Attack Detection in IoT Networks Using Hybrid Feature Selection and Bayesian Optimization
Abstract
Machine learning (ML)-based attack detection is a promising alternative for addressing cybersecurity threats in Internet of things (IoT) networks. This approach can handle various emerging attack types. However, the growing volume of data and the reliance on default parameter values in ML algorithms have led to performance degradation. This study proposed a hybrid feature selection method combined with Bayesian optimization to improve the effectiveness and efficiency of attack detection models. The hybrid feature selection method integrated correlation-based filtering, which aimed to rapidly remove highly correlated features, and feature importance, which aimed to select the most influential features for the model. In addition, Bayesian optimization was employed to efficiently identify the optimal parameter values for lightweight and robust ML algorithms suitable for IoT networks, namely decision tree and random forest. The constructed model was then evaluated using the latest attack dataset, CICIoT2023, which consists of seven types of attacks: DDoS, DoS, Mirai, spoofing, reconnaissance, web-based attacks, and brute force. The evaluation results showed that the hybrid feature selection technique produced a more efficient model compared to several single feature selection methods by selecting 5 out of 46 features. Furthermore, Bayesian optimization successfully identified the optimal parameter values, improving model performance in terms of accuracy, precision, recall, and F1 score up to 99.74%, while reducing computational time by as much as 97.41%. Based on these findings, the proposed attack detection model using hybrid feature selection and Bayesian optimization can serve as a reference for implementing cybersecurity solutions in IoT networks.
References
I.M.A. Alonso, “IoT cybersecurity: Protecting the merging of the physical and digital world,” Telefónica. Access date: 26-Dec-2024. [Online]. Available: https://www.telefonica.com/en/communication-room/blog/iot-cybersecurity-protecting-the-merging-of-the-physical-and-digital-world/
S. Haque, F. El-Moussa, M. Komninos, and R. Muttukrishnan, “A systematic review of data-driven attack detection trends in IoT,” Sensors, vol. 23, no. 16, pp. 1–29, Aug. 2023, doi: 10.3390/s23167191.
K. Shafique et al., “Internet of things (IoT) for next-generation smart systems: A review of current challenges, future trends, and prospects for emerging 5G-IoT scenarios,” IEEE Access, vol. 8, pp. 23022–23040, Jan. 2020, doi: 10.1109/ACCESS.2020.2970118.
“Lanskap Keamanan Siber Indonesia 2024,” National Cyber and Crypto Agency, 2025.
R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of things (IoT) security: Current status, challenges, and prospective measures,” in 2015 10th Int. Conf. Internet Technol. Secur. Trans. (ICITST), 2015, pp. 336–341, doi: 10.1109/ICITST.2015.7412116.
S. Yaras and M. Dener, “IoT-based intrusion detection system using new hybrid deep learning algorithm,” Electronics, vol. 13, no. 6, pp. 1–28, Mar. 2024, doi: 10.3390/electronics13061053.
M.A. Al-Garadi et al., “A survey of machine and deep learning methods for internet of things (IoT) security,” IEEE Commun. Surv. Tutor., vol. 22, no. 3, pp. 1646–1685, Apr. 2020, doi: 10.1109/COMST.2020.2988293.
N. Mishra and S. Pandya, “Internet of things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review,” IEEE Access, vol. 9, pp. 59353–59377, Apr. 2021, doi: 10.1109/ACCESS.2021.3073408.
G.T. Reddy et al., “Analysis of dimensionality reduction techniques on big data,” IEEE Access, vol. 8, pp. 54776–54788, Mar. 2020, doi: 10.1109/ACCESS.2020.2980942.
P. Sahu et al., “Enhancing industrial IoT intrusion detection with hyperparameter optimization,” in 2024 15th Int. Conf. Comput. Commun. Netw. Technol. (ICCCNT), 2024, pp. 1–6, doi: 10.1109/ICCCNT61001.2024.10723326.
E.C.P. Neto et al., “CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment,” Sensors, vol. 23, no. 13, pp. 1–26, Jul. 2023, doi: 10.3390/s23135941.
F.L. Becerra-Suarez, V.A. Tuesta-Monteza, H.I. Mejia-Cabrera, and J. Arcila-Diaz, “Performance evaluation of deep learning models for classifying cybersecurity attacks in IoT networks,” Informatics, vol. 11, no. 2, pp. 1–13, Jun. 2024, doi: 10.3390/informatics11020032.
T.-T.-H. Le et al., “Toward enhanced attack detection and explanation in intrusion detection system-based IoT environment data,” IEEE Access, vol. 11, pp. 131661–131676, Nov. 2023, doi: 10.1109/ACCESS.2023.3336678.
B. Susilo, A. Muis, and R.F. Sari, “Intelligent intrusion detection system against various attacks based on a hybrid deep learning algorithm,” Sensors, vol. 25, no. 2, pp. 1–26, Jan. 2025, doi: 10.3390/s25020580.
Q.R.S. Fitni and K. Ramli, “Implementation of ensemble learning and feature selection for performance improvements in anomaly-based intrusion detection systems,” in 2020 IEEE Int. Conf. Ind. 4.0 Artif. Intell. Commun. Technol. (IAICT), 2020, pp. 118–124, doi: 10.1109/IAICT50021.2020.9172014.
W. Lian et al., “An intrusion detection method based on decision tree-recursive feature elimination in ensemble learning,” Math. Probl. Eng., vol. 2020, no. 1, pp. 1–15, Nov. 2020, doi: 10.1155/2020/2835023.
A.A. Megantara and T. Ahmad, “Feature importance ranking for increasing performance of intrusion detection system,” in 2020 3rd Int. Conf. Comput. Inform. Eng. (IC2IE), 2020, pp. 37–42, doi: 10.1109/IC2IE50715.2020.9274570.
H. Kurniawan et al., “Enhancing the detection of botnet attacks in the internet of things networks through the utilization of hybrid feature selection,” in 2024 FORTEI-Int. Conf. Electr. Eng. (FORTEI-ICEE), 2024, pp. 89–94, doi: 10.1109/FORTEI-ICEE64706.2024.10824638.
J.J. Shirley and M. Priya, “Hybrid MRMR-PCA BagDT – An effective feature selection based ensemble model for real-time intrusion detection in IoT environment,” IEEE Access, vol. 12, pp. 144230–144248, Sep. 2024, doi: 10.1109/ACCESS.2024.3468897.
J.-B. Altidor and C. Talhi, “Enhancing port scan and DDoS attack detection using genetic and machine learning algorithms,” in 2024 7th Conf. Cloud Internet Things (CIoT), 2024, pp. 1–7, doi: 10.1109/CioT63799.2024.10757005.
Y.N. Kunang, S. Nurmaini, D. Stiawan, and B.Y. Suprapto, “Improving classification attacks in IoT intrusion detection system using Bayesian hyperparameter optimization,” in 2020 3rd Int. Semin. Res. Inf. Technol. Intell. Syst. (ISRITI), 2020, pp. 146–151, doi: 10.1109/ISRITI51436.2020.9315360.
K. Ashton, “That ‘Internet of things’ thing.” RFID JOURNAL. Access date: 26-Dec-2024. [Online]. Available: https://www.rfidjournal.com/expert-views/that-internet-of-things-thing/73881
L. Chettri and R. Bera, “A comprehensive survey on internet of things (IoT) toward 5G wireless systems,” IEEE Internet Things J., vol. 7, no. 1, pp. 16–32, Jan. 2020, doi: 10.1109/JIOT.2019.2948888.
S. Dange and M. Chatterjee, “IoT botnet: The largest threat to the IoT network,” in Data Commun. Netw., Proc. GUCON 2019, 2019, pp. 137–157, doi: 10.1007/978-981-15-0132-6_10.
S. Yamaguchi, “Botnet defense system: Concept, design, and basic strategy,” Information, vol. 11, no. 11, pp. 1–15, Nov. 2020, doi: 10.3390/info11110516.
Y. Lu and L.D. Xu, “Internet of things (IoT) cybersecurity research: A review of current research topics,” IEEE Internet Things J., vol. 6, no. 2, pp. 2103–2115, Apr. 2019, doi: 10.1109/JIOT.2018.2869847.
Y. Xin et al., “Machine learning and deep learning methods for cybersecurity,” IEEE Access, vol. 6, pp. 35365–35381, May 2018, doi: 10.1109/ACCESS.2018.2836950.
H.-J. Liao, C.-H.R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 16-24, Jan. 2013, doi: 10.1016/j.jnca.2012.09.004.
F. Hussain, R. Hussain, S.A. Hassan, and E. Hossain, “Machine learning in IoT security: Current solutions and future challenges”, IEEE Commun. Surv. Tutor., vol. 22, no. 3, pp. 1686–1721, Apr. 2020, doi: 10.1109/COMST.2020.2986444.
L. Breiman, J. Friedman, R.A. Olshen, and C.J. Stone, Classification and Regression Trees. New York, NY, USA: Chapman & Hall/CRC, 2017.
B. Mahbooba, M. Timilsina, R. Sahal, and M. Serrano, “Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model,” Complexity, vol. 2021, no. 1, pp. 1–11, Jan. 2021, doi: 10.1155/2021/6634811.
L. Breiman, “Random forests,” Mach. Learn., vol. 45, pp. 5-32, Oct. 2001, doi: 10.1023/A:1010933404324.
A.K. Balyan et al., “A hybrid intrusion detection model using EGA-PSO and improved random forest method,” Sensors, vol. 22, no. 16, pp. 1–20, Aug. 2022, doi: 10.3390/s22165986.
Canadian Institute for Cybersecurity (CIC), 2023, “CIC IoT Dataset 2023,” Canadian Institute for Cybersecurity (CIC), University of New Brunswick (UNB), Canada. [Online]. Available: https://www.unb.ca/cic/datasets/iotdataset-2023.html
I. Guyon and A. Elisseeff, “An introduction to variable and feature selection,” J. Mach. Learn. Res., vol. 3, pp. 1157-1182, Mar. 2003, doi: 10.1162/153244303322753616.
D. Edelmann, T.F. Móri, and G.J. Székely, “On relationships between the Pearson and the distance correlation coefficients,” Stat. Probab. Lett., vol. 169, pp. 1–6, Feb. 2021, doi: 10.1016/j.spl.2020.108960.
I.H. Sarker, Y.B. Abushark, F. Alsolami, and A.I. Khan, “IntruDTree: A machine learning based cyber security intrusion detection model,” Symmetry, vol. 12, no. 5, pp. 1–15, May 2020, doi: 10.3390/sym12050754.
B. Bischl et al., “Hyperparameter optimization: Foundations, algorithms, best practices, and open challenges,” WIREs Data Min. Knowl. Discov., vol. 13, no. 2, pp. 1–43, Mar./Apr. 2023, doi: 10.1002/widm.1484.
R. Zuech, J. Hancock, and T.M. Khoshgoftaar, “Detecting web attacks using random undersampling and ensemble learners,” J. Big Data, vol. 8, no. 1, pp. 1–20, May 2021, doi: 10.1186/s4053-021-00460-8.
M.A. Umar, Z. Chen, K. Shuaib, and Y. Liu, “Effects of feature selection and normalization on network intrusion detection,” Data Sci. Manag., vol. 8, no. 1, pp. 23-39, Mar. 2025, doi: 10.1016/j.dsm.2024.08.001.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.
1.png)
