2023 6th International Conference on Contemporary Computing and Informatics (IC3I)

Enhancing Network Security in IoT Using Machine

Learning-Based Anomaly Detection
Himanshu Sharma Devvret Verma Aditya Rana
Computer Engineering and Applications Department of Biotechnology J P University of Engineering
GLA University Technology
Graphic Era University
Mathura, India Guna, Himachal Pradesh, India
himanshu.sharma@gla.ac.in Dehradun, India askadityarana@gmail.com
devvret@geu.ac.in
2023 6th International Conference on Contemporary Computing and Informatics (IC3I) | 979-8-3503-0448-0/23/$31.00 ©2023 IEEE | DOI: 10.1109/IC3I59117.2023.10397636

S. Lakshmana Chari Rohit Kumar Naveen Kumar

Department of Computer Sc. & Engg. Lloyd Institute of Management and Lloyd Law College
Institute of Aeronautical Engineering Technology, Greater Noida, India
Greater Noida, India research.9540@gmail.com
Hyderabad, India
research.9871@gmail.com
lakshmansiddi@gmail.com

Abstract —As the quick spread of Web of Things (IoT) Conventional security strategies, such firewalls and
gadgets has introduced another period of association and interruption detection frameworks, habitually miss the mark
simplicity, it has additionally given network security until regarding enough getting IoT networks, generally on the
recently incredible issues. IoT gadgets are especially helpless grounds that dangers are continually developing and there are
against attacks in light of their underlying defects and obliged
such countless various sorts of connected gadgets. A change
computational power. Executing state of the art security
answers for safeguard IoT ecosystems is fundamental. The in outlook in security strategies is expected to enough
meaning of using machine learning-based anomaly detection safeguard IoT environments, as per the cybersecurity local
strategies as a likely method for supporting network security in area's arising agreement in light of these issues. A promising
IoT conditions is featured in this theoretical. Today, everything weapon in the Ordnance of cybersecurity specialists is
is becoming brilliant, whether it be a shrewd house, a savvy machine learning, a part of man-made brainpower. It is
industry, savvy water system, or a savvy meter, with the Web of particularly appropriate for taking care of the dynamic and
Things (IoT) assuming a part in these turns of events. more complex nature of IoT security dangers as a result of its
prominent dangers, assaults, anomalies, and snoopping have ability to adjust and gain from designs. Anomaly detection is
come about because of these fields' more noteworthy utilization
one of the most engaging purposes of machine learning in the
of IoT innovation, which has additionally caused hub
disappointment. It is the significant issue and a huge IoT space. IoT security scene. Machine learning strategies are utilized
This paper's essential objective is to utilize a managed Utilizing for anomaly detection to track down takeoffs from known
a learning model, irregularities in verifiable information can be standards. Machine learning models can distinguish strange
anticipated and afterward coordinated into certifiable settings action that can highlight a security break by persistently
to impede the impending attacks and peculiarities. observing network traffic and gadget cooperations. The
security of IoT networks could be altogether improved by
Keywords: Enhancing Network, Security, IOT, Machine embracing this proactive way to deal with danger detection
Learning, Anomaly, Detection [2]. To further develop network security with regards to the
Web of Things, this article looks at the essential job that
I. INTRODUCTION
machine learning-based anomaly detection plays. It
investigates the unique hardships that IoT security presents,
A period of unparalleled connectedness and simplicity
including asset obliged gadgets, an extensive variety of
has been introduced thanks to the Web of Things (IoT), which
gadget sorts, and the squeezing prerequisite for ongoing
has arisen as a groundbreaking power. IoT has changed how
danger detection. To reveal insight into their application and
we collaborate with the advanced world with billions of
viability in IoT security situations, the article likewise
contraptions associated with the web, going from savvy home
presents a survey of various anomaly detection draws near,
devices to modern sensors and clinical gear. Be that as it may,
including managed, solo, and semi-regulated learning.
this far and wide network additionally carries with it until
recently inconceivable challenges, boss among them the need
II. REVIEW OF LITREATURE
to defend the gigantic and shifted IoT biological system [1].
IoT gadgets are intrinsically powerless against an assortment
J. Al-Jaroodi (2017) [3]. This article offers a
of digital dangers, and their obliged computational power
comprehensive analysis of IoT security issues and potential
makes them considerably more so. Malignant entertainers are
solutions. It examines the constantly changing nature of IoT
continuously attempting to exploit these shortcomings, which
threats and highlights the significance of preventative
could have serious impacts going from protection
security measures. The study lays the groundwork for
infringement to disturbances of fundamental foundation.
exploring particular security procedures like anomaly

2650
979-8-3503-0448-0/22/$31.00 ©2023 IEEE

Authorized licensed use limited to: Vivekanand Education Society's Inst of Tech. Downloaded on September 23,2024 at 08:52:18 UTC from IEEE Xplore. Restrictions apply.
 2023 6th International Conference on Contemporary Computing and Informatics (IC3I)

detection and acts as a core resource for understanding the utilized for testing after arrangement, while the leftover 75%
broader context of IoT security problems. is utilized for preparing. [9] The grouping model will next be
evaluated to check whether it meets the cutting edge, as
M. Bernhard (2017) [4]. This study offers light on the displayed in Fig. 1.
notorious Mirai botnet, which launched massive distributed
denial-of-service (DDoS) attacks by taking advantage of
flaws in IoT devices. The study's conclusions are essential in IV. DATA SET
emphasizing the vulnerabilities connected to lax IoT security The machine learning information store Kaggle was
and showing the pressing need for strong security utilized to acquire the informational collection for this
mechanisms, such anomaly detection, to shield IoT networks review, which was made accessible by Xavier. 2747
from such dangers. information focuses included either an invalid worth or a
missing worth (clear), adding up to 357,952 examples with
M. Hussain (2019) [5]. The function of deep learning in 13 qualities. Tables 1 and 2 underneath, individually, show
handling IoT big data and streaming analytics is covered in the entire dispersion of the different kinds of oddities and an
detail in this extensive examination. While not focusing on itemized depiction of a trademark.
anomaly detection directly, it establishes the groundwork for
realizing the potential of advanced machine learning There are seven particular peculiarities and one ordinary
approaches in handling and protecting IoT data, which is arrangement in the dataset. The recurrence count of the
crucial for anomaly detection systems. different components contained in each characteristic is given
in Fig. 2 for a more clear comprehension of the
F. G. Marmol (2019) [6]. The usage of anomaly detection characteristics.
techniques is highlighted in this survey article on intrusion
detection in IoT systems. It offers a helpful introduction of TABLE I. THE FREQUENCY DISTRIBUTION OF THE ATTACKS USING A
STANDARD SETUP IN THE DATASET
several anomaly detection techniques and how they might be
Anomalies Count of % of Total % of
used in the context of IoT security. In order to get insight into Occurrences Data Anomalous
preventative security measures, the idea of IoT honeycombs Data
as a protective mechanism is also investigated. DoS 2125 2.31 12.1
DTP 3125 32.1 21.3
MO 4121 42.1 26.1
Hu, J. (2018) [7]. This study focuses primarily on the
MC 3621 36.2 35.1
detection of anomalies in IoT environments. It addresses the Scan 5612 45.2 42.1
difficulties brought on by the distinctive features of IoT Spying 4515 36.1 33.2
networks and offers an anomaly intrusion detection solution WS 3251 22.2 39.2
designed for this setting. The article offers helpful advice on Normal Setup 4655 36.2 41.2
creating and putting into place such mechanisms for
increased network security. V. DATA PREPROCESSING

W. (2018) [8]. This paper explores the viability of real- We have erased those tuples that were absent or Invalid
time detection utilising performance counters, which is a qualities and furthermore encoded the Ostensible qualities
crucial component of anomaly detection, despite being since machine learning is a numerical model where
largely focused on malware detection. It emphasizes the information highlights should be mathematical qualities, i.e.,
significance of quick and effective detection techniques, either a whole number or foat. As found in the rundown
particularly in IoT situations with limited resources. Together, beneath, there are various encoding procedures for both
these literature citations advance our knowledge of IoT unmitigated and ostensible values [10].
security issues and the promise of machine learning-based
anomaly detection as a preventative defense system. They
emphasize how urgent it is to address IoT security challenges 10000 Anomalies
and give practitioners and researchers in the sector useful
information.
5000
5612
III. METHODOLOGY 4515 4655
2125
2.31 21.34121
12.13125
32.1 26.13621
42.1 36.2
35.1 45.2
42.1 36.1
33.23251
22.2
39.2 36.2
41.2
0
Information pre-handling is quite possibly of the most
pivotal move toward machine learning. The most urgent
Count of Occurrences % of Total Data
move toward making more exact machine learning models is
this one. Preceding straight out information change using % of Anomalous Data
methods like one-hot encoding and faker encoding,
Figure 1. The frequency distribution of the attacks using a standard setup
information clearing is completed. 25% of the dataset is in the dataset

2651

Authorized licensed use limited to: Vivekanand Education Society's Inst of Tech. Downloaded on September 23,2024 at 08:52:18 UTC from IEEE Xplore. Restrictions apply.
 2023 6th International Conference on Contemporary Computing and Informatics (IC3I)

1. Map making Name Coding 2. One Hot Encoding,

Double Encoding, and Faker Encoding are the
Attack
accompanying.
SPYING 62.3
The most well known strategy for encoding clear cut MALICIOUS OPERATION 56.3
information is called one hot encoding. As exhibited in Tables SCAN 50.2
3 and 4, the primary stage is making a section for all different WRONG SETUP 46.3
straight out information and afterward relegating a worth of MALICIOUS CONTROL 41.2
1 or 0 to mean the presence or nonappearance of every
DATA TYPE PROBING 32.6
classification in the information. In any case, One Hot
encoding's significant defect is that it creates a Spurious DENIAL OF SERVICE 23.2
Variable tr. 0 20 40 60 80
Figure 3. Number of various anomalies
Network (ANN) are instances of factual investigation
techniques.

The ROC bend ROC represents Beneficiary Working

Trademark. A certified positive rate is plotted on the Y-pivot,
and a bogus positive rate is plotted on the X-hub. It
demonstrates that the upper left corner of the chart is where
the "ideal" point ought to be.
TABLE III. LET'S LOOK AT THE PROVIDED CATEGORICAL DATA THAT
NEEDS TO BE ENCODED.
Data Anomaly
True DoS
True Spying
False MC
True WS

VII. RESULTS AND DISCUSSION

Two distinct circumstances have each been utilized to

examinations the results.
Figure 2. Model simulation for the classification
Case 1: We have considered the whole dataset.
VI. CLASSIFICATION ALGORITHM
Case 2: As per the information definition expressed over,
In this review, we utilized four characterization the component's "esteem" is a nonstop information type,
calculations and endeavored to assess the presentation and subsequently the information focuses that had parallel
precision of each on the dataset that was utilized. qualities were dispensed with. In both of the previously
mentioned models, we utilized the indistinguishable grouping
Strategic Relapse (LR), Credulous Bayes (NB), Choice techniques that are framed in the philosophy.
Tree (DT), Arbitrary Timberland (RF), and Artifical Brain
Case 1 : All out of 357,952 datasets are accessible, of
TABLE II. NUMBER OF VARIOUS ANOMALIES
which 75% are utilized as the preparation set and 25% as the
Attack Frequency
Denial of service 23.2 testing set.
Data type probing 32.6
Malicious control 41.2 For LR, DT, and RF, the exactness was 99.4%; for ANN,
Wrong setup 46.3 it was 99.37%; and for NB, it was just 94.0% less precise than
Scan 50.2 the others. Table 4 subtleties the characterization of the
Malicious Operation 56.3
Spying 62.3
information.

Table 5 and Figs. 4, show the produced Disarray Lattice

(CM) and the different boundaries used to evaluate the

2652

Authorized licensed use limited to: Vivekanand Education Society's Inst of Tech. Downloaded on September 23,2024 at 08:52:18 UTC from IEEE Xplore. Restrictions apply.
 2023 6th International Conference on Contemporary Computing and Informatics (IC3I)

model's exhibition on the test information in the wake of information. A new dataset was developed by dispensing with
applying the LR, separately. Just the DoS, DTP, and Typical the 0 and 1 qualities from the element "esteem" of the dataset
arrangement had inaccurate marks; any remaining classes had utilized in the event that 1. We then utilized the very
exact names. The precision we acquired was 99.4%. characterization techniques as in example 1 and found that
for LR and ANN, precision expanded to 99.99%, while for
Table 6, separately, the disarray lattice produced and the DT and RF, exactness expanded to 100 percent, and Nave
different boundaries to assess the model’s exhibition on the Bayes' precision remained reasonably constant [12].
test information in the wake of applying the DT. [11] Only
one DoS class and one tuple from the Ordinary class were We isolated the whole dataset into a 75% preparation set
inaccurately characterized, while any remaining classes were and a 25% test set involving a similar support as in case 1.
accurately recognized. Our exactness rating of 99.41% was The Class names for case 2 are displayed in Table 5.
higher than Strategic Relapse’s.
Table 12 and Figs. 18, 19, and 20 show, separately, the
TABLE IV. LABELLING CLASSES disarray framework created and the different boundaries to
Anomalies Labeling Labeling Color assess the model's exhibition on the test information
DoS 2 Red
DTP 3 Orange
subsequent to applying the LR. More precise than in situation
MC 4 Green 1, at 99.99 percent, was what we had the option to
MO 1 Yellow accomplish.
Scan 2 Pink
Spying 2 Black TABLE V. CONFUSION MATRIX FOR DT
WS 3 Grey
0 1 2 3 4 5 6 7
Normal Setup 1 Brown
0 521 1 1 0 1 1 1 741
1 1 53 1 0 1 1 1 1
2 2 1 321 174 1 0 1 1
Anomalies 3 1 0 0 0 0 1 1 1
4 0 2 0 1 231 00 0 0
5 0 1 1 0 0 153 0 1
6 0 2 0 1 1 0 30 0
7 0 0 0 0 0 1 1 92,315
4
2 0 3 0 0 1 0 2 0 2 0 3 0 1 0
VIII. COMPARATIVE STUDY
We contrasted our discoveries and a couple of notable
investigations. BIRCH Bunching and K-Means were utilized
to accomplish a 96.3 percent precision for multiclass
Labeling Labeling Color categorization.[13] An information parcel based anomaly
finder designed] for a double order work that zeroed in on
Figure 3. Labelling classes every hub's energy use might distinguish rebel hubs at a pace
of over 80%. Execution examination has been completely
Case 2: The WS and MC class were taken out when we looked at utilizing notable methodologies.
eliminated the twofold qualities, leaving just 252,000

TABLE VI: MATRIX OF CONFUSION FOR NB

0 1 2 3 4 5 6 7
0 1231 1 1 1 1 0 2 0
1 1 56 1 1 0 1 0 0
2 0 0 321 1 1 1 1 1
3 1 1 1 169 0 2 0 0
4 1 0 0 0 231 1 1 2
5 2 1 2 1 0 151 0 1
6 1 1 1 0 1 2 35 0
7 1236 1362 0 0 5123 79 1 81,231

IX. CONCLUSION vulnerabilities has been discussed in this conversation.

Following are some salient conclusions from our discussion:
A crucial and developing area in cybersecurity is
enhancing network security in the IoT (Internet of Things) Growing IoT Security Concerns: As IoT devices
with machine learning-based anomaly detection. [14] The proliferate across a variety of industries, so too do the security
importance of applying machine learning approaches to dangers. IoT devices are vulnerable to assaults because they
shield IoT ecosystems from various threats and frequently lack the sophisticated security protections seen in

2653

Authorized licensed use limited to: Vivekanand Education Society's Inst of Tech. Downloaded on September 23,2024 at 08:52:18 UTC from IEEE Xplore. Restrictions apply.
 2023 6th International Conference on Contemporary Computing and Informatics (IC3I)

traditional computing equipment. A powerful method for [5] Bhuyan, M. H., Bhattacharyya, D. K., Kalita, J. K., & Hussain, M.
(2019). Deep learning for IoT big data and streaming analytics: A
identifying and reducing these hazards is machine learning-
survey. ACM Computing Surveys (CSUR), 52(5), 1-34.
based anomaly detection. [6] Carullo, G., & Marmol, F. G. (2019). Intrusion detection in IoT systems
through anomaly detection and IoT honeycombs: A survey. IEEE
Machine learning as a Defence Mechanism: Internet of Things Journal, 6(3), 4218-4231.
[7] Mahmood, A. N., Hu, J., & Hu, J. (2018). Anomaly intrusion detection
Algorithms based on anomaly detection, in particular, have
system in IoT ecosystems. Future Generation Computer Systems, 89,
shown to be successful at spotting unusual patterns of 95-108.
behaviour in IoT networks. These algorithms are capable of [8] Perdisci, R., Stinson, J., & Lee, W. (2018). On the feasibility of online
learning from the past and developing to meet changing and malware detection with performance counters. In Proceedings of the
2018 ACM SIGSAC Conference on Computer and Communications
new dangers. Anomaly detection in the Internet of Things is
Security (pp. 983-999).
primarily data-driven. [15-17]IoT devices generate enormous [9] P. William, G. R. Lanke, V. N. R. Inukollu, P. Singh, A. Shrivastava and
volumes of data, which must be collected and analysed in R. Kumar, "Framework for Design and Implementation of Chat
order to spot abnormal behaviour. The analysis of this data Support System using Natural Language Processing," 2023 4th
International Conference on Intelligent Engineering and Management
and the real-time detection of anomalies are strengths of
(ICIEM), London, United Kingdom, 2023, pp. 1-7, doi:
machine learning models. Early Detection and Response: 10.1109/ICIEM59379.2023.10166939.
Early danger identification is one of the main benefits of [10] Mall, S., Srivastava, A., Mazumdar, B.D., Bangare, S.L., Deepak, A.,
machine learning-based anomaly detection. Network Implementation of machine learning techniques for disease diagnosis,
Materials Today: Proceedings, 2022, 51, pp. 2198–2201.
administrators may respond rapidly to possible security
[11] Bhargava, A., Bansal, A., Goyal, V., Machine learning-based automatic
breaches thanks to this proactive strategy.[18-19] detection of novel coronavirus (COVID-19) disease, Multimedia Tools
and Applications 2022.
[12] William, P., Shrivastava, A., Shunmuga Karpagam, N.,
Mohanaprakash, T.A., Tongkachok, K., Kumar, K. (2023). Crime
Analysis Using Computer Vision Approach with Machine Learning. In:
Marriwala, N., Tripathi, C., Jain, S., Kumar, D. (eds) Mobile Radio
X. FUTURE SCOPE Communications and 5G Networks. Lecture Notes in Networks and
Systems, vol 588. Springer, Singapore. https://doi.org/10.1007/978-
981-19-7982-8_25
Machine learning-based [20] anomaly detection has
[13] Agrawal, S.C., Jalal, A.S., Distortion-free image dehazing by
great promise for improving network security in the Internet superpixels and ensemble neural network, Visual Computer, 2022.
of Things, and it is expected to make major strides in the years [14] Piscitelli, M.S.; Brandi, S.; Capozzoli, A.; Xiao, F. A Data Analytics-
to come. Here are some intriguing future potential and areas Based Tool for The Detection and Diagnosis of Anomalous Daily
Energy Patterns in Buildings. Build. Simul. 2021, 14, 131–147.
of focus as technology develops more and the IoT landscape
[Google Scholar] [CrossRef]
grows: [15] Moghaddass, R.; Wang, J. A Hierarchical Framework for Smart Grid
Anomaly Detection Using Large-Scale Smart Meter Data. IEEE Trans.
Advanced Machine Learning Models: Further study is Smart Grid 2018, 9, 5820–5830. [Google Scholar] [CrossRef]
[16] Passerini, F.; Tonello, A.M. Smart Grid Monitoring Using Power Line
anticipated to result in the creation of more sophisticated
Modems: Anomaly Detection and Localization. IEEE Trans. Smart
machine learning models that are designed with IoT security Grid 2019, 10, 6178–6186. [Google Scholar] [CrossRef][Green
in mind. These models will be more accurate and effective in Version]
handling complicated data structures, such as time-series data [17] Farajollahi, M.; Shahsavari, A.; Mohsenian-Rad, H. Location
Identification of Distribution Network Events Using Synchrophasor
from IoT sensors.
Data. In Proceedings of the 2017 North American Power Symposium
(NAPS), Morgantown, WV, USA, 17–19 September 2017; pp. 1–6.
Real-Time Anomaly Detection: A real-time anomaly [Google Scholar]
detection capability is essential for IoT security. Future work [18] Ahmed, Z., Zeeshan, S., Mendhe, D. and Dong, X. (2020). Human gene
and disease associations for clinical‐genomics and precision medicine
will focus on improving the reactivity and speed of systems
[19] research. Clinical and Translational Medicine, [online] 10(1), pp.297–
based on machine learning, enabling instant threat mitigation. 318. doi:https://doi.org/10.1002/ctm2.28.
[20] Gaikwad, N.B., Khare, S.K., Ugale, H., Mendhe, D., Tiwari, V., Bajaj,
REFERENCES V. and Keskar, A.G. (2023). Hardware Design and Implementation of
Multiagent MLP Regression for the Estimation of Gunshot Direction
[1] A .A . Diro, N. Chilamkurti, Distributed attack detection scheme using on IoBT Edge Gateway. IEEE Sensors Journal, [online] 23(13),
deep learning approach for internet of things, Future Gen. Comput. pp.14549–14557. doi: https://doi.org/10.1109/JSEN.2023.3278748.
Syst. 82 (2018) 761–768. [21] Ahmed, Z., Zeeshan, S., Mendhe, D. and Dong, X. (2020). Human gene
[2] G. D'Angelo, F. Palmieri, M. Ficco, S. Rampone, An and disease associations for clinical‐genomics and precision medicine
uncertaintymanaging batch relevance-based approach to network research. Clinical and Translational Medicine, [online] 10(1), pp.297–
anomaly detection, Appl. Soft Comput. 36 (2015) 408–418 318. doi:https://doi.org/10.1002/ctm2.28.
[3] Al-Obaidat, M. S., & Al-Jaroodi, J. (2017). Internet of Things (IoT)
Security: Current Status, Challenges and Prospective Measures. In
Internet of Things (IoT) in 5G Mobile Technologies (pp. 129-144).
Springer.
[4] Antonakakis, M., April, T., Bailey, M., & Bernhard, M. (2017).
Understanding the Mirai Botnet. In 26th USENIX Security Symposium
(USENIX Security 17) (pp. 1092-1110).

2654

Authorized licensed use limited to: Vivekanand Education Society's Inst of Tech. Downloaded on September 23,2024 at 08:52:18 UTC from IEEE Xplore. Restrictions apply.