Enhancing Internet of Things (IoT) Network Security: A Machine Learning-Driven Framework for Real-Time Intrusion Detection and Anomaly Classification

Authors

Loiy Alsbatin, Electrical Engineering Department, Al-Balqa Applied University, Amman 11134, JordanFollow
Firas Zawaideh, Faculty of Information Technology, Networks and Cybersecurity Department, Jadara University, Irbid, Jordan
Basem Mohamad Alrifai, Faculty of Information Technology, Computer Science Department, Jadara University, Irbid, Jordan
Tareq A. Alawneh, Electrical Engineering Department, Al-Balqa Applied University, Amman 11134, Jordan
Tareq A. Alawneh, Electrical Engineering Department, Al-Balqa Applied University, Amman 11134, Jordan

Document Type

Article

Keywords

IoT Security, IDS, Machine Learning, Black Widow Optimization, Anomaly Classification

Abstract

The rapid proliferation of IoT devices presents serious IoT network cybersecurity threats; hence, advanced IDSs are necessary. Signature and rule-based IDS mechanisms cannot address novel attacks, generate excessive alarms, and are computationally inefficient. Therefore, in response, in this paper, a machine learning IDS for IoT network real-time intrusion detection and anomaly categorization is proposed via black widow optimization (BWO) for optimal feature and hyperparameter selection. The IDS employs standard machine learning models, such as random forest and support vector machines (SVMs), and deep models, such as long short-term memory (LSTM), to address IoT environment nuances. The framework is evaluated on Bot-IoT and UNSW-NB15 datasets, such as various IoT-based attacks and normal traffic. The BWO algorithm maximizes feature reduction; for Bot-IoT, 57.1%; and for UNSW-NB15, 55.1%, while retaining better detection accuracy. Experimental evidence demonstrates the strength of the framework, where LSTM offers optimal detection accuracy (99.1%) and low false alarms (0.9%). The SVM model is computationally efficient and has a low training time (90 s), inference time (10 ms), space (200 MB) and power (40 joules). The framework's scalability is also an advantage, maintaining good precision despite expanding the dataset, and is therefore perfect for extensive IoT networks. The ability of BWO to rapidly converge ensures timely and efficient optimization, which is crucial for IoT applications in practice. The tradeoff between the capability to detect and the computational cost is achieved by the framework, overcoming the drawbacks of traditional IDSs and providing an efficient solution for IoT network protection. In conclusion, our solution innovates IoT security by using BWO and machine learning to ensure accurate detection, computational power, and scalability. The developed framework presents an efficient and effective solution for real-time intrusion detection, addressing the IoT's current and future needs for cybersecurity.

How to Cite This Article

Alsbatin, Loiy; Zawaideh, Firas; Alrifai, Basem Mohamad; Alawneh, Tareq A.; and Alawneh, Tareq A. (2025) "Enhancing Internet of Things (IoT) Network Security: A Machine Learning-Driven Framework for Real-Time Intrusion Detection and Anomaly Classification," Mesopotamian Journal of CyberSecurity: Vol. 5: Iss. 3, Article 5.
DOI: https://doi.org/10.58496/MJCS/2025/056
Available at: https://map.researchcommons.org/mjcs/vol5/iss3/5