Machine Learning Models and Explainable Artificial Intelligence Approaches for Intrusion Detection in IoT Networks
Main Article Content
Abstract
The rapid spread of Internet of Things (IoT) technologies and the rapidly increasing use of IoT devices offer technological transformation and innovative solutions in many areas from daily life to industrial processes. However, the resource constraints, simple operating systems, non-standard protocols and embedded software of IoT devices make them vulnerable to cyber-attacks. This makes IoT networks risky against malicious attacks and increases the size of security threats. Moreover, the complexity and heterogeneity of IoT networks render traditional security approaches inadequate and increase the need for advanced solutions. In this context, the need for methods for detecting and preventing attacks on IoT networks that are not only reliable and effective, but also understandable by users and security experts has become increasingly critical. This need for network security necessitates the development of strategies that will both secure technical infrastructures and increase the trust of human elements interacting with these infrastructures. In this context, the need for more interpretable, explainable and transparent security approaches is increasing. In particular, machine learning (ML) and deep learning (DL) based intrusion detection systems offer effective solutions to security problems such as anomaly detection and attack classification. The comprehensibility of the decision mechanisms of the models used enables both security experts to manage the systems more effectively and users to have more confidence in the security measures taken. Explainable Artificial Intelligence (XAI) techniques make the decision processes of ML and DL models transparent, allowing to understand how and why attacks are detected. Accordingly, it has become a critical requirement for security systems not only to achieve high accuracy rates, but also to make the decisions taken interpretable. In this study, the effectiveness of artificial intelligence (ML and DL) techniques for the detection and classification of security threats in IoT networks is analysed. In addition, the applications of XAI methods such as SHapley Additive exPlanations (SHAP), Local Interpretable Model-Agnostic Explanations (LIME) and Explain Like I'm 5 (ELI5) for IoT security are investigated. It is shown how these methods make the decision processes of ML and DL models used in IoT networks more transparent and provide a better analysis. As a result, this study presents an approach that combines both performance and explainability in IoT security. By demonstrating the effectiveness of XAI-supported ML and DL models, it aims to contribute to future research and innovative security solutions for enhancing security in IoT networks.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
Xia, F., Yang, L. T., Wang, L., & Vinel, A. (2012). Internet of Things. International Journal of Communication Systems, 25(9), 1101–1102. doi:10.1002/dac.2417 DOI: https://doi.org/10.1002/dac.2417
Statista Research Department (2016), Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025, Available at https://www.statista.com/statistics/471264/ iot-number-of-connected-devices-worldwide/. Online; accessed 10 January 2025.
Sezer, O. B., Dogdu, E., & Ozbayoglu, A. M. (2018). Context-Aware Computing, Learning, and Big Data in Internet of Things: A Survey. IEEE Internet of Things Journal, 5(1), 1–27. DOI: https://doi.org/10.1109/JIOT.2017.2773600
Perera, C., Zaslavsky, A., Compton, M., Christen, P., & Georgakopoulos, D. (2013). Semantic-Driven Configuration of Internet of Things Middleware. 2013 Ninth International Conference on Semantics, Knowledge and Grids. doi:10.1109/skg.2013.9 DOI: https://doi.org/10.1109/SKG.2013.9
Ge, M., Fu, X., Syed, N., Baig, Z., Teo, G., & Robles-Kelly, A. (2019). Deep Learning-Based Intrusion Detection for IoT Networks. 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC). doi:10.1109/prdc47002.2019.00056 DOI: https://doi.org/10.1109/PRDC47002.2019.00056
Y. K. Saheed, A. I. Abiodun, S. Misra, M. K. Holone, and R. Colomo-Palacios, "A machine learning-based intrusion detection for detecting internet of things network attacks," Alexandria Eng. J., vol. 61, pp. 9395–9409, 2022. DOI: https://doi.org/10.1016/j.aej.2022.02.063
B. Sharma, L. Sharma, C. Lal, and S. Roy, "Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning based approach," Expert Syst. Appl., vol. 238, p. 121751, 2024. DOI: https://doi.org/10.1016/j.eswa.2023.121751
E. Gürbüz, Ö. Turgut and İ. Kök, "Explainable AI-Based Malicious Traffic Detection and Monitoring System in Next-Gen IoT Healthcare," 2023 International Conference on Smart Applications, Communications and Networking (SmartNets), Istanbul, Turkiye, 2023, pp. 1-6, doi: 10.1109/SmartNets58706.2023.10215896. DOI: https://doi.org/10.1109/SmartNets58706.2023.10215896
K. Zhao and L. Ge, "A survey on the internet of things security," in Int'l Conf. on Computational Intelligence and Security (CIS), 663-667, 2013. DOI: https://doi.org/10.1109/CIS.2013.145
L. Atzori, A. Iera, G. Morabito, and M. Nitti, "The social internet of things (siot)–when social networks meet the internet of things: Concept, architecture and network characterization," Computer Networks, vol. 56, 3594-3608, 2012. DOI: https://doi.org/10.1016/j.comnet.2012.07.010
Leo, M., Battisti, F., Carli, M., & Neri, A. (2014). A federated architecture approach for Internet of Things security. 2014 Euro Med Telco Conference (EMTC). DOI: https://doi.org/10.1109/EMTC.2014.6996632
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.-L., Iorkyase, E., Tachtatzis, C., & Atkinson, R. (2016). Threat analysis of IoT networks using artificial neural network intrusion detection system. 2016 International Symposium on Networks, Computers and Communications (ISNCC). doi:10.1109/isncc.2016.7746067 DOI: https://doi.org/10.1109/ISNCC.2016.7746067
Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62. DOI: https://doi.org/10.1109/MC.2002.1039518
Imtithal A. Saeed Ali Selamat Ali M. A. Abuagoub, A Survey on Malware and Malware Detection Systems, International Journal of Computer Applications (0975 – 8887) Volume 67– No.16, April 2013 DOI: https://doi.org/10.5120/11480-7108
McGraw, G. and G. Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Softw., 2000. 17(5): p. 33-41. DOI: https://doi.org/10.1109/52.877857
Xufang, L., P.K.K. Loh, and F. Tan. Mechanisms of Polymorphic and Metamorphic Viruses. in Intelligence and Security Informatics Conference (EISIC), 2011 European. 2011.
Sen, R., & Borle, S. (2015). Estimating the Contextual Risk of Data Breach: An Empirical Approach. Journal of Management Information Systems, 32(2), 314–341 DOI: https://doi.org/10.1080/07421222.2015.1063315
Liu, H., & Lang, B. (2019). Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 9(20), 4396. DOI: https://doi.org/10.3390/app9204396
Wikipedia," Supervised learning," Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Supervised_learning. [Access Date: 15 Mar. 2025].
Wikipedia, " Unsupervised learning," Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Unsupervised_learning. [Access Date: 15 Mar. 2025].
Peng, C.-Y. J., Lee, K. L., & Ingersoll, G. M. (2002). An Introduction to Logistic Regression Analysis and Reporting. The Journal of Educational Research, 96(1), 3–14. doi:10.1080/00220670209598786 DOI: https://doi.org/10.1080/00220670209598786
Sperandei, S. (2014). Understanding logistic regression analysis. Biochemia Medica, 12–18. doi:10.11613/bm.2014.003 DOI: https://doi.org/10.11613/BM.2014.003
Real Python, "Python Programming Tutorials," Real Python. [Online]. Available: https://realpython.com/. [Access Date: Mar. 20, 2025].
Safavian, S. R., & Landgrebe, D. (1991). A survey of decision tree classifier methodology. IEEE Transactions on Systems, Man, and Cybernetics, 21(3), 660–674. DOI: https://doi.org/10.1109/21.97458
Apté, C., & Weiss, S. (1997). Data mining with decision trees and decision rules. Future Generation Computer Systems, 13(2-3), 197–210. doi:10.1016/s0167-739x(97)00021-6 DOI: https://doi.org/10.1016/S0167-739X(97)00021-6
Friedl, M. A., & Brodley, C. E. (1997). Decision tree classification of land cover from remotely sensed data. Remote Sensing of Environment, 61(3), 399–409. doi:10.1016/s0034-4257(97)00049-7 DOI: https://doi.org/10.1016/S0034-4257(97)00049-7
Farnaaz, N., & Jabbar, M. A. (2016). Random Forest Modeling for Network Intrusion Detection System. Procedia Computer Science, 89, 213–217. DOI: https://doi.org/10.1016/j.procs.2016.06.047
Pal, M. (2005). Random forest classifier for remote sensing classification. International Journal of Remote Sensing, 26(1), 217–222 DOI: https://doi.org/10.1080/01431160412331269698
W. Wang, X. Du, N. Wang, "Building a Cloud IDS Using an Efficient Feature Selection Method and SVM," IEEE Access, vol. 7, pp. 1345–1354, 2019. DOI: https://doi.org/10.1109/ACCESS.2018.2883142
M. Al-Qatf, Y. Lasheng, M. Al-Habib, K. Al-Sabahi, "Deep Learning Approach Combining Sparse Autoencoder with SVM for Network Intrusion Detection," IEEE Access, vol. 6, pp. 52843–52856, 2018. DOI: https://doi.org/10.1109/ACCESS.2018.2869577
W. Feng, J. Sun, L. Zhang, C. Cao, Q. Yang, "A support vector machine based naive Bayes algorithm for spam filtering," in Proc. 2016 IEEE 35th Int. Perform. Comput. Commun. Conf. (IPCCC 2016), 2017 DOI: https://doi.org/10.1109/PCCC.2016.7820655
Cybenko, G. 1989. Approximation by superpositions of a sigmoidal function Mathematics of Control, Signals, and Systems, 2(4), 303–314. DOI: https://doi.org/10.1007/BF02551274
Van den Oord, Aaron; Dieleman, Sander; Schrauwen, Benjamin (2013-01-01). Burges, C. J. C.; Bottou, L.; Welling, M.; Ghahramani, Z.; Weinberger, K. Q. (eds.). Deep content-based music recommendation (PDF). Curran Associates, Inc. pp. 2643–2651.
Tealab, Ahmed (1 Aralık 2018). "Time series forecasting using artificial neural networks methodologies: A systematic review". Future Computing and Informatics Journal (İngilizce). 3 (2). ss. 334-340. doi:10.1016/j.fcij.2018.10.003 . ISSN 2314-7288. DOI: https://doi.org/10.1016/j.fcij.2018.10.003
Graves, Alex; Liwicki, Marcus; Fernandez, Santiago; Bertolami, Roman; Bunke, Horst; Schmidhuber, Jürgen (2009). "A Novel Connectionist System for Improved Unconstrained Handwriting Recognition" (PDF). IEEE Transactions on Pattern Analysis and Machine Intelligence. 31 (5). ss. 855-868. CiteSeerX 10.1.1.139.4502 $2. doi:10.1109/tpami.2008.137. PMID 19299860 DOI: https://doi.org/10.1109/TPAMI.2008.137
Ribeiro, M. T., Singh, S., & Guestrin, C. (2016). ‘‘Why should i trust you?’’ Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 1135–1144). DOI: https://doi.org/10.1145/2939672.2939778
Q. Sun, A. Akman ve B. W. Schuller, "Explainable Artificial Intelligence for Medical Applications: A Review," ACM Transactions on Computing for Healthcare, cilt 6, sayı 2, ss. 1-31, Şubat 2025. DOI: 10.1145/3709367 DOI: https://doi.org/10.1145/3709367
S. M. Lundberg and S. I. Lee, "A unified approach to interpreting model predictions," in Advances in Neural Information Processing Systems (NeurIPS), 2017.
E. S. G. Ribeiro, "ELI5: A Python package for machine learning model explanation," ELI5 Documentation, [Online]. Available: https://eli5.readthedocs.io/en/latest/overview.html. [Access Date: 2-Mar-2025].
H. Moraliyage, G. Kulawardana, D. De Silva, Z. Issadeen, M. Manic, and S. Katsura, "Explainable Artificial Intelligence with Integrated Gradients for the Detection of Adversarial Attacks on Text Classifiers," Appl. Syst. Innov., vol. 8, no. 1, p. 17, Jan. 2025, doi: 10.3390/asi8010017. DOI: https://doi.org/10.3390/asi8010017
H. Xiao, Y. Xing, J. Zhang, and F. Zhao, "A CNN-based IDS model for network intrusion detection," IEEE Access, vol. 7, pp. 156665-156675, 2019. DOI: https://doi.org/10.1109/ACCESS.2019.2904620
S. Nagisetty and S. Gupta, "Comparison of deep learning models for IoT intrusion detection using open-source datasets," IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 2201-2215, 2019.
Y. Liang, J. Chen, and S. Wang, "DNN-based IDS for NSL-KDD dataset," IEEE Transactions on Network Science and Engineering, vol. 8, no. 1, pp. 25-37, 2019.
R. Vinayakumar, K. Alazab, and M. Simic, "DNN-based intrusion detection: An evaluation on NSL-KDD dataset," IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 2310-2319, 2019.
H. Kim, J. Kim, D. Kim, J. Shim, and H. Choi, "CNN-RNN hybrid model for DoS attack detection," IEEE Transactions on Network and Service Management, vol. 17, no. 4, pp. 1342-1355, 2020.
A. Kasongo and H. Sun, "Deep neural network-based intrusion detection system using UNSW-NB15 dataset," IEEE Transactions on Information Forensics and Security, vol. 15, no. 3, pp. 1517-1525, 2020.
M. Awan, R. Khan, and H. Ali, "Real-time DDoS detection in IoT using big data analytics and random forest," IEEE Access, vol. 9, pp. 118234-118245, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3074953
S. Sahu, P. Patel, and A. Sharma, "Hybrid CNN-LSTM model for IoT security: Anomaly detection in network traffic," IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 6, no. 3, pp. 432-445, 2021.
W. Ge, F. Syed, Y. Fu, Z. Baig, and A. Robles-Kelly, "A feedforward neural network model for intrusion detection," IEEE Internet of Things Journal, vol. 9, no. 2, pp. 1433-1444, 2021.
E. Sungur and B. Bakır, "A hybrid deep learning model for DDoS attack detection in SDN-based IoT environments," IEEE Transactions on Information Forensics and Security, vol. 18, no. 5, pp. 2871-2882, 2023.
H. Pehlivanoğlu, A. Demir, and Y. Kılıç, "Evaluation of ML-based IDS for IoT: Performance analysis with multiple classifiers," IEEE Transactions on Network and Service Management, vol. 20, no. 2, pp. 2156-2169, 2023.
J. Kim and L. Wang, "Explainable AI for IoT security: SHAP and LIME in intrusion detection," IEEE Access, vol. 10, pp. 120456-120468, 2022.
[14] F. Zhang, X. Li, and H. Chen, "Federated learning with explainable AI for privacy-preserving intrusion detection in IoT," IEEE Internet of Things Journal, vol. 9, no. 7, pp. 6111-6124, 2023.