Next Article in Journal
P2ESA: Privacy-Preserving Environmental Sensor-Based Authentication
Previous Article in Journal
WDM-UNet: A Wavelet-Deformable Gated Fusion Network for Multi-Scale Retinal Vessel Segmentation
Previous Article in Special Issue
Procedures for Building a Secure Environment in IoT Networks Using the LoRa Interface
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

(H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers

Department of Theoretical and Applied Sciences, Università degli Studi dell’Insubria, 21100 Varese, Italy
*
Authors to whom correspondence should be addressed.
These authors contributed equally to this work.
Sensors 2025, 25(15), 4841; https://doi.org/10.3390/s25154841
Submission received: 20 May 2025 / Revised: 27 July 2025 / Accepted: 29 July 2025 / Published: 6 August 2025
(This article belongs to the Special Issue Privacy and Cybersecurity in IoT-Based Applications)

Abstract

Modern cloud-based Internet of Things (IoT) infrastructures face increasingly sophisticated and diverse cyber threats that challenge traditional detection systems in terms of scalability, adaptability, and explainability. In this paper, we present (H-DIR)2, a hybrid entropy-based framework designed to detect and mitigate anomalies in large-scale heterogeneous networks. The framework combines Shannon entropy analysis with Associated Random Neural Networks (ARNNs) and integrates semantic reasoning through RDF/SPARQL, all embedded within a distributed Apache Spark 3.5.0 pipeline. We validate (H-DIR)2 across three critical attack scenarios—SYN Flood (TCP), DAO-DIO (RPL), and NTP amplification (UDP)—using real-world datasets. The system achieves a mean detection latency of 247 ms and an AUC of 0.978 for SYN floods. For DAO-DIO manipulations, it increases the packet delivery ratio from 81.2% to 96.4% (p < 0.01), and for NTP amplification, it reduces the peak load by 88%. The framework achieves vertical scalability across millions of endpoints and horizontal scalability on datasets exceeding 10 TB. All code, datasets, and Docker images are provided to ensure full reproducibility. By coupling adaptive neural inference with semantic explainability, (H-DIR)2 offers a transparent and scalable solution for cloud–IoT cybersecurity, establishing a robust baseline for future developments in edge-aware and zero-day threat detection.
Keywords: hybrid distributed information retrieval; entropy-based anomaly detection; associated random neural network (ARNN); RDF/SPARQL explainability; cloud–IoT security; sub-second detection latency; semantic adaptive cyber defense hybrid distributed information retrieval; entropy-based anomaly detection; associated random neural network (ARNN); RDF/SPARQL explainability; cloud–IoT security; sub-second detection latency; semantic adaptive cyber defense

Share and Cite

MDPI and ACS Style

Tosi, D.; Pazzi, R. (H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers. Sensors 2025, 25, 4841. https://doi.org/10.3390/s25154841

AMA Style

Tosi D, Pazzi R. (H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers. Sensors. 2025; 25(15):4841. https://doi.org/10.3390/s25154841

Chicago/Turabian Style

Tosi, Davide, and Roberto Pazzi. 2025. "(H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers" Sensors 25, no. 15: 4841. https://doi.org/10.3390/s25154841

APA Style

Tosi, D., & Pazzi, R. (2025). (H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers. Sensors, 25(15), 4841. https://doi.org/10.3390/s25154841

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop