A two-tier hybrid ensemble learning pipeline for intrusion detection systems in IoT networks

With an increasing number of network devices, the need for a robust intrusion detection system is also increasing for ensuring ubiquitous and secure Internet of Things (IoT) network traffic flow. Most of the existing intrusion detection systems do not consider the dataset imbalance and model maintenance, subsequently this leads to high bias, high false positive and false negative rates leading to security breaches. To mitigate these shortcomings, an ensemble learning model is proposed to detect anomalous behaviour in IoT network flow. The proposed machine learning pipeline uses voting between a random forest classifier and an XGBoost classifier, thus combining the bagging and the boosting algorithms, to classify the network flow as normal or anomalous. The proposed model is trained on two standard benchmark datasets: UNSW-NB15 and BoT-IoT and it attained an accuracy of 99.7% and 99.66% respectively with false positive rates of 0.0027 and 0.0042 over the two datasets with 10 folds cross-validation. If the network flow is classified as anomalous, the category of anomaly is predicted for which accuracies of 99.53% and 99.65% are attained. With such high accuracies and low false positive rate, the proposed framework can be deployed to detect any malicious or anomalous behaviour in IoT networks in the real-world conditions like in smart cities. © 2022, The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature.