An Intelligent Ensemble Learning Approach for Accurate Attack Detection in Large Scale Internet of Things Networks

Abstract

The expansion of Internet of Things (IoT) technology presents significant security challenges for large-scale, heterogeneous, and resource-constrained networks. Intrusion Detection Systems are crucial for safeguarding IoT systems against advanced assaults. This research assesses the RT-IoT2022 dataset utilizing K-Nearest Neighbors, Support Vector Machine, Decision Tree, Gradient Boost, XGBoost, Random Forest, Extra Trees, and LightGBM algorithms. SMOTEENN sampling is utilized for feature selection to address class imbalance and enhance robustness. A Voting Classifier ensemble that combines Random Forest, Extra Trees, and LightGBM attains optimal performance, achieving 99.9% in accuracy, precision, recall, and F1 score, surpassing all individual algorithms. Explainable AI methodologies, such as LIME and SHAP, are utilized to elucidate feature impact and bolster confidence in forecasts. The optimized ensemble is deployed in real-time through a Flask-based web application, facilitating interactive intrusion detection. The system categorizes traffic into attack classifications including DOS_SYN_Hping, Thing_Speak, ARP_poisoning, MQTT_Publish, NMAP_UDP_SCAN, NMAP_XMAS_TREE_SCAN, NMAP_OS_DETECTION, NMAP_TCP_SCAN, DDOS_Slowloris, Wipro_bulb, Metasploit_Brute_Force_SSH, and NMAP_FIN_SCAN. The proposed architecture provides precise, interpretable, and scalable intrusion detection appropriate for next-generation IoT security monitoring in dynamic real-world threat conditions.