Next Article in Journal
Exploring the Mechanism of Sustainable Innovation in the Complex System: A Case Study
Previous Article in Journal
Critical Success Factors for Enhancing Intelligent Loading and Unloading in Urban Supply Chains: A Comprehensive Approach Based on Fuzzy DEMATEL-AISM-MICMAC
Previous Article in Special Issue
Digital Health Transformation: Leveraging a Knowledge Graph Reasoning Framework and Conversational Agents for Enhanced Knowledge Management
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Systems
Volume 13
Issue 4
10.3390/systems13040231
systems-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Advancing Artificial Intelligence of Things Security: Integrating Feature Selection and Deep Learning for Real-Time Intrusion Detection

by
Faisal Albalwy
1,* and
Muhannad Almohaimeed
2
1
Department of Cybersecurity, College of Computer Science and Engineering, Taibah University, Madinah 42353, Saudi Arabia
2
Department of Information Systems, College of Computer Science and Engineering, Taibah University, Madinah 42353, Saudi Arabia
*
Author to whom correspondence should be addressed.
Systems 2025, 13(4), 231; https://doi.org/10.3390/systems13040231
Submission received: 17 February 2025 / Revised: 10 March 2025 / Accepted: 26 March 2025 / Published: 28 March 2025
(This article belongs to the Special Issue Integration of Cybersecurity, AI, and IoT Technologies)
Browse Figures
Versions Notes

Abstract

:
The size of data transmitted through various communication systems has recently increased due to technological advancements in the Artificial Intelligence of Things (AIoT) and the industrial Internet of Things (IoT). IoT communications rely on intrusion detection systems (IDS) to ensure secure and reliable data transmission, as traditional security mechanisms, such as firewalls and encryption, remain susceptible to attacks. An effective IDS is crucial as evolving threats continue to expose new security vulnerabilities. This study proposes an integrated approach combining feature selection methods and principal component analysis (PCA) with advanced deep learning (DL) models for real-time intrusion detection, significantly improving both computational efficiency and accuracy compared to previous methods. Specifically, five feature selection methods (correlation-based feature subset selection (CFS), Pearson analysis, gain ratio (GR), information gain (IG) and symmetrical uncertainty (SU)) were integrated with PCA to optimise feature dimensionality and enhance predictive performance. Three classifiers—artificial neural networks (ANNs), deep neural networks (DNNs), and TabNet–were evaluated on the RT-IoT2022 dataset. The ANN classifier combined with Pearson analysis and PCA achieved the highest intrusion detection accuracy of 99.7%, demonstrating substantial performance improvements over ANN alone (92%) and TabNet (94%) without feature selection. Key features identified by Pearson analysis included id.resp_p, service, fwd_init_window_size and flow_SYN_flag_count, which significantly contributed to the performance gains. These results indicate that combining Pearson analysis with PCA consistently improves classification performance across multiple models. Furthermore, the deployment of classifiers directly on the original dataset decreased the accuracy, emphasising the importance of feature selection in enhancing AIoT and IoT security. This predictive model strengthens IDS capabilities, enabling early threat detection and proactive mitigation strategies against cyberattacks in real-time AIoT environments.

1. Introduction

The Internet of Things (IoT) has revolutionised connectivity by linking devices, people and processes, driving transformation across numerous industries [1,2]. However, this widespread connectivity has brought significant security challenges, particularly given the vulnerabilities associated with resource-constrained IoT devices and their deployment in insecure environments [3,4]. The convergence of IoT and artificial intelligence (AI) has given rise to the Artificial Intelligence of Things (AIoT), introducing both opportunities and challenges in cybersecurity [5,6,7]. Intrusion-detection systems (IDSs) play an essential role in protecting IoT and AIoT networks by identifying and mitigating potential cyber risks [8]. However, many existing IDSs struggle to maintain a balance between computational efficiency and detection accuracy, especially in real-time AIoT environments [9,10,11].
To optimise IDS performance, feature selection is critical, as it reduces data dimensionality [12,13], streamlines processing, and enhances classification accuracy [14,15]. By focusing on the most relevant features, IDSs can operate more effectively, especially in resource-limited AIoT ecosystems, such as edge-based IoT devices. Advanced machine learning (ML) and deep learning (DL) techniques have further improved the capabilities of IDSs, enabling them to process large datasets and detect complex patterns in network traffic [16,17]. However, identifying the optimal features and integrating them with cutting-edge classifiers remains a key challenge in achieving robust and scalable AIoT security solutions [14,18]. Unlike previous studies that typically applied feature selection or PCA separately, our study introduced a novel integration of multiple feature selection methods (CFS, Pearson, GR, IG and SU) combined with PCA, evaluated across advanced DL classifiers (ANN, DNN and TabNet) and specifically tailored to AIoT security, to achieve state-of-the-art accuracy.
This study built upon our previous work on IoT network intrusion detection, in which we demonstrated the effectiveness of feature selection methods in improving classification performance [19]. In the current work, we expanded this by specifically addressing AIoT security challenges and introducing a novel integration of multiple feature selection methods with principal component analysis (PCA) and advanced deep learning classifiers to optimise both computational efficiency and detection accuracy. Specifically, we evaluated DL-based classification models to determine their effectiveness in detecting anomalies and securing AIoT networks. By comparing these models’ classification performance, deeper insights are provided into the trade-offs between model complexity and detection accuracy in AIoT security.
This study aimed to evaluate the effectiveness of certain features in accurately distinguishing between normal and abnormal network traffic. This was performed by applying selected features in classification tasks using DL models, such as artificial neural networks (ANNs), deep neural networks (DNNs) and TabNet, analysing network traffic patterns and correlating them with different types of attacks. The novelty of our approach lies in its integration of multiple feature selection methods (CFS, Pearson, GR, IG and SU) with principal component analysis (PCA), achieving state-of-the-art accuracy (99.7%) with ANN. Furthermore, we identified critical features correlated with attack patterns, providing enhanced insights for practical implementation in AIoT environments.
The findings of this research contribute to the ongoing development of efficient, scalable IDS frameworks tailored to AIoT environments. By demonstrating the potential of combining feature selection techniques with advanced classifiers, this study offers insights into enhancing the resilience of AIoT networks against evolving cyber threats.
The remainder of this paper is organised as follows: Section 2 reviews related works on feature selection and classification for IoT security. Section 3 details the methodology used in this study to achieve the research aim, including the feature selection techniques and classification models. Section 4 presents the results. Section 5 discusses the findings and their implications for IoT security. Section 6 concludes the study and outlines future research directions.

