Effective Intrusion Detection System Research Articles

Development Cyber Risk Assessment for Intrusion Detection Using Enhanced Random Forest

In cybersecurity, the lack of statistical data on cyber-attacks presents a significant challenge from an insurance perspective, hindering the accurate calculation of insurance premiums, furthermore assessing cybersecurity risk exposure and identifying high-risk threat categories. Effective intrusion detection systems (IDS) are paramount in addressing these issues. This research introduces a sophisticated cyber risk assessment model utilizing the Random Forest classification algorithm, tailored explicitly for IDS, and leverages the comprehensive CIC-IDS 2017 dataset. The central objective was to engineer robust models capable of classifying a broad array of cyber threats, focusing on classification accuracy. The model achieved an accurate average classification rate of 96.94% through systematic experimentation and hyperparameter tuning.This study found that 'n_estimators' values of 10 to 300 did not affect cyberattack performance. It was also shown that Bagging and bootstrapping improve model stability by mitigating variance and improving accuracy without many trees. Model performance was high, with an average F1-Score of 97.86%. Cyber-attack statistics are scarce, and from an insurance perspective, the lack of statistical data on cyber-attacks hinders the calculation of insurance premiums. Risk assessment allows for informed self-insurance or risk transfer processes ensuring that policies align with risk management strategies and premium calculations.

PLLM-CS: Pre-trained Large Language Model (LLM) for cyber threat detection in satellite networks

Satellite networks are vital in facilitating communication services for various critical infrastructures. These networks can seamlessly integrate with a diverse array of systems. However, some of these systems are vulnerable due to the absence of effective intrusion detection systems, which can be attributed to limited research and the high costs associated with deploying, fine-tuning, monitoring, and responding to security breaches. To address these challenges, we propose a pre-trained Large Language Model for Cyber Security, for short PLLM-CS, which is a variant of pre-trained Transformers, which includes a specialized module for transforming network data into contextually suitable inputs. This transformation enables the proposed LLM to encode contextual information within the cyber data. To validate the efficacy of the proposed method, we conducted empirical experiments using two publicly available network datasets, UNSW_NB 15 and TON_IoT, both providing Internet of Things (IoT)-based traffic data. Our experiments demonstrate that proposed LLM method outperforms state-of-the-art techniques such as BiLSTM, GRU, and CNN. Notably, the PLLM-CS method achieves an outstanding accuracy level of 100% on the UNSW_NB 15 dataset, setting a new standard for benchmark performance in this domain.

Automatic Intrusion Detection Model with Secure Data Storage on Cloud Using Adaptive Cyclic Shift Transposition with Enhanced ANFIS Classifier

Cloud computing has emerged as a pivotal technology in the computer electronics industry, offering users significant computing power and ample storage space. Security threats pose significant challenges to the progression of cloud computing, hindering its growth in the industry. Detecting intrusions is crucial for protecting cloud environments from harmful attacks. However, due to the complexity and vast amount of network data, building effective intrusion detection systems (IDS) for cloud setups is difficult. Traditional IDS have struggled to effectively mitigate these risks. To overcome these problems, we propose a novel feature selection technique with deep learning classifier-based intrusion detection and avoidance in a cloud environment. The suggested model is divided into four phases: feature selection, pre-processing, classification, and encryption. The initial step involves gathering the data from the dataset and pre-processing it. The Adaptive Walrus Optimization Algorithm (AWO) is then used to choose select optimal features, aiming to mitigate computational complexity and reduce time consumption. These selected features are then fed into an enhanced Adaptive Neuro-Fuzzy Inference System (EANFIS) classifier for accurate classification of normal and intruded data. Following classification, normal data undergoes encryption using the Adaptive Cyclic Shift Transposition (ACST) Algorithm to bolster security.For experimental evaluation two datasets used namely, KDDCup-99 and NSL-KDD. The proposed method notably achieves impressive accuracy rates of 98.47% for the NSL KDD dataset and 98.97% for the KDD-CUP99 dataset.

A novel and an effective intrusion detection system using machine learning techniques

A novel and an effective intrusion detection system using machine learning techniques

Image-based intrusion detection system for GPS spoofing cyberattacks in unmanned aerial vehicles

The operations of unmanned aerial vehicles (UAVs) are susceptible to cybersecurity risks, mainly because of their firm reliance on the Global Positioning System (GPS) and radio frequency (RF) sensors. GPS and RF sensors are vulnerable to potential threats, such as spoofing attacks that can cause the UAVs to behave erratically. Since these threats are widespread and potent, it is imperative to develop effective intrusion detection systems. In this paper, we propose an image-based intrusion detection system for detecting GPS spoofing cyberattacks based on a deep learning methodology. We combine convolutional neural networks with Principal Component Analysis (PCA) to reduce the dimensionality of the dataset features, data augmentation to increase the size and diversity of the training dataset, and transfer learning to improve the proposed model’s performance with limited data to design a fast, accurate, and general method. Extensive numerical experiments demonstrate the effectiveness of the proposed solution carried out using benchmark datasets. We achieved an accuracy of 100% within a running time of 120.64 s at 0.3529 ms latency and a detection time of 2.035 s in the case of the training dataset. Further, using this trained model, we achieved an accuracy of 99.25% within a detection time of 2.721 s on an unseen dataset that was unrelated to the one used for training the model. In contrast, other models, such as Inception-v3, showed lower accuracy on unseen datasets. However, Inception-v3 performance improved significantly after Bayesian optimization, with the Tree-structured Parzen Estimator reaching 99.06% accuracy. Our results demonstrate that the proposed image-based intrusion detection method outperforms the existing solutions while providing a general model for detecting cyberattacks included in unseen datasets.

Optimized Ensemble Learning Models Based on Clustering and Hybrid Deep Learning for Wireless Intrusion Detection

Machine learning (ML) and deep learning (DL) are used in numerous fields, particularly to develop effective intrusion detection systems (IDS). Existing wireless network IDS, which rely on a single ML algorithm and have limitations. These include a high rate of false positives, difficulties in recognizing distinct attack patterns, and a high acquisition cost for annotated training datasets. However, hostile threats are always evolving, networks need a smart security solution. In comparison to other ML approaches, DL algorithms are more successful in intrusion detection. This paper presents a DL based ensemble model that combines Multi-verse through Chaotic Atom Search Optimization (MCA) for preprocessing, which eliminates unsolicited/recurrent information in the dataset. The process of optimized feature selection uses Principal Component Analysis (PCA), Chaotic Manta-ray Foraging Optimizations (CMFO), and a grounded grouping method to partition the optimized feature dataset into k-diverse clusters. The recommended model then stacks Support Vector Machine (SVM) as the ensemble model’s meta-learner classifier, pre-training the hybrid DL prototypes using the optimized feature dataset cluster. The CNN-LSTM and CNN-GRU models, which integrate Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU), are the hybrid DL prototype’s key components. The suggested model’s performance has been enhanced and compared to six ML techniques: NB, SVM, J48, RF, MLP, and kNN models, utilizing measures such as accuracy, precision, recall, and F-measure. The public can access the Aegean Wi-Fi Intrusion Dataset (AWID) which is used for evaluating the recommended model and is outperformed the contemporary models in the literature.

Multi-Class Network Anomaly Detection Using Machine Learning Techniques

Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

MEMFO-KELM: A Deep Learning Approach for Real-Time Intrusion Detection in Cloud Environments

With the increasing importance of network security in cloud environments, effective intrusion detection systems (IDS) are crucial for safeguarding data transmission and protecting against cyber attacks. This research proposes a novel IDS model named Mutation Enhanced Moth-Flame Optimization based Kernel Extreme Learning Machine (MEMFO-KELM) algorithm. The objective is to address the challenges associated with cloud environments and enhance the accuracy of intrusion detection in real-time scenarios. The MEMFO-KELM algorithm incorporates advanced techniques to improve classification performance and ensure accurate detection. The deep learning model architecture includes convolutional layers for capturing complex patterns, recurrent layers for modelling temporal dependencies, and fully connected layers for feature extraction. L1 regularization (Lasso) is applied to the fully connected layers to enhance interpretability and reduce model complexity. Here, four datasets are represented to validate the performance with different attacks and normal classes are implemented: MQTT-IoT-IDS2020, CSE-CIC-IDS2018, NSL-KDD, and Apache Web Server. The proposed IDS model achieves remarkable performance, with an accuracy of 98.4%, a false alarm rate of 0.056, a detection rate of 98%, and a computational time of 120 s. These results highlight the effectiveness of the MEMFO-KELM algorithm in accurately detecting intrusions. Comparative analysis reveals that the proposed real-time IDS model demonstrates its superiority compared to other methods. By addressing the challenges of cloud environments and incorporating advanced techniques, the MEMFO-KELM IDS model contributes to enhanced network security, mitigates the risks associated with cyber attacks, and ensures the integrity of globally distributed resources.

Systematic literature review on intrusion detection systems: Research trends, algorithms, methods, datasets, and limitations

Abstract Machine learning (ML) and deep learning (DL) techniques have demonstrated significant potential in the development of effective intrusion detection systems. This study presents a systematic review of the utilization of ML, DL, optimization algorithms, and datasets in intrusion detection research from 2018 to 2023. We devised a comprehensive search strategy to identify relevant studies from scientific databases. After screening 393 papers meeting the inclusion criteria, we extracted and analyzed key information using bibliometric analysis techniques. The findings reveal increasing publication trends in this research domain and identify frequently used algorithms, with convolutional neural networks, support vector machines, decision trees, and genetic algorithms emerging as the top methods. The review also discusses the challenges and limitations of current techniques, providing a structured synthesis of the state-of-the-art to guide future intrusion detection research.

Real-time fusion multi-tier DNN-based collaborative IDPS with complementary features for secure UAV-enabled 6G networks

UAV-enabled Integrated Sensing and Communication (ISAC) in sixth-generation (6G) wireless networks has sparked significant research interest. UAVs are positioned as aerial wireless platforms, extending coverage and improving Sensing and Communication (S&C) services. However, integrating UAVs introduces vulnerabilities due to multi-connectivity, necessitating robust security measures. To address this, efforts are focused on developing effective Intrusion Detection Systems (IDS). Here ML-based IDSs depend on the most suited Machine Learning (ML) algorithms for improved detection accuracy. However, inadequate detection features frequently contribute to the limitations of detection accuracy in various emerging cyber-attacks. Our study explores attack traits in UAV-enabled 6G networks, using complementary detection features to enhance ML-based attack detection. Additionally, existing Deep Neural Network (DNN) solutions for UAVs-enabled 6G networks mainly use single models (e.g., CNN, SVM, CGAN) instead of multi-tier models, (e.g., Hybrid, Fusion, Ensemble). Here, although the use of a single model can be faster for computer systems, it is difficult to understand the growing complexity of intrusion patterns in data. Also, these single models might not be good at recognizing the unique patterns of less common issues in datasets. Thus, we propose a fusion multi-tier DNN-based Collaborative Intrusion Detection and Prevention System (CIDPS) for critical UAV-enabled 6G networks. This system boosts accuracy without sacrificing latency reductions. Our approach learns decision boundaries from imbalanced data points using preceding DNNs sequentially. Moreover, most existing research works do not focus on intrusion prevention methods and deployment frameworks for UAV networks. This research proposes effective IPS mechanisms and deployment architecture for CIDPS in UAV-enabled 6G networks. It incorporates a CIDPS with an emergency response protocol, neutralizing attacks upon anomaly detection. We validate our solution through diverse dataset experiments (UAVIDS-2020, NF-UQ-NIDS-v2, 5G-NIDD). Unlike traditional practices where IDS are simulated, we implement CIDPS on actual UAV devices (PX4 Vision Dev Kit V1.5, DJI mini se, DJI mini 3 pro) and real-world UAV networks. Our approach outperforms prior algorithms with a 99.25% attack classification accuracy, higher detection efficiency, and lower resource usage, exceeding 99.05% detection rates.

An efficient intrusion detection technique for traffic pattern learning

Efficient intrusion detection algorithms are required for network traffic learning patterns in order to protect advanced network communication channels. These systems can be used to detect normal and unusual patterns, signatures, and rule violations. In recent years, conventional and deep machine learning algorithms have been utilized in the field of network intrusion detection for network traffic learning systems. The use of machine learning opens up new attack surfaces that are very intriguing to investigate. Attackers can introduce noisy data into training data to influence testing patterns in computer networks. The goal of this work is to create an efficient intrusion detection solution for network traffic learning patterns using a supervised and unsupervised technique. We developed an effective intrusion detection system (IDs) using an appropriate NSLKDD dataset for network traffic patterns. The model was trained and evaluated using the Genetic Optimization Algorithm (GOA) and the Niave Bayesian technique to recognize usual and unexpected network traffic patterns. We created a strategy that begins with a random population and subsequent iterates through the fitness function, returning the best parents with high detection accuracy. The best parents were determined using the n-parameters iterated by the crossover and mutation procedures. A cross over function was created to combine genes from two fitness parents by randomly selecting portions from each parent. The individual components of the crossover offsprings are randomly flipped to achieve the mutation. The fitness of the previous generation was obtained to generate a new generation, and this process was repeated n times. This was created to detect network intrusions using Nave Bayes' binary categorization problem and evolutionary algorithms. We accomplished this task by aggregating noise into training set before broadcasting the average number, and it is critical not to have that public average too frequently. The experimental results reveal that our proposed GA fared better than the NB technique, with a detection accuracy of 95.0% versus a recommendable detection accuracy of 53.0%.

Probabilistic Analysis of Random Check Intrusion Detection System

The ubiquitous adoption of network-based technologies has left organizations vulnerable to malicious attacks. It has become vital to have effective intrusion detection systems (IDS) that protect the network from attacks. In this paper, we study the intrusion detection problem through the lens of probability theory. We consider a situation where a network receives random malicious signals at discrete time instances, and an IDS attempts to capture these signals via a random check process. We aim to develop a probabilistic framework for intrusion detection under the given scenario. Concretely, we calculate the detection rate of a network attack by an IDS and determine the expected number of detections. We perform extensive theoretical and experimental analyses of the problem. The results presented in this paper would be helpful tools for designing and analyzing intrusion detection systems. We propose a probabilistic framework that could be useful for IDS experts; for a network-based IDS that monitors in real-time, analyzing the entire traffic flow can be computationally expensive. By probabilistically sampling only a fraction of the network traffic, the IDS can still perform its task effectively while reducing the computational cost. However, checking only a fraction of the traffic increases the possibility of missing an attack. This research can help IDS designers achieve appropriate detection rates while maintaining a low false alarm rate. The groundwork laid out in this paper could be used for future research on understanding the probabilities related to intrusion detection.

PCA-ANN: Feature selection based hybrid intrusion detection system in software defined network

Software Defined Networking (SDN) proposes a centralized network paradigm where a central controller manages the network. While this centralizes scheme opens up previously unachievable opportunities, it also makes the network more susceptible to a varying range of cyber threats. The development of effective Intrusion Detection Systems (IDS) designed for the SDN topology is a critical need to address the different vulnerabilities SDN faces. Towards that purpose, the inSDN dataset was specifically curated for intrusion detection in SDN with various attack scenarios unique to the SDN topology. This study leveraged the inSDN dataset to introduce an innovative Intrusion Detection System (IDS) model that amalgamates Principal Component Analysis (PCA), a dimensionality reduction technique widely employed in traditional Machine Learning (ML) to extract the principal features of the dataset and couples it with Artificial Neural Networks (ANN) to classify network traffic based on the extracted features. The proposed model attains an exceptional accuracy rate of 99.95% for multi-class classification and demonstrate that it surpasses the current state-of-the-art techniques while operating within a much simpler framework. This significantly diminishes the necessity for complex models that demand extensive computational resources when dealing with the inSDN attack dataset. The analysis of the dataset carried out in this study also provides insights into the redundancy present in the dataset and identifies the core features that contains most of the information in the dataset.

Intrusion detection system for controller area network

The rapid expansion of intra-vehicle networks has increased the number of threats to such networks. Most modern vehicles implement various physical and data-link layer technologies. Vehicles are becoming increasingly autonomous and connected. Controller area network (CAN) is a serial bus system that is used to connect sensors and controllers (electronic control units—ECUs) within a vehicle. ECUs vary widely in processing power, storage, memory, and connectivity. The goal of this research is to design, implement, and test an efficient and effective intrusion detection system for intra-vehicle CANs. Classic cryptographic approaches are resource-intensive and increase processing delay, thereby not meeting CAN latency requirements. There is a need for a system that is capable of detecting intrusions in almost real-time with minimal resources. Our research proposes a long short-term memory (LSTM) network to detect anomalies and a decision engine to detect intrusions by using multiple contextual parameters. We have tested our anomaly detection algorithm and our decision engine using data from real automobiles. We present the results of our experiments and analyze our findings. After detailed evaluation of our system, we believe that we have designed a vehicle security solution that meets all the outlined requirements and goals.

Multi-shift spatio-temporal features assisted deep neural network for detecting the intrusion of wild animals using surveillance cameras

The coexistence of human populations and wildlife in shared habitats necessitates the development of effective intrusion detection systems to mitigate potential conflicts and promote harmonious relationships. Detecting the intrusion of wild animals, especially in areas where human-wildlife conflicts are common, is essential for both human and animal safety. Animal intrusion has become a serious threat to crop yield, impacting food security and reducing farmer profits. Rural residents and forestry workers are increasingly concerned about the issue of animal assaults. Drones and surveillance cam-eras are frequently used to monitor the movements of wild animals. To identify the type of animal, track its movement, and provide its position, an effective model is needed. This paper presents a novel methodology for detecting the intrusion of wild animals using deep neural networks with multishift spatio-temporal features from surveillance camera video images. The pro-posed method consists of a multi-shift attention convolutional neural net-work model to extract spatial features, a multi-moment gated recurrent unit attention model to extract temporal features, and a feature fusion network to fully explore the spatial semantics and temporal features of surveillance video images. The proposed model was tested with images from three different datasets and achieved promising results in terms of mean accuracy and precision.

Designing an Adaptive Effective Intrusion Detection System for Smart Home IoT

Designing an Adaptive Effective Intrusion Detection System for Smart Home IoT

Ensemble Learning Framework for DDoS Detection in SDN-Based SCADA Systems.

Supervisory Control and Data Acquisition (SCADA) systems play a crucial role in overseeing and controlling renewable energy sources like solar, wind, hydro, and geothermal resources. Nevertheless, with the expansion of conventional SCADA network infrastructures, there arise significant challenges in managing and scaling due to increased size, complexity, and device diversity. Using Software Defined Networking (SDN) technology in traditional SCADA network infrastructure offers management, scaling and flexibility benefits. However, as the integration of SDN-based SCADA systems with modern technologies such as the Internet of Things, cloud computing, and big data analytics increases, cybersecurity becomes a major concern for these systems. Therefore, cyber-physical energy systems (CPES) should be considered together with all energy systems. One of the most dangerous types of cyber-attacks against SDN-based SCADA systems is Distributed Denial of Service (DDoS) attacks. DDoS attacks disrupt the management of energy resources, causing service interruptions and increasing operational costs. Therefore, the first step to protect against DDoS attacks in SDN-based SCADA systems is to develop an effective intrusion detection system. This paper proposes a Decision Tree-based Ensemble Learning technique to detect DDoS attacks in SDN-based SCADA systems by accurately distinguishing between normal and DDoS attack traffic. For training and testing the ensemble learning models, normal and DDoS attack traffic data are obtained over a specific simulated experimental network topology. Techniques based on feature selection and hyperparameter tuning are used to optimize the performance of the decision tree ensemble models. Experimental results show that feature selection, combination of different decision tree ensemble models, and hyperparameter tuning can lead to a more accurate machine learning model with better performance detecting DDoS attacks against SDN-based SCADA systems.

Analyzing Autoencoder-Based Intrusion Detection System Performance

The rise in cyberattacks targeting critical network infrastructure has spurred an increased emphasis on the development of robust cybersecurity measures. In this context, there is a growing exploration of effective Intrusion Detection Systems (IDS) that leverage Machine Learning (ML) and Deep Learning (DL), with a particular emphasis on autoencoders. Recognizing the pressing need to mitigate cyber threats, our study underscores the crucial importance of advancing these methodologies. Our study aims to identify the optimal architecture for an Intrusion Detection System (IDS) based on autoencoders, with a specific focus on configuring the number of hidden layers. To achieve this objective, we designed four distinct sub-models, each featuring a different number of hidden layers: Test 1 (one hidden layer), Test 2 (two hidden layers), Test 3 (three hidden layers), and Test 4 (four hidden layers).We subjected our models to rigorous training and testing, maintaining consistent neuron counts of 30 and 60. The outcomes of our experimental study reveal that the model with a single hidden layer consistently outperformed its counterparts, achieving an accuracy of 95.11% for NSL-KDD and an impressive 98.6% for CIC-IDS2017. The findings of our study indicate that our proposed system is viable for implementation on critical network infrastructure as a proactive measure against cyber-attacks.

Cost based Random Forest Classifier for Intrusion Detection System in Internet of Things

Internet of Things (IoT) is the collection of physical and digital devices that are interconnected using Internet for exchange of information and delivery of services. The Internet of Things (IoT) is an extended application of Internet that is used to offer various services for users in the fields of agriculture, healthcare, education, smart homes and so on in the modern world. The significant issues of the intrusion present in IoT are network disconnection, network hacking and data theft from the source. So the challenging task for worldwide utilization of IoT is to address their security issues, because of the feature imbalance in the different types of attacks. The most essential task for addressing security issues is to predict and classify the intrusion in the network. In this paper, the Cost based Random Forest Classifier (CRFC) is proposed for developing an effective Intrusion Detection System (IDS). The CRFC based classification is improvised by incorporating the cost matrix calculated based on feature importance that helps to improve the process of splitting the features even if there is a feature imbalance. Further, three important libraries of Python namely, Spark, Kafka, and Scikit-learn are used in this IDS to improve the classification performances. In that, Spark is used to implement the distributed environment, Kafka is used for streaming the data and Scikit is used to implement CRFC. There are two datasets known as NSL-KDD and UNSW-NB15 that are used to evaluate the performance of the proposed CRFC-IDS method. The CRFC-IDS method is analyzed on the basis of accuracy, precision, recall, F1-Measure, Area Under the Curve (AUC), False Acceptance Rate (FAR) and Matthews Correlation Coefficient (MCC). The existing approaches OCSVM and DBF are used for comparison with the CRFC-IDS method. The accuracy of CRFC-IDS for NSL-KDD dataset is found to be 99.957%, which is highest when compared to OCSVM and DBF.

IoT Intrusion Detection System Based on Machine Learning

With the rapid development of the Internet of Things (IoT), the number of IoT devices is increasing dramatically, making it increasingly important to identify intrusions on these devices. Researchers are using machine learning techniques to design effective intrusion detection systems. In this study, we propose a novel intrusion detection system that efficiently detects network anomalous traffic. To reduce the feature dimensions of the data, we employ the binary grey wolf optimizer (BGWO) heuristic algorithm and recursive feature elimination (RFE) to select the most relevant feature subset for the target variable. The synthetic minority oversampling technique (SMOTE) is used to oversample the minority class and mitigate the impact of data imbalance on the classification results. The preprocessed data are then classified using XGBoost, and the hyperparameters of the model are optimized using Bayesian optimization with tree-structured Parzen estimator (BO-TPE) to achieve the highest detection performance. To validate the effectiveness of the proposed method, we conduct binary and multiclass experiments on five commonly used IoT datasets. The results show that our proposed method outperforms state-of-the-art methods in four out of the five datasets. It is noteworthy that our proposed method achieves perfect accuracy, precision, recall, and an F1 score of 1.0 on the BoT-Iot and WUSTL-IIOT-2021 datasets, further validating the effectiveness of our approach.