 | 529 | 5000 | 2865 | 5000 | 5000 | 866 | 5000 | 24, 260 |
Network layer | Network Flow | 461, 043 | 300, 000 | 18, 615 | 19, 986 | 13, 738 | 18, 710 | 19, 964 | 14, 516 | 19, 847 | 161, 043 |
Application Layer | windows 10 | 21, 104 | 10, 000 | 0 | 4608 | 15 | 447 | 612 | 1269 | 3628 | 11, 104 |
Application Layer | windows 7 | 15, 980 | 10, 000 | 226 | 2134 | 82 | 1779 | 998 | 4 | 757 | 5980 |
Dataset | Attack Labels | Diverse Attack Scenarios | Separate Dataset for Each IoT Layer | Year |
KDDCUP99 | Yes | No | No | 1998 |
NSL-KDD | Yes | No | No | 1998 |
LWSNDR | Yes | No | No | 2010 |
UNSW-NB15 | Yes | Yes | No | 2015 |
AWID | Yes | Yes | No | 2015 |
ISCX | Yes | Yes | No | 2017 |
UNSW-IOT | Yes | Yes | No | 2018 |
BOT-IOT | Yes | Yes | No | 2019 |
RPL-NIDDS17 | Yes | Yes | No | 2017 |
CICIDS2017 | Yes | Yes | No | 2017 |
ToN-IoT | Yes | Yes | Yes | 2020 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Garage Door | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT GPS Tracker | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Modbus | Adam | 0.85 | 0.85 | 0.8 | 0.78 |
Sensor | Adamax | 0.83 | 0.82 | 0.79 | 0.76 |
IoT Motion | Adam | 0.8 | 0.8 | 0.78 | 0.8 |
Light Sensor | Adamax | 0.75 | 0.78 | 0.75 | 0.74 |
IoT Thermostat | Adam | 0.98 | 0.99 | 0.98 | 0.98 |
Sensor | Adamax | 0.93 | 0.95 | 0.91 | 0.93 |
IoT Weather | Adam | 0.8 | 0.83 | 0.86 | 0.84 |
Sensor | Adamax | 0.78 | 0.79 | 0.82 | 0.81 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | [4], [24] | LR | 0.57 | 0.34 | 0.58 | 0.43 |
LDA | 0.77 | 0.79 | 0.77 | 0.77 | ||
RF | 0.97 | 0.97 | 0.97 | 0.97 | ||
NB | 0.5 | 0.53 | 0.51 | 0.51 | ||
SVM | 0.81 | 0.86 | 0.82 | 0.8 | ||
LSTM | 1 | 1 | 1 | 1 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Garage Door | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT GPS Tracker | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Modbus Sensor | [4], [24] | LR | 0.67 | 0.46 | 0.68 | 0.55 |
LDA | 0.67 | 0.46 | 0.68 | 0.55 | ||
RF | 0.97 | 0.98 | 0.98 | 0.98 | ||
NB | 0.67 | 0.46 | 0.68 | 0.55 | ||
SVM | 0.67 | 0.46 | 0.68 | 0.55 | ||
LSTM | 0.68 | 0.47 | 0.68 | 0.55 | ||
Proposed Study | 0.85 | 0.8 | 0.78 | 0.8 | ||
IoT Motion Light | [4], [24] | LR | 0.58 | 0.34 | 0.59 | 0.43 |
LDA | 0.58 | 0.34 | 0.59 | 0.43 | ||
RF | 0.58 | 0.34 | 0.59 | 0.43 | ||
NB | 0.58 | 0.34 | 0.59 | 0.43 | ||
SVM | 0.58 | 0.34 | 0.59 | 0.43 | ||
LSTM | 0.59 | 0.35 | 0.59 | 0.44 | ||
Proposed Study | 0.8 | 0.78 | 0.78 | 0.8 | ||
IoT Thermostat Sen | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 0.91 | 0.91 | 0.92 | 0.9 | ||
IoT Weather Sen | [4], [24] | LR | 0.58 | 0.6 | 0.59 | 0.53 |
LDA | 0.6 | 0.59 | 0.6 | 0.53 | ||
RF | 0.84 | 0.84 | 0.84 | 0.84 | ||
NB | 0.69 | 0.72 | 0.69 | 0.67 | ||
SVM | 0.63 | 0.68 | 0.63 | 0.55 | ||
LSTM | 0.82 | 0.82 | 0.81 | 0.8 | ||
Proposed Study | 0.99 | 0.97 | 0.96 | 0.95 | ||
Combined | [4], [24] | LR | 0.61 | 0.37 | 0.61 | 0.46 |
Data Files | LDA | 0.68 | 0.74 | 0.68 | 0.62 | |
RF | 0.85 | 0.87 | 0.85 | 0.85 | ||
NB | 0.62 | 0.63 | 0.62 | 0.51 | ||
SVM | 0.61 | 0.37 | 0.61 | 0.46 | ||
LSTM | 0.81 | 0.83 | 0.81 | 0.8 | ||
Proposed Study | 0.83 | 0.86 | 0.86 | 0.83 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Network Flow | Adam | 0.99 | 0.98 | 0.98 | 0.99 |
Dataset | Adamax | 0.97 | 0.96 | 0.95 | 0.96 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Network Traffic | [25] | DT | 0.97 | 0.96 | 0.96 | 0.95 |
RF | 0.96 | 0.95 | 0.97 | 0.93 | ||
KNN | 0.97 | 0.98 | 0.95 | 0.94 | ||
XGB | 0.98 | 0.97 | 0.94 | 0.92 | ||
Proposed Study | 0.99 | 0.99 | 0.98 | 0.97 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Windows 10 | Adam | 0.98 | 0.98 | 0.97 | 0.98 |
Adamax | 0.94 | 0.95 | 0.94 | 0.95 | |
Windows 7 | Adam | 0.99 | 0.95 | 0.94 | 0.96 |
Adamax | 0.94 | 0.89 | 0.86 | 0.84 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Windows 7 | [12] | KNN | 0.92 | 0.68 | 0.95 | 0.79 |
SVM | 0.75 | 0.006 | 0.006 | 0.006 | ||
Proposed Study | 0.98 | 0.97 | 0.98 | 0.97 | ||
Windows 10 | [19] | RF | 0.9 | 0.94 | 0.92 | 0.91 |
NB | 0.92 | 0.82 | 0.85 | 0.87 | ||
DT | 0.93 | 0.94 | 0.92 | 0.9 | ||
Proposed Study | 0.88 | 0.94 | 0.96 | 0.9 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | Adam | 0.78 | 0.79 | 0.76 | 0.68 |
Adamax | 0.75 | 0.72 | 0.7 | 0.62 | |
IoT Garage Door | Adam | 0.85 | 0.83 | 0.85 | 0.85 |
Adamax | 0.78 | 0.77 | 0.79 | 0.76 | |
IoT GPS Tracker | Adam | 0.95 | 0.95 | 0.95 | 0.95 |
Adamax | 0.88 | 0.87 | 0.85 | 0.85 | |
IoT Modbus Sensor | Adam | 0.98 | 0.97 | 0.97 | 0.98 |
Adamax | 0.91 | 0.9 | 0.91 | 0.89 | |
IoT Motion Light | Adam | 0.76 | 0.75 | 0.78 | 0.76 |
Adamax | 0.72 | 0.69 | 0.71 | 0.68 | |
IoT Thermostat | Adam | 0.86 | 0.87 | 0.88 | 0.87 |
Adamax | 0.76 | 0.8 | 0.81 | 0.79 | |
IoT Weather | Adam | 0.98 | 0.99 | 0.99 | 0.97 |
Adamax | 0.95 | 0.96 | 0.93 | 0.94 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Network Traffic | Adam | 0.99 | 0.99 | 0.98 | 0.97 |
Adamax | 0.96 | 0.95 | 0.97 | 0.93 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Windows 7 | Adam | 0.88 | 0.86 | 0.87 | 0.88 |
Adamax | 0.81 | 0.8 | 0.79 | 0.8 | |
windows 10 | Adam | 0.84 | 0.85 | 0.84 | 0.87 |
Adamax | 0.78 | 0.79 | 0.78 | 0.79 |
Reference | Model/Attack Detection Mechanism | Dataset | IoT Layer Targeted | Evaluation Measures |
[7] | Ensemble Voting Classifier | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[8] | Stacking based Ensemble Model | ToN-IoT Telemetry Dataset | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[27] | Ensemble Based IDS using XGBoost | KDDCup99 | IoT Network Layer | Accuracy, Precision, Recall, F1-Score, Confusion Matrix |
[37] | ML Classifiers (RF, AB, XGB, GBM, ETC) | CIDDS-001, UNSW-NB 15, NSL-KDD | IoT Network Layer | Accuracy, False positive Rate, AUC, Sensitivity |
[53] | Deep Convolutional Neural Network | IODIT20 | IoT Perception Layer | Accuracy, Precision, Recall, F1-Score |
[54] | DL-IDS(SMO with SDPN) | NSL-KDD | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[53] | Hybrid DL Based Model (LSTM-GRU) | CIC DOS, CI-CIDS 2017 and CSE-CIC IDS 2018 | X | Accuracy, Precision, Recall, F1-Score |
[45] | ReliefF-Based IDS (MNN, WKNN, SVM) | ToN-IoT Windows 10 Dataset | IoT Application Layer | Confusion Matrix, Accuracy, Precision, Recall, F1-Score |
[57] | DT, NB | TON-IoT Network Flow Dataset | IoT Network Layer | Confusion Matrix |
[58] | GraphSage Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, F1-Score |
[59] | DFF, CNN, RNN, DT, LR, NB | UNSW-NB15, CSE CIC-IDS2018, ToN-IoT Network Flow | IoT Network Layer | Accuracy, F1-Score, Detection Rate, False Alarm Rate |
[60] | CNN -Based IDS | ToN-IoT Network Flow Dataset | IoT Network Layer | Accuracy, Precision, Recall, Loss, F1-Score |
Proposed Study | RNN-GRU | ToN-IoT (Telemetry dataset, Network Flow dataset, windows 7 &10 dataset) | IoT Perception Layer IoT Network Layer IoT Application Layer | Accuracy, Precision, Recall, F1-Score |
Models:- RF - Random Forest. AB - Adaa Boost. XGB- Extreme Gradient Boost. GBM - Gradient Boosted Machine. ETC - Extremely Randomized Trees. SMO - Spider Monkey Optimization. SDPN - Stacked Deep Polynomial Network. LSTM- Long Short-Term Memory. GRU - Gated Recurrent Unit. MNN- Medium Neural Network. WKNN- Weighted KNN. SVM - Support Vector Machine. |
IoT Layers | Dataset Files | Total Record | Normal Instances | Scanning Attack | DOS / DDOS Attack | Ransom-ware Attack | Backdoor Attack | Injection Attack | XSS Attack | Password Attack | Total Attacks |
Physical Layer | IoT Fridge Sensor | 59, 944 | 35, 000 | 0 | 5000 | 2902 | 5000 | 5000 | 2042 | 5000 | 24, 944 |
Physical Layer | IoT Garage Door Sensor | 59, 587 | 35, 000 | 529 | 5000 | 2902 | 5000 | 5000 | 1156 | 5000 | 24, 587 |
Physical Layer | IoT GPS Tracker | 58, 960 | 35, 000 | 550 | 5000 | 2833 | 5000 | 5000 | 577 | 5000 | 23, 960 |
Physical Layer | IoT Modbus Sensor | 51, 106 | 35, 000 | 529 | 0 | 0 | 5000 | 5000 | 577 | 5000 | 16, 106 |
Physical Layer | IoT Motion Light Sensor | 59, 488 | 35, 000 | 1775 | 5000 | 2264 | 5000 | 5000 | 449 | 5000 | 24, 488 |
Physical Layer | IoT Thermostat Sensor | 52, 774 | 35, 000 | 61 | 0 | 2264 | 5000 | 5000 | 449 | 5000 | 17, 774 |
Physical Layer | IoT Weather Sensor | 59, 260 | 35, 000 | 529 | 5000 | 2865 | 5000 | 5000 | 866 | 5000 | 24, 260 |
Network layer | Network Flow | 461, 043 | 300, 000 | 18, 615 | 19, 986 | 13, 738 | 18, 710 | 19, 964 | 14, 516 | 19, 847 | 161, 043 |
Application Layer | windows 10 | 21, 104 | 10, 000 | 0 | 4608 | 15 | 447 | 612 | 1269 | 3628 | 11, 104 |
Application Layer | windows 7 | 15, 980 | 10, 000 | 226 | 2134 | 82 | 1779 | 998 | 4 | 757 | 5980 |
Dataset | Attack Labels | Diverse Attack Scenarios | Separate Dataset for Each IoT Layer | Year |
KDDCUP99 | Yes | No | No | 1998 |
NSL-KDD | Yes | No | No | 1998 |
LWSNDR | Yes | No | No | 2010 |
UNSW-NB15 | Yes | Yes | No | 2015 |
AWID | Yes | Yes | No | 2015 |
ISCX | Yes | Yes | No | 2017 |
UNSW-IOT | Yes | Yes | No | 2018 |
BOT-IOT | Yes | Yes | No | 2019 |
RPL-NIDDS17 | Yes | Yes | No | 2017 |
CICIDS2017 | Yes | Yes | No | 2017 |
ToN-IoT | Yes | Yes | Yes | 2020 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Garage Door | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT GPS Tracker | Adam | 1.0 | 1.0 | 1.0 | 1.0 |
Sensor | Adamax | 1.0 | 1.0 | 1.0 | 1.0 |
IoT Modbus | Adam | 0.85 | 0.85 | 0.8 | 0.78 |
Sensor | Adamax | 0.83 | 0.82 | 0.79 | 0.76 |
IoT Motion | Adam | 0.8 | 0.8 | 0.78 | 0.8 |
Light Sensor | Adamax | 0.75 | 0.78 | 0.75 | 0.74 |
IoT Thermostat | Adam | 0.98 | 0.99 | 0.98 | 0.98 |
Sensor | Adamax | 0.93 | 0.95 | 0.91 | 0.93 |
IoT Weather | Adam | 0.8 | 0.83 | 0.86 | 0.84 |
Sensor | Adamax | 0.78 | 0.79 | 0.82 | 0.81 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | [4], [24] | LR | 0.57 | 0.34 | 0.58 | 0.43 |
LDA | 0.77 | 0.79 | 0.77 | 0.77 | ||
RF | 0.97 | 0.97 | 0.97 | 0.97 | ||
NB | 0.5 | 0.53 | 0.51 | 0.51 | ||
SVM | 0.81 | 0.86 | 0.82 | 0.8 | ||
LSTM | 1 | 1 | 1 | 1 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Garage Door | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT GPS Tracker | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 1 | 1 | 1 | 1 | ||
IoT Modbus Sensor | [4], [24] | LR | 0.67 | 0.46 | 0.68 | 0.55 |
LDA | 0.67 | 0.46 | 0.68 | 0.55 | ||
RF | 0.97 | 0.98 | 0.98 | 0.98 | ||
NB | 0.67 | 0.46 | 0.68 | 0.55 | ||
SVM | 0.67 | 0.46 | 0.68 | 0.55 | ||
LSTM | 0.68 | 0.47 | 0.68 | 0.55 | ||
Proposed Study | 0.85 | 0.8 | 0.78 | 0.8 | ||
IoT Motion Light | [4], [24] | LR | 0.58 | 0.34 | 0.59 | 0.43 |
LDA | 0.58 | 0.34 | 0.59 | 0.43 | ||
RF | 0.58 | 0.34 | 0.59 | 0.43 | ||
NB | 0.58 | 0.34 | 0.59 | 0.43 | ||
SVM | 0.58 | 0.34 | 0.59 | 0.43 | ||
LSTM | 0.59 | 0.35 | 0.59 | 0.44 | ||
Proposed Study | 0.8 | 0.78 | 0.78 | 0.8 | ||
IoT Thermostat Sen | [4], [24] | LR | 0.86 | 0.88 | 0.86 | 0.87 |
LDA | 0.86 | 0.88 | 0.86 | 0.87 | ||
RF | 0.85 | 0.85 | 0.85 | 0.85 | ||
NB | 0.84 | 0.86 | 0.85 | 0.86 | ||
SVM | 0.86 | 0.88 | 0.87 | 0.87 | ||
LSTM | 0.87 | 0.89 | 0.88 | 0.88 | ||
Proposed Study | 0.91 | 0.91 | 0.92 | 0.9 | ||
IoT Weather Sen | [4], [24] | LR | 0.58 | 0.6 | 0.59 | 0.53 |
LDA | 0.6 | 0.59 | 0.6 | 0.53 | ||
RF | 0.84 | 0.84 | 0.84 | 0.84 | ||
NB | 0.69 | 0.72 | 0.69 | 0.67 | ||
SVM | 0.63 | 0.68 | 0.63 | 0.55 | ||
LSTM | 0.82 | 0.82 | 0.81 | 0.8 | ||
Proposed Study | 0.99 | 0.97 | 0.96 | 0.95 | ||
Combined | [4], [24] | LR | 0.61 | 0.37 | 0.61 | 0.46 |
Data Files | LDA | 0.68 | 0.74 | 0.68 | 0.62 | |
RF | 0.85 | 0.87 | 0.85 | 0.85 | ||
NB | 0.62 | 0.63 | 0.62 | 0.51 | ||
SVM | 0.61 | 0.37 | 0.61 | 0.46 | ||
LSTM | 0.81 | 0.83 | 0.81 | 0.8 | ||
Proposed Study | 0.83 | 0.86 | 0.86 | 0.83 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Network Flow | Adam | 0.99 | 0.98 | 0.98 | 0.99 |
Dataset | Adamax | 0.97 | 0.96 | 0.95 | 0.96 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Network Traffic | [25] | DT | 0.97 | 0.96 | 0.96 | 0.95 |
RF | 0.96 | 0.95 | 0.97 | 0.93 | ||
KNN | 0.97 | 0.98 | 0.95 | 0.94 | ||
XGB | 0.98 | 0.97 | 0.94 | 0.92 | ||
Proposed Study | 0.99 | 0.99 | 0.98 | 0.97 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F1-Measure |
Windows 10 | Adam | 0.98 | 0.98 | 0.97 | 0.98 |
Adamax | 0.94 | 0.95 | 0.94 | 0.95 | |
Windows 7 | Adam | 0.99 | 0.95 | 0.94 | 0.96 |
Adamax | 0.94 | 0.89 | 0.86 | 0.84 |
Dataset Files | Reference | Models | Accuracy | Precision | Recall | F-Measure |
Windows 7 | [12] | KNN | 0.92 | 0.68 | 0.95 | 0.79 |
SVM | 0.75 | 0.006 | 0.006 | 0.006 | ||
Proposed Study | 0.98 | 0.97 | 0.98 | 0.97 | ||
Windows 10 | [19] | RF | 0.9 | 0.94 | 0.92 | 0.91 |
NB | 0.92 | 0.82 | 0.85 | 0.87 | ||
DT | 0.93 | 0.94 | 0.92 | 0.9 | ||
Proposed Study | 0.88 | 0.94 | 0.96 | 0.9 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
IoT Fridge Sensor | Adam | 0.78 | 0.79 | 0.76 | 0.68 |
Adamax | 0.75 | 0.72 | 0.7 | 0.62 | |
IoT Garage Door | Adam | 0.85 | 0.83 | 0.85 | 0.85 |
Adamax | 0.78 | 0.77 | 0.79 | 0.76 | |
IoT GPS Tracker | Adam | 0.95 | 0.95 | 0.95 | 0.95 |
Adamax | 0.88 | 0.87 | 0.85 | 0.85 | |
IoT Modbus Sensor | Adam | 0.98 | 0.97 | 0.97 | 0.98 |
Adamax | 0.91 | 0.9 | 0.91 | 0.89 | |
IoT Motion Light | Adam | 0.76 | 0.75 | 0.78 | 0.76 |
Adamax | 0.72 | 0.69 | 0.71 | 0.68 | |
IoT Thermostat | Adam | 0.86 | 0.87 | 0.88 | 0.87 |
Adamax | 0.76 | 0.8 | 0.81 | 0.79 | |
IoT Weather | Adam | 0.98 | 0.99 | 0.99 | 0.97 |
Adamax | 0.95 | 0.96 | 0.93 | 0.94 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Network Traffic | Adam | 0.99 | 0.99 | 0.98 | 0.97 |
Adamax | 0.96 | 0.95 | 0.97 | 0.93 |
Dataset Files | Optimizer | Accuracy | Precision | Recall | F-Measure |
Windows 7 | Adam | 0.88 | 0.86 | 0.87 | 0.88 |
Adamax | 0.81 | 0.8 | 0.79 | 0.8 | |
windows 10 | Adam | 0.84 | 0.85 | 0.84 | 0.87 |
Adamax | 0.78 | 0.79 | 0.78 | 0.79 |