OMIC: A Bagging-Based Ensemble Learning Framework for Large-Scale IoT Intrusion Detection
DOI:
https://doi.org/10.62411/faith.3048-3719-63Keywords:
Ensemble Learning, Intrusion Detection Systems, Machine Learning, Memory-Optimized Processing, Multiclass Classification, Network security, Network Traffic AnalysisAbstract
The research focuses on developing an Optimized Multiclass Intrusion Classifier (OMIC), an advanced framework for large-scale network intrusion detection in IoT environments. Traditional intrusion detection systems face significant challenges with increasing network complexity, attack sophistication, and the exponential growth of IoT devices, particularly in handling class imbalance, computational efficiency, and real-time processing of massive data volumes. OMIC introduces a novel ensemble approach combining LightGBM and XGBoost classifiers with a memory-optimized processing pipeline to address these limitations. The framework implements sophisticated data handling techniques, including dynamic chunk-based processing, adaptive sampling methods, and cost-sensitive learning to manage class imbalance. Experimental evaluation using the comprehensive CICIoT2023 dataset, comprising over 1 million records and 33 distinct attack types, demonstrates OMIC's exceptional performance with an overall accuracy of 99.26%. The framework achieves perfect precision, recall, and F1-scores for most DDoS and DoS attack categories, significantly outperforming traditional machine learning and deep learning approaches. While excelling in most attack categories, OMIC shows limitations in detecting certain web-based attacks and reconnaissance activities, suggesting areas for future enhancement. The framework's superior performance in handling large-scale data while maintaining high detection accuracy positions it as a significant advancement in IoT network security, offering practical solutions for real-world deployments.
Downloads
References
J. P. Ntayagabiri, Y. Bentaleb, J. Ndikumagenge, and H. EL Makhtoum, “A Comprehensive Approach to Protocols and Security in Internet of Things Technology,” J. Comput. Theor. Appl., vol. 2, no. 3, pp. 324–341, Feb. 2024, doi: 10.62411/jcta.11660.
A. K. Al Hwaitat et al., “Overview of Mobile Attack Detection and Prevention Techniques Using Machine Learning.,” Int. J. Interact. Mob. Technol., vol. 18, no. 10, Jan. 2024, [Online]. Available: https://search.ebscohost.com/login.aspx?direct=true&profile=ehost&scope=site&authtype=crawler&jrnl=18657923&AN=177404208&h=FMA26sPUnglaFNBoZDo0VKVC1B1Ucylgk5vY%2BfgVbKNTjU37%2Bo6BoImIcmftFsHPv%2BCsGxEo53CjCAuFLAAhaA%3D%3D&crl=c
J. Mao, X. Yang, B. Hu, Y. Lu, and G. Yin, “Intrusion Detection System Based on Multi-Level Feature Extraction and Inductive Network,” Electronics, vol. 14, no. 1, p. 189, Jan. 2025, doi: 10.3390/electronics14010189.
M. A. Hossain and M. S. Islam, “Ensuring network security with a robust intrusion detection system using ensemble-based machine learning,” Array, vol. 19, p. 100306, Jan. 2023, doi: 10.1016/j.array.2023.100306.
N. Jeffrey, Q. Tan, and J. R. Villar, “A Review of Anomaly Detection Strategies to Detect Threats to Cyber-Physical Systems,” Electronics, vol. 12, no. 15, p. 3283, Jan. 2023, doi: 10.3390/electronics12153283.
Y. Guo, “A review of Machine Learning-based zero-day attack detection: Challenges and future directions,” Comput. Commun., vol. 198, pp. 175–185, Jan. 2023, doi: 10.1016/j.comcom.2022.11.001.
B. R. Kikissagbe and M. Adda, “Machine Learning-Based Intrusion Detection Methods in IoT Systems: A Comprehensive Review,” Electronics, vol. 13, no. 18, p. 3601, Jan. 2024, doi: 10.3390/electronics13183601.
R. Chinnasamy, M. Subramanian, S. V. Easwaramoorthy, and J. Cho, “Deep Learning-driven Methods for Network-based Intrusion Detection Systems: A Systematic Review,” ICT Express, Jan. 2025, doi: 10.1016/j.icte.2025.01.005.
Y. Wu, B. Zou, and Y. Cao, “Current Status and Challenges and Future Trends of Deep Learning-Based Intrusion Detection Models,” J. Imaging, vol. 10, no. 10, p. 254, Jan. 2024, doi: 10.3390/jimaging10100254.
D. Patil, N. L. Rane, P. Desai, and J. Rane, “Machine learning and deep learning: Methods, techniques, applications, challenges, and future research opportunities,” in Trustworthy Artificial Intelligence in Industry and Society, Deep Science Publishing, 2024. doi: 10.70593/978-81-981367-4-9_2.
O. Alshboul, G. Almasabha, A. Shehadeh, and K. Al-Shboul, “A comparative study of LightGBM, XGBoost, and GEP models in shear strength management of SFRC-SBWS,” Structures, vol. 61, p. 106009, Feb. 2024, doi: 10.1016/j.istruc.2024.106009.
H. Hosamo and S. Mazzetto, “Performance Evaluation of Machine Learning Models for Predicting Energy Consumption and Occupant Dissatisfaction in Buildings,” Buildings, vol. 15, no. 1, p. 39, Feb. 2025, doi: 10.3390/buildings15010039.
M. Markevych and M. Dawson, “A Review of Enhancing Intrusion Detection Systems for Cybersecurity Using Artificial Intelligence (AI),” Int. Conf. KNOWLEDGE-BASED Organ., vol. 29, no. 3, pp. 30–37, Jan. 2023, doi: 10.2478/kbo-2023-0072.
M. M. Ahsan, M. S. Ali, and Z. Siddique, “Enhancing and improving the performance of imbalanced class data using novel GBO and SSG: A comparative analysis,” Neural Networks, vol. 173, p. 106157, May 2024, doi: 10.1016/j.neunet.2024.106157.
W. Chen, K. Yang, Z. Yu, Y. Shi, and C. L. P. Chen, “A survey on imbalanced learning: latest research, applications and future directions,” Artif. Intell. Rev., vol. 57, no. 6, p. 137, Jan. 2024, doi: 10.1007/s10462-024-10759-6.
B. Pes, “Learning from High-Dimensional and Class-Imbalanced Datasets Using Random Forests,” Information, vol. 12, no. 8, p. 286, Jan. 2021, doi: 10.3390/info12080286.
B. Xu and G. Yang, “Interpretability research of deep learning: A literature survey,” Inf. Fusion, vol. 115, p. 102721, Jan. 2025, doi: 10.1016/j.inffus.2024.102721.
M. Ibrahim and A. Al-Wadi, “Enhancing IoMT network security using ensemble learning-based intrusion detection systems,” J. Eng. Res., Feb. 2024, doi: 10.1016/j.jer.2024.12.003.
V. Ravi, T. D. Pham, and M. Alazab, “Deep learning-based network intrusion detection system for Internet of medical things,” IEEE internet things Mag., vol. 6, no. 2, pp. 50–54, Jan. 2023, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10145040/
R. Devendiran and A. V Turukmane, “Dugat-LSTM: Deep learning based network intrusion detection system using chaotic optimization strategy,” Expert Syst. Appl., vol. 245, p. 123027, Jul. 2024, doi: 10.1016/j.eswa.2023.123027.
F. Sun et al., “Efficiency of Extreme Gradient Boosting for Imbalanced Land Cover Classification Using an Extended Margin and Disagreement Performance,” ISPRS Int. J. Geo-Information, vol. 8, no. 7, p. 315, Jul. 2019, doi: 10.3390/ijgi8070315.
A. A. Khan, O. Chaudhari, and R. Chandra, “A review of ensemble learning and data augmentation models for class imbalanced problems: Combination, implementation and evaluation,” Expert Syst. Appl., vol. 244, p. 122778, Feb. 2024, doi: 10.1016/j.eswa.2023.122778.
D. R. I. M. Setiadi, S. Widiono, A. N. Safriandono, and S. Budi, “Phishing Website Detection Using Bidirectional Gated Recurrent Unit Model and Feature Selection,” J. Futur. Artif. Intell. Technol., vol. 1, no. 2, pp. 75–83, Jul. 2024, doi: 10.62411/faith.2024-15.
S. Gul, S. Arshad, S. M. U. Saeed, A. Akram, and M. A. Azam, “WGAN-DL-IDS: An Efficient Framework for Intrusion Detection System Using WGAN, Random Forest, and Deep Learning Approaches,” Computers, vol. 14, no. 1, p. 4, Jan. 2024, [Online]. Available: https://www.mdpi.com/2073-431X/14/1/4
W. F. Kamil, “Adapted CNN-SMOTE-BGMM deep learning framework for network intrusion detection using unbalanced dataset,” Iraqi J. Sci., pp. 4846–4864, Jan. 2023, [Online]. Available: https://www.iasj.net/iasj/download/8ce08ee0ce878309
J. P. Ntayagabiri, Y. Bentaleb, J. Ndikumagenge, and H. El Makhtoum, “A Comparative Analysis of Supervised Machine Learning Algorithms for IoT Attack Detection and Classification,” J. Comput. Theor. Appl., vol. 2, no. 3, pp. 395–409, Feb. 2025, doi: 10.62411/jcta.11901.
T. Al-Shehari and R. A. Alsowail, “Random resampling algorithms for addressing the imbalanced dataset classes in insider threat detection,” Int. J. Inf. Secur., vol. 22, no. 3, pp. 611–629, Jan. 2023, doi: 10.1007/s10207-022-00651-1.
K. S. Babu and Y. N. Rao, “MCGAN: modified conditional generative adversarial network (MCGAN) for class imbalance problems in network intrusion detection system,” Appl. Sci., vol. 13, no. 4, p. 2576, Jan. 2023, [Online]. Available: https://www.mdpi.com/2076-3417/13/4/2576
A. Abdelkhalek and M. Mashaly, “Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning,” J. Supercomput., vol. 79, no. 10, pp. 10611–10644, Jan. 2023, doi: 10.1007/s11227-023-05073-x.
A. Thakkar and R. Lohiya, “Attack classification of imbalanced intrusion data for IoT network using ensemble-learning-based deep neural network,” IEEE Internet Things J., vol. 10, no. 13, pp. 11888–11895, Jan. 2023, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10044208/
A. Çetin and S. Öztürk, “Comprehensive Exploration of Ensemble Machine Learning Techniques for IoT Cybersecurity Across Multi-Class and Binary Classification Tasks,” J. Futur. Artif. Intell. Technol., vol. 1, no. 4, pp. 371–384, Feb. 2025, doi: 10.62411/faith.3048-3719-51.
Z. S. Dhahir, “A Hybrid Approach for Efficient DDoS Detection in Network Traffic Using CBLOF-Based Feature Engineering and XGBoost,” J. Futur. Artif. Intell. Technol., vol. 1, no. 2, pp. 174–190, Sep. 2024, doi: 10.62411/faith.2024-33.
N. Rane, S. P. Choudhary, and J. Rane, “Ensemble deep learning and machine learning: applications, opportunities, challenges, and future directions,” Stud. Med. Heal. Sci., vol. 1, no. 2, pp. 18–41, Jan. 2024, [Online]. Available: https://sabapub.com/index.php/SMHS/article/view/1225
F. Alserhani and A. Aljared, “Evaluating Ensemble Learning Mechanisms for Predicting Advanced Cyber Attacks,” Appl. Sci., vol. 13, no. 24, p. 13310, Dec. 2023, doi: 10.3390/app132413310.
S. Arukonda, R. Cheruku, and V. Boddu, “Enhancing disease diagnosis accuracy and diversity through BA-TLBO optimized ensemble learning,” Biomed. Signal Process. Control, vol. 96, p. 106507, Jan. 2024, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1746809424005652
E. Itasoy, V. Rosenberg, N. Stavrakis, A. Dietrich, and C. Montanari, “Ransomware detection on windows using file system activity monitoring and a hybrid isolation forest-xgboost model,” Jan. 2024, [Online]. Available: https://www.researchsquare.com/article/rs-5257558/latest
E. Batalov, P. Haverstock, R. Anderson, W. Thompson, and R. Wolverton, “Ransomware detection via network traffic analysis using isolation forest and lstm neural networks,” Jan. 2024, [Online]. Available: https://www.authorea.com/doi/full/10.22541/au.172928576.69686584
A. Lumazine et al., “Ransomware detection in network traffic using a hybrid cnn and isolation forest approach.” Jan. 18, 2024. [Online]. Available: https://www.authorea.com/doi/full/10.22541/au.172901014.44599790
E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment,” Sensors, vol. 23, no. 13, p. 5941, Jun. 2023, doi: 10.3390/s23135941.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jean Pierre Ntayagabiri, Youssef Bentaleb, Jeremie Ndikumagenge, Hind El Makhtoum
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