2. Related Works

Significant attention is being paid to the deployment of ML and DL methods to uncover patterns and associations in datasets [20]. In this section, we briefly discuss the works that have exploited learning algorithms for IDSs, which we consulted in developing the proposed approach. Several studies have explored IDSs for which many learning methods were explored, such as feed-forward neural networks (FNNs), convolutional neural networks (CNNs), long short-term memory (LSTMs) networks and ensemble algorithms.
In Soltani, M., et al. [21], multi-agent adaptive DL models for detecting intrusion were constructed to address challenges such as traffic concept drift and distributed architecture. Two DL algorithms were utilised: CNN and LSTM. The proposed approach achieved a satisfactory accuracy of 95%. Generally, this work highlights the usefulness of applying DL models in developing practical early anomaly detection.
Sajid et al. [22] proposed a hybrid ML–DL method to enhance intrusion detection. The model combines extreme gradient boosting and CNN to extract important variables, followed by LSTM for classification. The results of the proposed model demonstrated high detection rates and superior accuracy (98.4%) with a low false acceptance rate.
Kanna, P.R. and Santhi, P in [23] proposed a DL model-optimised CNN and hierarchical multiscale LSTM (HMLSTM) for anomaly detection. They performed lion swarm optimisation, CNN and HMLSTM. They tested this approach using three benchmark datasets: NSL-KDD, ISCX-IDS and UNSWNB15. The model achieved 90.67% accuracy. However, the model was proposed only for binary classification. The study highlighted the importance of moving towards anomaly detection methods rather than relying only on signature-based approaches to improve intrusion detection.
Henry et al. [24] focused on improving network intrusion detection using a hybrid DL model and feature optimisation. They proposed the use of CNN and a gated recurrent unit (GRU) to improve network parameters, which helps significantly in anomaly detection using a network dataset. A remarkable 98.73% accuracy in detecting network behaviour was achieved. Thus, the authors concluded that DL techniques are efficient for classifying network behaviour.
The authors in [25] addressed data imbalance in the DL algorithm’s detection performance by applying a focal loss function combined with FNN and CNN classifiers to enable the model to focus on challenging, misclassified instances. Their proposed model showed higher accuracy and better precision than advanced methods such as CNN–bidirectional LSTM and PB-DID.
In [26], the authors introduced the improved LSTM (ILSTM) algorithm, which demonstrated notable enhancements to the standard LSTM algorithm by combining the chaotic butterfly optimisation algorithm and the particle swarm optimisation algorithm. The ILSTM algorithm is designed for binary and multiclass intrusion detection. Compared with other DL models, it achieved a relatively high accuracy score of 93.09%.
Various recent studies have used several ML and DL algorithms to enhance intrusion detection [27,28,29,30,31]. Other studies have employed feature selection with DL to enhance the prediction of network behaviour [32,33,34]. The experimental results from the IoT datasets demonstrated the usefulness of the proposed methods in improving the accuracy of malicious data detection. The current study extended these works by proposing a broad model for exploring the performance of a significant number of learning algorithms using feature selection methods.
Jia et al. [35] introduced a federated learning approach, the Federated Dynamic Gravitational Search Algorithm (Fed-DGSA), for distributed IoT intrusion detection. Their decentralised model reached approximately 97.8% accuracy, highlighting federated learning’s potential to enhance security in distributed AIoT networks.
Ferrag et al. [36] provided the Edge-IIoTset, a comprehensive IoT and IIoT cybersecurity dataset. They evaluated various ML and DL models, demonstrating a deep neural network that achieved around 94.67% accuracy; their top-performing model, Random Forest, reached about 99% accuracy and F1-score, underlining the effectiveness of classical ML methods as well as deep learning for IoT security.
Table 1 summarises and compares the reviewed intrusion detection studies in terms of datasets, methods and reported accuracy.

3. Materials and Methods

3.1. Description of Datasets and Methods

The RT-IoT2022 dataset was used in this study. It is fully open source and accessible from the UCI Machine Learning Repository [38]. It was introduced as a broad collection of network traffic data derived from various real-time IoT devices, such as MQTT and Amazon Alexa. This dataset captures both normal and abnormal network behaviour, including the Slowloris distributed denial of service (DDoS) and brute-force SSH attacks. It provides a comprehensive view of the complex nature of network traffic, as it has 83 different input features and one feature that determines the type of attack. The selected features in this study were explicitly identified and validated based on their effectiveness in distinguishing between normal and malicious network behaviours in our previous work [19].
The dataset comprises 123,117 instances, each of which has been identified as having a normal or attack pattern. The attack patterns include DoS SYN Hping, ARP poisoning, Slowloris DDoS, brute-force SSH and five different Nmap patterns. The RT-IoT2022 dataset can be considered a valuable resource for developing robust security solutions related to IDSs as it offers comprehensive information on the factors associated with IDSs [39].
This proposed approach presents a predictive network detection model for the IoT. First, we preprocessed and cleaned the dataset. Data preprocessing is an important phase in model building. Several preprocessing methods were applied to enhance the proposed approach, including checking missing values and converting data types into appropriate formats.
Second, we performed three types of experiments. We initially evaluated the raw data with three DL algorithms for classification: ANN, TabNet and DNN. The training parameters for the implemented DL classifiers are presented in Table 2, Table 3 and Table 4.
Then, to attain a reduced set of features and validate them with the same set of classifiers, we used the following feature selection algorithms: Pearson analysis, information gain (IG), gain ratio (GR), correlation-based feature subset selection (CFS) and symmetrical uncertainty (SU). After that, using the reduced data obtained via the feature selection techniques, we applied PCA. Finally, we validated the PCA matrix using DL classifiers. After obtaining the experiment results, we evaluated the results based on accuracy, recall, precision and the F1 score. The proposed model is illustrated in Figure 1. The study was carried out using Jupyter Notebook (Anaconda 3) with Python (version 3.9) on a MacBook Pro running the operating system Big Sur version 11.7.10, equipped with 16 GB RAM and an Intel® Core™ i9 CPU @ 2.3 GHz. Aside from the standard installed Python libraries, we used sklearn version 1.4.2, Keras version 3.5 and pytorch_tabnet version 4.1.0.

3.2. Feature Selection

Extracting valuable data from large-scale datasets is of special interest to the ML and data mining community [40]. Investigators recognise that feature selection is an essential component of effective data analytics [41], as using all features is not always helpful for classification, clustering, association rules and regression tasks. Some features are irrelevant or redundant or introduce noise in data distribution. Feature selection is an ML method used to choose a subset of features according to specified measures. It is frequently used to reduce data dimensionality, improve classification performance and decrease computational cost [42].
Feature selection techniques are developed with three types of evaluation standards: the filter, wrapper and embedded models. In filter-based methods, which were mainly used in this study, features are chosen based on statistical measures [42]. This technique does not rely on learning induction methods; instead, it selects features as a preprocessing phase. In addition, filter-based methods have lower complexity and satisfactory stability and scalability [43]. Various filter-based methods were applied in this study before the data were fed into the classification methods, including IG, GR, CFS, Pearson analysis and SU.

3.3. Feature Extraction Using PCA

PCA is among the most widely used feature extraction methods in many scientific disciplines [44]. It is a nonparametric method that uses a linear transformation to obtain vital information from complicated datasets and map the datasets into a set of new features called principal components. The core purpose of PCA is to recognise the most relevant data variables by picking the components that maximise the variance of the dataset to reduce features with minimal information loss. The authors in [44] demonstrated the process of mapping a dataset from a high-dimensional feature space to a reduced-dimensional vector space.
The initial phase involves centralising the dataset by calculating its arithmetic mean and deducting this mean from all dataset values. Then, the covariance matrix is calculated as shown in Equation (1):
C i , j = 1 N 1 q = 1 N X q , i . X q , j
  • C i , j : the covariance between the i-th and j-th variables.
  • X q , i and X q , j : the values of the i-th and j-th variables for the q-th observation.
  • N : the total number of observations
Next, the eigenvectors and their corresponding eigenvalues are calculated. PCA selects the principal components with the highest eigenvalues, which are the most discriminative. The resulting matrix of principal components retains the same number of dimensions as the original dataset, ensuring no information loss. Finally, it is preferable to remove less important components, which results in the loss of less important information.

3.4. DL Methods of Data Classification

Classification is also an interesting area in DL. Recently, several proposed classification methods have been assessed in various areas, such as ANN, TabNet and DNN. They are presented briefly in the following sections.

3.4.1. ANN

The ANN model is a straightforward conventional neural method that uses computations and statistics to simulate biological neural networks in the human brain [45]. Similar to the human brain, ANN has interconnected neural cells in several layers of the networks. The networks comprise an input layer, a hidden layer and an output layer. ANN takes the input and feeds it into the input layer. It then calculates the weighted sum of the inputs and includes a bias in the hidden layer to detect hidden features and patterns. These calculations appeared in this study in the form of a transfer function in the output layer, as shown in Figure 2.

3.4.2. TabNet

TabNet [46] is a novel end-to-end DL method specifically developed for tabular data. It mirrors the feature selection process of decision trees using the Sequential Attention technique to select features at each decision step. This approach improves the model’s performance and interpretability by assigning learning capacity to the most suitable features. Feature learning is conducted on unlabelled datasets. When a dataset becomes huge, the training is performed efficiently, as TabNet uses the minibatch gradient descent method.
Intuitively, each step in the TabNet encoder architecture comprises three key operations: feature transformation, attentive transformation and masking, as illustrated in Figure 3. In each step, a subset of the features available in the training dataset is selected for use in prediction. This selection process occurs for each sample rather than for the entire training dataset. Therefore, the prediction for each sample is produced by a distinct set of features, leading to better performance. One of the advantages of TabNet is that it enables the imputation of missing values in the data through the self-supervised learning of the encoder–decoder structure. Consequently, TabNet does not need to handle missing values during the data preparation phase [47].

3.4.3. DNN

A DNN is an ANN with several hidden layers located between the input and output layers. It is an important DL method that has been widely applied in many scientific areas due to its improved feature selection and simplified learning of complex mappings. In general, the more hidden layers are used, the more efficiently the model can perform. Each layer executes various types of sorting and categorisation processes, as shown in Figure 2.

4. Results

Using the open-source RT-IoT2022 dataset to collect network traffic data from various real-time IoT devices, this study encompassed 123,117 instances. It aimed to correctly examine event-related data to detect abnormal patterns and thus prevent crimes. To perform the experiments, the dataset was initially partitioned as follows: 70% as a training set and 30% as a testing set. All the performance metrics, including accuracy, precision, recall and the F1 score, were stated as percentages. In this section, we present an overview of the experimental results of this study, which assessed the performance of 33 predictive models. These models comprise three DL classifiers, five feature selection methods and PCA. As shown in Figure 4 and Table 5, Table 6 and Table 7, we compared the results of these models using only DL classifiers, feature selection methods with classifiers, and feature selection methods and PCA along with classifiers.

4.1. Experiments Using Only DL Classifiers

The performance results of the three DL classifiers before the application of the feature selection methods are presented in Table 5. They showed that the DL classifiers performed differently. DNN had the lowest accuracy score (10.2%), as it relies on meaningful feature representations to learn complex patterns. High-dimensional input may present noise, making it harder for the model to extract relevant features and leading to poor generalisation.
ANN and TabNet performed similarly; they were able to classify instances effectively without the need to perform feature selection methods. TabNet achieved the highest accuracy among the three DL classifiers (94%), closely followed by ANN (92%).

4.2. Experiments Using Feature Selection Methods with DL Classifiers

The same classification algorithms were then deployed with feature selection methods. First, we deployed five feature selection algorithms: CFS, Pearson analysis, GR, IR and SU. We obtained 5, 32, 51, 45 and 60 features, respectively. The feature fwd_init_window_size’ was the most important feature in predicting network behaviour, and it appeared in all feature selection techniques.
Next, the classification algorithms were deployed using feature selection techniques. Table 6 shows the performance of the selected classification methods with different feature selection techniques. ANN with the SU method achieved an accuracy score of 92.6%. For ANN, feature selection did not yield a notable improvement over using the full feature set. Although the accuracy of TabNet with CFS was significantly worse (63%) than that of TabNet alone, indicating a high number of misclassification cases, TabNet performed considerably better with the other feature selection methods. The feature subset from CFS might have restricted TabNet’s ability to learn the best feature interactions, leading to worse performance than TabNet without feature selection.
DNN models generally showed superior performance with feature selection methods. Notably, DNN with GR achieved an accuracy score of 99.5%. These models demonstrated significant performance with the use of stratified predictor variables.

4.3. Experiments Using Feature Selection Methods and PCA with DL Classifiers

We first compared the results of using PCA alone and PCA with one of five feature selection methods. Figure 5 shows the cumulative variance of the first 10 principal components obtained using different feature selection methods. The figure shows better results from the use of PCA with feature selection methods than from the use of PCA alone. Specifically, the cumulative variance of the first 10 principal components was 74% when only PCA was used, but it reached 90.8% when PCA was used with the feature selection methods.
To investigate the results of using PCA and feature selection methods with DL classifiers, 15 models were generated. Their performance results are presented in Table 7. They show that in almost all cases, PCA with the specified number of attributes performed best among all the experiments when used with DL methods. Specifically, PCA and Pearson analysis attained the highest accuracies using different classifiers but performed best with ANN, achieving not only 99.7% accuracy but also 99.6% precision, 99.7% recall and a 99.6% F1 score. The high precision and F1 score of this model indicate its ability to appropriately classify positive instances and attain a balance between precision and recall. The results also show that both ANN and DNN attained great results using PCA and different feature selection methods, with ANN reaching 99.5% accuracy using GR and SU, while DNN performed slightly better at 99.6% when using Pearson, GR and SU. These findings suggest that DNN and ANN benefit from PCA and feature selection methods and that both classifiers perform optimally with well-chosen feature subsets.
To evaluate the effect of class imbalance, we report the confusion matrix of the best- performing model to ensure that the model’s great accuracy is not simply due to predicting the majority class (normal). The results in Table 8 show that the model achieved balanced performance across all classes, indicating that class imbalance did not significantly affect the model’s performance.

5. Discussion

The use of IoT systems in many fields, such as healthcare, various other industries and smart cities, involves continuous network connectivity and data sharing. Thus, network attackers could simply attack IoT devices and take advantage of any other device using the same network. The societal and economic implications of various types of network attacks necessitate intrusion prediction from both the public and economic viewpoints [48].
Early detection of abnormal activities in a network can pave the way for timely interventions that potentially ban such activities. This not only reduces the risk of attacks but also bolsters users’ confidence in using IoT systems, reducing overall security costs. The current study provides evidence of the potential of ML and DL to enhance intrusion detection by offering an innovative methodology that combines the strengths of several predictive methods [49].
In many practical scenarios, obtaining complete network activity data can be challenging. Thus, the first phase in constructing an effective IDS is selecting an appropriate and recent dataset. The dataset must include both normal and abnormal activities to simulate real-world activities. In this study, we used a standard dataset, RT-IoT2022. Developed in 2022, this dataset contains eight threats, including brute-force SSH attacks, DDoS attacks using Hping and Slowloris, and Nmap patterns. Its 83 attributes are used to differentiate normal from malicious communications [39].
The choice of techniques was essential in this study to ensure solid intrusion detection performance. The selected techniques were ANN, DNN and TabNet. Their results are compatible with those of the latest studies, suggesting the potential of such techniques to aid in intrusion detection [50,51,52].
Hybrid algorithms have steadily demonstrated strength in enhancing intrusion prediction by combining the power of multiple algorithms. In this study, a hybrid methodology was used via a model that synergises the strengths of feature selection, PCA and DL classifiers. Integrating feature selection with PCA led to a 5–8% accuracy improvement for ANN and TabNet while boosting DNN performance by around 90%.
The lower performance of TabNet with CFS (63%) may be attributed to the excessively aggressive feature reduction (selecting only five features), potentially omitting features essential for TabNet’s effective learning. Conversely, DNN substantially improved from 10.2% to 99.6% accuracy with GR due to the removal of redundant or noisy features, allowing the model to generalise better and reducing the risk of overfitting.
This methodology benefits from the different decision boundaries proposed by each method, thereby offering broad and comprehensive predictions.
The stark contrast between DNN’s poor performance on raw data (10.2% accuracy) and its superb performance with feature selection methods (reaching 99.6%) highlights the importance of dimensionality reduction in DL models. In addition, the model’s strength and robustness are attributable to its broad feature selection and validation processes. The use of feature selection methods based on feature importance not only enhances transparency in ML and DL classifications but also offers insights that can aid cybersecurity specialists in recognising and highlighting risk factors. Using different feature selection algorithms, we identified significant correlations between various network traffic features and specific types of attacks. Understanding these relationships is crucial for enhancing the effectiveness of IDSs, particularly in IoT environments where security vulnerabilities are prevalent.
In addition to classification accuracy improvements, this study contributes by explicitly identifying key network features (e.g., id.resp_p, service, fwd_init_window_size and flow_SYN_flag_count) that could serve as early indicators of intrusion in AIoT environments, aiding proactive and targeted security measures.
Reducing the number of features from 83 to a subset of 5–32 can significantly lower computational costs, leading to faster processing times and reduced memory usage. This reduction is particularly beneficial for real-time systems, where efficiency is crucial [53].
The use of feature selection methods with PCA enhanced intrusion prediction in almost all cases. The results were particularly promising when Pearson analysis was used with PCA. This suggests that the classifiers’ performance is not always efficient when a large number of features are used, but all the classifiers had remarkable results when Pearson–PCA was used. Among the prediction models, Pearson–PCA with ANN performed best, with 99.7% accuracy. The achieved high accuracy (99.7%) is particularly significant, as it indicates that our proposed model closely approaches performance suitable for real-world AIoT deployments. However, achieving near-perfect accuracy in real-world conditions remains challenging due to evolving attack patterns and variability in network environments. This emphasises the necessity for the continuous updating and validation of models on new and diverse datasets. The proposed model significantly decreased the false positive rate while remarkably increasing the prediction rate and accuracy by considering a wide range of assessment indicators. Thus, this study highlights the importance of moving towards anomaly detection methods rather than relying only on signature-based approaches for improved intrusion detection.
Although our proposed model achieved high accuracy on the RT-IoT2022 dataset, practical deployment would require periodic retraining with updated data to accommodate emerging attack patterns. Future research should involve evaluating the model’s performance with new and varied datasets or in live network environments.
From a practical security perspective, even a small false-negative rate (0.3%) could represent a notable risk in scenarios with high network traffic volumes. Nevertheless, our model’s very high precision (~99%) is particularly encouraging, as it suggests a very low false-positive rate. This is beneficial for deployment as it minimises unnecessary alerts and operational disruptions.
Finally, to assess the performance of our proposed model, we compared it with the ML and DL techniques discussed in the most recent intrusion detection literature. The proposed model precisely identified unusual activities and outperformed the other approaches in the hold-out tests, as shown in Table 9.
While our approach achieved high performance, no oversampling or class-weighting techniques were employed to address dataset imbalance in this study. Therefore, future work will involve applying oversampling methods, such as SMOTE, to further validate and enhance the robustness of the model.
In practical operational scenarios, our proposed intrusion detection model could be deployed centrally to analyse network-wide data or directly on edge IoT devices. Given the substantial dimensionality reduction achieved through feature selection and PCA (from 83 to as few as 5 features), the model becomes computationally lightweight, making it highly suitable for resource-constrained edge environments, thus enabling effective real-time threat detection with reduced computational and bandwidth requirements.

6. Conclusions

In this study, we aimed to find the best data dimensionality reduction technique for predicting unusual network activity patterns. Using a complete set of attributes is impractical when system assets need to be considered. We proposed the use of feature selection methods with PCA to enhance DL algorithms’ prediction of unusual network activity patterns. From the 83 given input variables, we selected five variables and achieved promising intrusion prediction results. Among the prediction models, Pearson–PCA with ANN performed best, with 99.7% accuracy. Pearson analysis derived features correlated with the attack type in network traffic, such as fwd_init_window_size, id.resp_p, service and flow_SYN_flag_count.
Our approach can be employed in many real-life applications related to anomaly-based IDSs to analyse huge datasets and recognise the risk factors involved. This is particularly relevant for AIoT systems, where computational efficiency and high detection accuracy are critical for securing resource-constrained environments. Although the proposed model achieved superior results, it requires improvement. Specifically, the dataset used in this study is imbalanced as it has an unequal distribution of classes, leading to a possible bias in the trained model. In future work, oversampling methods need to be deployed to decrease overfitting and training time and to enhance the accuracy of the proposed model. This involves dividing the dataset into training and testing sets and establishing balanced representations of several attacks and normal activities. Furthermore, evaluating the proposed model in real-time AIoT environments, such as edge devices or smart cities, could provide deeper insights into its scalability and practicality.
In addition, the impact of this study’s findings would be further strengthened by validating them through experimental studies with other datasets related to intrusion detection. Finally, more complex models could be developed to improve the prediction of network attacks, including lightweight, explainable AI techniques tailored to AIoT devices.

Author Contributions

Conceptualization, F.A. and M.A.; methodology, F.A. and M.A.; software, F.A. and M.A.; validation, F.A. and M.A.; formal analysis, F.A. and M.A.; investigation, F.A. and M.A.; resources, F.A. and M.A.; data curation, F.A. and M.A.; writing—original draft preparation, F.A. and M.A.; writing—review and editing, F.A. and M.A.; supervision, F.A. and M.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The original contributions presented in this study are included in the article. Further inquiries can be directed to the corresponding author.

Conflicts of Interest

The authors declare no conflict of interest.

Abbreviations

AbbreviationMeaning
AIoTArtificial Intelligence of Things
IoTInternet of Things
IDSIntrusion Detection System
MLMachine Learning
DLDeep Learning
PCAPrincipal Component Analysis
ANNArtificial Neural Network
DNNDeep Neural Network
TabNetAttentive Interpretable Tabular Learning Network
CNNConvolutional Neural Network
LSTMLong Short-Term Memory
SSHSecure Shell
DDoSDistributed Denial of Service
MQTTMessage Queuing Telemetry Transport
GRGain Ratio
IGInformation Gain
CFSCorrelation-Based Feature Subset Selection
SUSymmetrical Uncertainty
RT-IoT2022Real-Time IoT Dataset (2022)
UCIUniversity of California, Irvine

References

  1. Adhicandra, I.; Tanwir, T.; Asfahani, A.; Sitopu, J.W.; Irawan, F. Latest innovations in Internet of Things (IoT): Digital transformation across industries. Innov. J. Soc. Sci. Res. 2024, 4, 1027–1037. [Google Scholar]
  2. Baranitharan, B.; Prabhkar, G.; Chandran, K.; Vairavel, D.K.; Murugesan, R.; Gheisari, M. Revolutionizing agriculture: A comprehensive review of IoT farming technologies. Recent Adv. Comput. Sci. Commun. 2024, 17, 1–13. [Google Scholar] [CrossRef]
  3. Erasto Muwanga, K.; Muwanguzi, E. End user security using smart devices with ability to access IoT services. Int. J. Innov. Sci. Res. Technol. (IJISRT) 2024, 9, 2805–2810. [Google Scholar]
  4. Tawffaq, M.R.; Jasim, M.A.; Mejbel, B.G.; Issa, S.S.; Alamro, L.; Shulha, V.; Aram, E. IoT Security in a Connected World: Analyzing Threats, Vulnerabilities, and Mitigation Strategies. In Proceedings of the 36th Conference of Open Innovations Association (FRUCT), Helsinki, Finland, 30 October–1 November 2024; pp. 626–638. [Google Scholar]
  5. Han, W.; Peng, J.; Yu, J.; Kang, J.; Lu, J.; Niyato, D. Heterogeneous data-aware federated learning for intrusion detection systems via Meta-sampling in artificial intelligence of things. IEEE Internet Things J. 2024, 11, 13340–13354. [Google Scholar]
  6. Dangwal, G.; Wazid, M.; Nizam, S.; Chamola, V.; Das, A.K. Automotive cybersecurity scheme for intrusion detection in can-driven artificial intelligence of things. Secur. Priv. 2024, 8, e483. [Google Scholar] [CrossRef]
  7. Stanko, A.; Duda, O.; Mykytyshyn, A.; Totosko, O.; Koroliuk, R. Artificial intelligence of things (AIoT): Integration challenges, and security issues. In Proceedings of the BAIT’2024: The 1st International Workshop on “Bioinformatics and Applied Information Technologies”, Zboriv, Ukraine, 2–4 October 2024. [Google Scholar]
  8. Altulaihan, E.; Almaiah, M.A.; Aljughaiman, A. Anomaly detection IDs for detecting DoS attacks in IoT networks based on machine learning algorithms. Sensors 2024, 24, 713. [Google Scholar] [CrossRef]
  9. Krishna Prasanth Brahmaji, K. Edge computing and analytics for IoT devices: Enhancing real-time decision making in smart environments. Int. J. Multidiscip. Res. 2024, 6. [Google Scholar] [CrossRef]
  10. Rajasekar, P.; Bhosale, R.S.; Indhumathi, C.; Sandeep, K.V.; Rajendiran, M. Real-time Stream Processing in IoT Environments. In Proceedings of the Ninth International Conference on Science Technology Engineering and Mathematics (ICONSTEM), Chennai, India, 4–5 April 2024; pp. 1–5. [Google Scholar]
  11. Ameloot, T.; Rogier, H.; Van Torre, P.; Moeneclaey, M. Balancing computational efficiency and detection accuracy in oversampled frequency-shift chirp modulation. IEEE Internet Things J. 2024, 11, 14216–14227. [Google Scholar] [CrossRef]
  12. Quincozes, V.E.; Quincozes, S.E.; Albuquerque, C.; Passos, D.G.; Massé, D. Efficient Feature Selection for Intrusion Detection Systems with Priority Queue-Based GRASP. In Proceedings of the IEEE 13th International Conference on Cloud Networking (CloudNet), Rio de Janeiro, Brazil, 27–29 November 2024; pp. 1–8. [Google Scholar]
  13. Bhandari, S.; Kukreja, A.K.; Lazar, A.; Sim, A.; Wu, K. Feature Selection Improves Tree-based Classification for Wireless Intrusion Detection. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics, Stockholm, Sweden, 23 June 2020. [Google Scholar]
  14. Musthafa, M.B.; Huda, S.; Kodera, Y.; Ali, M.A.; Araki, S.; Mwaura, J.; Nogami, Y. Optimizing IoT intrusion detection using balanced class distribution, feature selection, and ensemble machine learning techniques. Sensors 2024, 24, 4293. [Google Scholar] [CrossRef]
  15. Nazifi Kagara, B. Comparative study on feature selection techniques in intrusion detection systems using ensemble classifiers. Int. J. Innov. Comput. 2021, 11, 27–33. [Google Scholar]
  16. Shukla, S.; Singh, J.; Ramya, T.; Rahul, S.; Mallick, A.K.; Pandey, P. Enhancing Cloud Computing Security through Deep Learning and Attention Mechanism Intrusion Detection Systems. In Proceedings of the 4th International Conference on Intelligent Technologies (CONIT), Bangalore, India, 21–23 June 2024; pp. 1–5. [Google Scholar]
  17. Idouglid, L.; Tkatek, S.; Elfayq, K.; Guezzaz, A. Next-gen security in IIoT: Integrating intrusion detection systems with machine learning for industry 4.0 resilience. Int. J. Electr. Comput. Eng. (IJECE) 2024, 14, 3512–3521. [Google Scholar]
  18. Chandana Swathi, G.; Kishor Kumar, G.; Siva Kumar, A.P. ECBoA-OFS: An ensemble classification model for botnet attacks based on optimal feature selection using CPR in IoT. J. Mach. Comput. 2024, 4, 870–885. [Google Scholar]
  19. Almohaimeed, M.; Albalwy, F. Enhancing IoT network security using feature selection for intrusion detection systems. Appl. Sci. 2024, 14, 11966. [Google Scholar] [CrossRef]
  20. Shu, X.; Ye, Y. Knowledge discovery: Methods from data mining and machine learning. Soc. Sci. Res. 2023, 110, 102817. [Google Scholar] [PubMed]
  21. Soltani, M.; Khajavi, K.; Jafari Siavoshani, M.; Jahangir, A.H. A multi-agent adaptive deep learning framework for online intrusion detection. Cybersecurity 2024, 7, 9. [Google Scholar]
  22. Sajid, M.; Malik, K.R.; Almogren, A.; Malik, T.S.; Khan, A.H.; Tanveer, J.; Rehman, A.U. Enhancing intrusion detection: A hybrid machine and deep learning approach. J. Cloud Comput. 2024, 13, 123. [Google Scholar]
  23. Kanna, P.R.; Santhi, P. Unified deep learning approach for efficient intrusion detection system using integrated spatial–temporal features. Knowl.-Based Syst. 2021, 226, 107132. [Google Scholar]
  24. Henry, A.; Gautam, S.; Khanna, S.; Rabie, K.; Shongwe, T.; Bhattacharya, P.; Sharma, B.; Chowdhury, S. Composition of hybrid deep learning model and feature optimization for intrusion detection system. Sensors 2023, 23, 890. [Google Scholar] [CrossRef]
  25. Dina, A.S.; Siddique, A.; Manivannan, D. A deep learning approach for intrusion detection in Internet of Things using focal loss function. Internet Things 2023, 22, 100699. [Google Scholar]
  26. Awad, A.A.; Ali, A.F.; Gaber, T. An improved long short term memory network for intrusion detection. PLoS ONE 2023, 18, e0284795. [Google Scholar]
  27. Shaji, N.S.; Jain, T.; Muthalagu, R.; Pawar, P.M. Deep-discovery: Anomaly discovery in software-defined networks using artificial neural networks. Comput. Secur. 2023, 132, 103320. [Google Scholar]
  28. Nguyen, D.-T.; Le, K.-H. The robust scheme for intrusion detection system in internet of things. Internet Things 2023, 24, 100999. [Google Scholar]
  29. Chen, Y.; Zhao, C. Application of deep learning model in computer data mining intrusion detection. Appl. Math. Nonlinear Sci. 2023, 8, 2131–2140. [Google Scholar] [CrossRef]
  30. Wang, X.; Wang, Y.; Javaheri, Z.; Almutairi, L.; Moghadamnejad, N.; Younes, O.S. Federated deep learning for anomaly detection in the internet of things. Comput. Electr. Eng. 2023, 108, 108651. [Google Scholar]
  31. Saba, T.; Rehman, A.; Sadad, T.; Kolivand, H.; Bahaj, S.A. Anomaly-based intrusion detection system for IoT networks through deep learning model. Comput. Electr. Eng. 2022, 99, 107810. [Google Scholar] [CrossRef]
  32. Abusitta, A.; de Carvalho, G.H.; Wahab, O.A.; Halabi, T.; Fung, B.C.; Al Mamoori, S. Deep learning-enabled anomaly detection for IoT systems. Internet Things 2023, 21, 100656. [Google Scholar]
  33. Abdelmoumin, G.; Rawat, D.B.; Rahman, A. On the performance of machine learning models for anomaly-based intelligent intrusion detection systems for the internet of things. IEEE Internet Things J. 2021, 9, 4280–4290. [Google Scholar]
  34. Ullah, I.; Mahmoud, Q.H. Design and development of RNN anomaly detection model for IoT networks. IEEE Access 2022, 10, 62722–62750. [Google Scholar]
  35. Jia, Y.; Lin, F.; Sun, Y. A novel federated learning aggregation algorithm for AIoT intrusion detection. IET Commun. 2024, 18, 429–436. [Google Scholar] [CrossRef]
  36. Ferrag, M.A.; Friha, O.; Hamouda, D.; Maglaras, L.; Janicke, H. Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 2022, 10, 40281–40306. [Google Scholar]
  37. Zegarra Rodriguez, D.; Daniel Okey, O.; Maidin, S.S.; Umoren Udo, E.; Kleinschmidt, J.H. Attentive transformer deep learning algorithm for intrusion detection on IoT systems using automatic Xplainable feature selection. PLoS ONE 2023, 18, e0286652. [Google Scholar]
  38. Sharmila, B.S.; Nagapadma, R. RT-IoT2022; UC Irvine Machine Learning Repository: Irvine, CA, USA, 2023. [Google Scholar] [CrossRef]
  39. Sharmila, B.; Nagapadma, R. Quantized autoencoder (QAE) intrusion detection system for anomaly detection in resource-constrained IoT devices using RT-IoT2022 dataset. Cybersecurity 2023, 6, 41. [Google Scholar] [CrossRef]
  40. Bharadiya, J.P. The role of machine learning in transforming business intelligence. Int. J. Comput. Artif. Intell. 2023, 4, 16–24. [Google Scholar]
  41. Pande, S.; Khamparia, A.; Gupta, D. Feature selection and comparison of classification algorithms for wireless sensor networks. J. Ambient Intell. Humaniz. Comput. 2023, 14, 1977–1989. [Google Scholar]
  42. Moslemi, A. A tutorial-based survey on feature selection: Recent advancements on feature selection. Eng. Appl. Artif. Intell. 2023, 126, 107136. [Google Scholar]
  43. Masoudi-Sobhanzadeh, Y.; Motieghader, H.; Masoudi-Nejad, A. FeatureSelect: A software for feature selection based on machine learning approaches. BMC Bioinform. 2019, 20, 170. [Google Scholar]
  44. Abdi, H.; Williams, L.J. Principal component analysis. Wiley Interdiscip. Rev. Comput. Stat. 2010, 2, 433–459. [Google Scholar]
  45. Zou, J.; Han, Y.; So, S.-S. Overview of artificial neural networks. In Artificial Neural Networks: Methods And Applications; Humana Press: Totowa, NJ, USA, 2009; pp. 14–22. [Google Scholar]
  46. Arik, S.Ö.; Pfister, T. abnet: Attentive Interpretable Tabular Learning. In Proceedings of the AAAI Conference on Artificial Intelligence, Online, 2–9 February 2021; pp. 6679–6687. [Google Scholar]
  47. Hwang, Y.; Song, J. Recent deep learning methods for tabular data. Commun. Stat. Appl. Methods 2023, 30, 215–226. [Google Scholar] [CrossRef]
  48. Otokwala, U.; Petrovski, A.; Kalutarage, H. Optimized common features selection and deep-autoencoder (OCFSDA) for lightweight intrusion detection in Internet of Things. Int. J. Inf. Secur. 2024, 23, 2559–2581. [Google Scholar]
  49. Gaur, V.; Kumar, R. Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices. Arab. J. Sci. Eng. 2022, 47, 1353–1374. [Google Scholar] [CrossRef]
  50. Chen, Y.; Li, J.; Guo, N. Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment. Int. J. Inf. Secur. 2023, 22, 679–689. [Google Scholar]
  51. Muruganandam, S.; Joshi, R.; Suresh, P.; Balakrishna, N.; Kishore, K.H.; Manikanthan, S. A deep learning based feed forward artificial neural network to predict the K-barriers for intrusion detection using a wireless sensor network. Meas. Sens. 2023, 25, 100613. [Google Scholar] [CrossRef]
  52. Sharma, B.; Sharma, L.; Lal, C. Anomaly-Based DNN Model for Intrusion Detection in IoT and Model Explanation. In Proceedings of the Second International Conference on Computational Electronics for Wireless Communications, Surathkal, India, 9–10 June 2022; Springer: Singapore, 2023. [Google Scholar]
  53. Chen, R.-C.; Dewi, C.; Huang, S.-W.; Caraka, R.E. Selecting critical features for data classification based on machine learning methods. J. Big Data 2020, 7, 52. [Google Scholar] [CrossRef]
Systems 13 00231 g001
Figure 1. Diagram of the proposed predictive network detection model.
Figure 1. Diagram of the proposed predictive network detection model.
Systems 13 00231 g001
Systems 13 00231 g002
Figure 2. Representations of the ANN and DNN architectures [43].
Figure 2. Representations of the ANN and DNN architectures [43].
Systems 13 00231 g002
Systems 13 00231 g003
Figure 3. TabNet encoder architecture [44].
Figure 3. TabNet encoder architecture [44].
Systems 13 00231 g003
Systems 13 00231 g004
Figure 4. Classification accuracy comparison of ANN, DNN and TabNet classifiers under three scenarios: without feature selection (No FS), with feature selection (FS), and with feature selection combined with PCA (FS + PCA).
Figure 4. Classification accuracy comparison of ANN, DNN and TabNet classifiers under three scenarios: without feature selection (No FS), with feature selection (FS), and with feature selection combined with PCA (FS + PCA).
Systems 13 00231 g004
Systems 13 00231 g005
Figure 5. Comparison of the cumulative variances of the first 10 principal components obtained from using PCA alone and with different feature selection strategies to identify the best representative features from the dataset. The figure shows low-dimensional representation of the dataset using: (a) PCA alone, (b) CFS–PCA, (c) Pearson analysis–PCA, (d) GR–PCA, (e) IG–PCA and (f) Symmetrical Uncertainty–PCA.
Figure 5. Comparison of the cumulative variances of the first 10 principal components obtained from using PCA alone and with different feature selection strategies to identify the best representative features from the dataset. The figure shows low-dimensional representation of the dataset using: (a) PCA alone, (b) CFS–PCA, (c) Pearson analysis–PCA, (d) GR–PCA, (e) IG–PCA and (f) Symmetrical Uncertainty–PCA.
Systems 13 00231 g005
Table 1. Comparative Summary of IDS Methods.
Table 1. Comparative Summary of IDS Methods.
Ref.StudyDatasetsMethods/ApproachAccuracy
[21]Soltani et al. (2024)CIC-IDS2017, CSE-CIC-IDS2018CNN, LSTM95.00%
[22]Sajid et al. (2024)UNSW-NB15, NSL-KDDCNN–LSTM, XGBoost–LSTM98.40%
[23]Kanna et al. (2021)NSL-KDD, ISCX-IDS, UNSWNB15Optimised CNN–HMLSTM90.67%
[24]Henry et al. (2023)CICIDS-2017CNN–GRU98.73%
[25]Dina et al. (2023)WUSTL-IIoT-2021FNN–CNN with Focal Loss98.95%
[26]Awad et al. (2023)NSL-KDDImproved LSTM93.09%
[35]Jia et al. (2024)Distributed IoT datasetsFederated Dynamic Gravitational Search Algorithm97.80%
[36]Ferrag et al. (2022)Edge-IIoTsetMultiple ML and DL (Best: RF, DNN)99% (RF)
[37]Okey et al. (2023)CIC-IDS2017, CSE-CIC-IDS2018, CIC-DDoS2019TabNet (Attention-Based)97–98%
Table 2. Tuning parameters for ANN classifier.
Table 2. Tuning parameters for ANN classifier.
ParameterValue
Number of Layers1 hidden layer
Neurons per Layer100
Activation FunctionReLU
OptimiserAdam
Learning Rate0.001
Batch Size32
Epochs100
Table 3. Tuning parameters for DNN classifier.
Table 3. Tuning parameters for DNN classifier.
ParameterValue
Number of Layers3 hidden layers
Neurons per Layer500, 100 and 50, respectively
Activation FunctionReLU
OptimiserAdam
Learning Rate0.001
Batch Size32
Epochs20
Table 4. Tuning parameters for TabNet classifier.
Table 4. Tuning parameters for TabNet classifier.
ParameterValue
Number of Decision Steps5
Relaxation Factor (gamma)1.5
Sparsity Coefficient0.0001
OptimiserAdam
Learning Rate0.02
Batch Size1024
Epochs100
Table 5. Results of the use of DL classification methods alone. The best results for the classifiers are presented in bold.
Table 5. Results of the use of DL classification methods alone. The best results for the classifiers are presented in bold.
Performance →
Classifier ↓		AccuracyPrecisionRecallF1 Score
ANN9293.29292
TabNet9496.194.193.7
DNN10.210101.8
Note: The arrow “→” in the column header ‘Performance →’ indicates that the subsequent columns represent different performance metrics. The arrow “↓” in the first column ‘Classifier ↓’ indicates that the rows below list the different classifiers used.
Table 6. Results of the use of DL classifiers with feature selection (FS) techniques. The best results for each classifier are presented in bold.
Table 6. Results of the use of DL classifiers with feature selection (FS) techniques. The best results for each classifier are presented in bold.
ClassifierFSAccuracyPrecisionRecallF1 Score
ANNCFS89.889.889.889.8
Pearson90.990.890.990.8
GR90.890.890.890.8
IG92.292.292.292.2
SU92.69392.692.4
TabNetCFS63.487.46570.5
Pearson99.299.299.299.2
GR96.296.396.295.9
IG94.294.494.293.7
SU98.998.998.998.8
DNNCFS99999999
Pearson99.499.499.499.4
GR99.599.599.599.5
IG97.797.897.797.5
SU99.499.499.499.4
Table 7. Results of the use of DL classifiers with FS techniques and PCA. The best results for each classifier are presented in bold.
Table 7. Results of the use of DL classifiers with FS techniques and PCA. The best results for each classifier are presented in bold.
ClassifierFSAccuracyPrecisionRecallF1 Score
ANNCFS + PCA98.698.698.698.6
Pearson + PCA99.799.699.799.6
GR + PCA99.599.599.599.5
IG + PCA97.997.997.997.7
SU + PCA99.599.599.599.5
TabNetCFS + PCA9696.695.996
Pearson + PCA99.399.399.399.3
GR + PCA99.299.299.299.2
IG + PCA96.795.796.796.1
SU + PCA98.398.298.398.2
DNNCFS + PCA98.798.798.798.7
Pearson + PCA99.699.699.699.5
GR + PCA99.699.599.699.5
IG + PCA98.198.198.198
SU + PCA99.699.699.699.6
Table 8. Confusion matrix for the ANN classifier with Pearson and PCA in the testing phase.
Table 8. Confusion matrix for the ANN classifier with Pearson and PCA in the testing phase.
Actual/PredictedNormalARP PoisoningDDOS
Slowloris		DOS SYN HpingMetasploit Brute Force SSHNMAP FIN SCANNMAP OS DETECTIONNMAP TCP ScanNMAP UDP SCANNMAP XMAS TREE SCAN
Normal37384700000010
ARP poisoning31229700000010
DDOS Slowloris0414900000230
DOS SYN Hping00028,353000000
Metasploit Brute Force SSH0210400000
NMAP FIN SCAN0000070000
NMAP OS DETECTION000000566000
NMAP TCP Scan010000030900
NMAP UDP SCAN580000007860
NMAP XMAS TREE SCAN000000000602
Table 9. Comparison of the proposed methods with the latest intrusion detection system techniques.
Table 9. Comparison of the proposed methods with the latest intrusion detection system techniques.
StudyDatasetsMethodsAccuracy (%)
[21]CIC-IDS2017, CSE-CIC-IDS2018CNN, LSTM95.00
[22]UNSW-NB15, NSL-KDDCNN–LSTM, XGBoost–LSTM98.40
[24]CICIDS-2017CNN–GRU98.73
[25]WUSTL-IIoT-2021FNN–Focal98.95
[26]NSL-KDD datasetILSTM93.09
[23]NSL-KDD, ISCX-IDS, UNSWNB15OCNN–HMLSTM90.67
[19]RT-IoT2022Combined feature selections–MLP96.40
Current studyRT-IoT2022Pearson–PCA with ANN99.70
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Albalwy, F.; Almohaimeed, M. Advancing Artificial Intelligence of Things Security: Integrating Feature Selection and Deep Learning for Real-Time Intrusion Detection. Systems 2025, 13, 231. https://doi.org/10.3390/systems13040231

AMA Style

Albalwy F, Almohaimeed M. Advancing Artificial Intelligence of Things Security: Integrating Feature Selection and Deep Learning for Real-Time Intrusion Detection. Systems. 2025; 13(4):231. https://doi.org/10.3390/systems13040231

Chicago/Turabian Style

Albalwy, Faisal, and Muhannad Almohaimeed. 2025. "Advancing Artificial Intelligence of Things Security: Integrating Feature Selection and Deep Learning for Real-Time Intrusion Detection" Systems 13, no. 4: 231. https://doi.org/10.3390/systems13040231

APA Style

Albalwy, F., & Almohaimeed, M. (2025). Advancing Artificial Intelligence of Things Security: Integrating Feature Selection and Deep Learning for Real-Time Intrusion Detection. Systems, 13(4), 231. https://doi.org/10.3390/systems13040231

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop