ارائه مدل ترکیبی و هوشمند برای تشخیص ناهنجاری در اینترنت اشیا با رویکرد یادگیری گروهی و رمزگذارهای عمیق

ترازودار, هادی; باقری فرد, کرم اله; نجاتیان, صمد; پروین, حمید; ملک‌حسینی, راضیه

doi:10.47176/ECDJ.2025.1669

ارائه مدل ترکیبی و هوشمند برای تشخیص ناهنجاری در اینترنت اشیا با رویکرد یادگیری گروهی و رمزگذارهای عمیق

نوع مقاله : مقاله پژوهشی

نویسندگان

¹ دانشجوی دکتری ، گروه مهندسی کامپیوتر ، واحد یاسوج، دانشگاه آزاد اسلامی، یاسوج، ایران

² دانشیار ، گروه مهندسی کامپیوتر ، واحد یاسوج، دانشگاه آزاد اسلامی، یاسوج، ایران

³ دانشیار ، گروه مهندسی برق ، واحد یاسوج، دانشگاه آزاد اسلامی، یاسوج، ایران

⁴ دانشیار ، گروه مهندسی کامپیوتر ، واحد نورآباد ممسنی، دانشگاه آزاد اسلامی، نورآباد ممسنی ، ایران

⁵ استادیار ، گروه مهندسی کامپیوتر ، واحد یاسوج، دانشگاه آزاد اسلامی، یاسوج، ایران

10.47176/ECDJ.2025.1669

چکیده

اینترنت اشیا (IoT) با فراهم‌سازی بستری برای ارتباط خودکار بین میلیون‌ها دستگاه هوشمند، به یکی از زیرساخت‌های حیاتی دنیای مدرن دبل شده است. با افزایش چشمگیر تنوع، مقیاس و تحرک‌پذیری این دستگاه‌ها، آسیب‌پذیری‌های امنیتی نیز به‌طور فزاینده‌ای تشدید شده‌اند. به‌ویژه، تهدیدات پنهان و پیچیده‌ای که از طریق الگوهای رفتاری غیرمعمول در شبکه پدید می‌آیند، ضرورت بهره‌گیری از روش‌های پیشرفته‌ی تشخیص ناهنجاری را دوچندان نموده است. در این پژوهش، مدلی نوین با بهره‌گیری از رویکرد یادگیری گروهی ارائه گردیده که ترکیبی از تکنیک‌های یادگیری عمیق و الگوریتم‌های کلاسیک یادگیری ماشین را به کار گرفته است. پس از انجام پیش‌پردازش داده‌ها، ویژگی‌های کلیدی از طریق رمزگذار خودکار پشته‌ای (SAE) و رمزگذار خودکار عمیق (DAE) استخراج شده‌اند. در ادامه، یک چارچوب یادگیری گروهی متشکل از درخت تصمیم (DT)، پرسپترون چندلایه (MLP)، شبکه عصبی احتمالی (PNN) و نوع وزنی آن (WPNN) برای شناسایی ناهنجاری‌ها مورد استفاده قرار گرفته است.از نوآوری‌های این تحقیق می‌توان به طراحی یک سازوکار انتخاب پویای ویژگی در لایه رمزگذار و همچنین پیشنهاد یک طرح وزندهی تطبیقی برای ترکیب خروجی مدل‌های گروهی اشاره کرد، که موجب بهبود دقت در تشخیص حملات ناشناخته و کاهش نرخ مثبت کاذب شده است. مدل پیشنهادی بر روی چندین مجموعه‌داده معتبر از جمله NSL-KDD، BoT-IoT، IoT-NI، IoT-23، MQTT، MQTTset و IoT-DS2 ارزیابی شده و نتایج بهبود عملکرد قابل‌توجهی را در مقایسه با مدل‌های مرجع نشان داده‌اند.

کلیدواژه‌ها

موضوعات

امنیت داده

عنوان مقاله [English]

A Hybrid and Intelligent Model for Anomaly Detection in Internet of Things Using Ensemble Learning and Deep Autoencoders

نویسندگان [English]

hadi tarazodar ¹
Karamollah Bagherifard ²
Samad Nejatian ³
Hamid Parvin ⁴
Razieh Malekhosseini ⁵

¹ Ph.D. Student, Department of computer Engineering ,Yas.C., Islamic Azad University ,Yasuj, Iran,

² Associate Professor, Department of computer Engineering ,Yas.C., Islamic Azad University ,Yasuj, Iran

³ Assistant Professor, Department of Electrical Engineering ,Yas.C., Islamic Azad University ,Yasuj, Iran

⁴ Associate Professor, Department of computer Engineering , NoM.C., Islamic Azad University , Noorabad Mamasani, Iran

⁵ Assistant Professor, Department of computer Engineering ,Yas.C., Islamic Azad University ,Yasuj, Iran

چکیده [English]

The Internet of Things (IoT), by providing a platform for automatic communication among millions of smart devices, has become one of the critical infrastructures of the modern world. With the dramatic increase in the diversity, scale, and mobility of these devices, security vulnerabilities have also escalated significantly. In particular, hidden and sophisticated threats emerging through unusual behavioral patterns in the network have underscored the necessity for advanced anomaly detection methods. In this research, a novel model utilizing an ensemble learning approach is presented, combining deep learning techniques with classical machine learning algorithms. After data preprocessing, key features are extracted using Stacked Autoencoder (SAE) and Deep Autoencoder (DAE). Subsequently, an ensemble framework composed of Decision Tree (DT), Multilayer Perceptron (MLP), Probabilistic Neural Network (PNN), and its weighted variant (WPNN) is employed for anomaly detection. Innovations in this study include the design of a dynamic feature selection mechanism within the encoder layer and the proposal of an adaptive weighting scheme for aggregating ensemble model outputs, which enhance the accuracy of detecting unknown attacks and reduce the false positive rate. The proposed model has been evaluated on several reputable datasets including NSL-KDD, BoT-IoT, IoT-NI, IoT-23, MQTT, MQTTset, and IoT-DS2, demonstrating significant performance improvements compared to baseline models

کلیدواژه‌ها [English]

Internet of Things
Anomaly Detection
Stacked Autoencoder
Deep Autoencoder
Ensemble Learning
Dynamic Feature Selection
Adaptive Model Fusion
Cybersecurity

مراجع

[1] A. Čolaković, B. Karahodža, and A. H. Džubur, “QoS-Aware IoT Framework for Performance Control and Resource Management,” IntechOpen, 2025

[2] I. Rozlomii, A. Yarmilko, and S. Naumenko, “Data Security of IoT Devices with Limited Resources: Challenges and Potential Solutions,” Doors, vol. 3666, pp. 85–96, 2024

[3] N. Sharma and P. Dhiman, “A Survey on IoT Security: Challenges and Their Solutions Using Machine Learning and Blockchain Technology,” Cluster Computing, vol. 28, p. 313, 2025

[4] P. Sethi and S. R. Sarangi, “Internet of Things: Architectures, Protocols, and Applications,” Journal of Electrical and Computer Engineering, vol. 2017, no. 1, p. 9324035, 2017.‏

[5] Q. Meng, H. Wang, C. Zhang, and Y. Song, “Embedding Chips Over the Air: Rethink IoT Architecture for Ubiquitous Sensing,” IEEE Transactions, 2025

[6] A. Heidari and M. A. J. Jamali, “Internet of Things Intrusion Detection Systems: A Comprehensive Review and Future Directions,” Cluster Computing, vol. 26, no. 6, pp. 3753–3780, 2023

[7] S. H. Rafique, F. M. Malik, F. F. Hassan, M. A. Shuja, and J. J. P. C. Rodrigues, “Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends,” Sensors, vol. 24, no. 6, p. 1968, 2024.‏

[8] D. Adhikari, S. Bhusal, P. Pokharel, and J. Hu, “Recent Advances in Anomaly Detection in Internet of Things: Status, Challenges, and Perspectives,” Computer Science Review, vol. 54, p. 100665, 2024.‏

[9] E. Krzysztoń, I. Rojek, and D. Mikołajewski, “A Comparative Analysis of Anomaly Detection Methods in IoT Networks: An Experimental Study,” Applied Sciences, vol. 14, no. 24, p. 11545, 2024.‏

[10] Q. Abu Al-Haija and M. Al-Dala’ien, “ELBA-IoT: An Ensemble Learning Model for Botnet Attack Detection in IoT Networks,” Journal of Sensor and Actuator Networks, vol. 11, no. 1, p. 18, 2022.‏

[11] D. Vasan, M. Alazab, S. Venkatraman, J. Akram, and Z. Qin, “MTHAEL: Cross-Architecture IoT Malware Detection Based on Neural Network Advanced Ensemble Learning,” IEEE Transactions on Computers, vol. 69, no. 11, pp. 1654–1667, 2020

[12] F. Khan, M. A. Jan, R. Alturki, M. D. Alshehri, S. T. Shah, and A. ur Rehman, “A Secure Ensemble Learning-Based Fog-Cloud Approach for Cyberattack Detection in IoMT,” IEEE Transactions on Industrial Informatics, pp. 1–9, 2023

[13] Y. Alotaibi and M. Ilyas, “Ensemble-Learning Framework for Intrusion Detection to Enhance Internet of Things Devices’ Security,” Sensors, vol. 23, no. 12, p. 5568, 2023.‏

[14] A. R. Gad, H. A. Hefny, M. A. Elsisi, and R. A. Ramadan, “A Distributed Intrusion Detection System Using Machine Learning for IoT Based on ToN-IoT Dataset,” International Journal of Advanced Computer Science and Applications, vol. 13, no. 6, 2022.

[15] J. B. Awotunde, T. O. Olwal, O. A. Osanaiye, S. Misra, and R. D. Botha, “An Ensemble Tree-Based Model for Intrusion Detection in Industrial Internet of Things Networks,” Applied Sciences, vol. 13, no. 4, p. 2479, 2023.‏

[16] S. Huda, J. Abawajy, M. M. Hassan, A. Almogren, and A. Gani, “Securing the Operations in SCADA-IoT Platform Based Industrial Control System Using Ensemble of Deep Belief Networks,” Applied Soft Computing, vol. 71, pp. 66–77, 2018 .

[17] Y.-C. Lin, C.-Y. Lee, and C.-H. Tsai, “Diverse Machine Learning-Based Malicious Detection for Industrial Control System,” Electronics, vol. 14, no. 10, p. 1947, 2025.

[18] S. J. Lee and I. G. Lee, “Lightweight Federated Learning-Based Intrusion Detection System for Industrial Internet of Things,” ICT Express, vol. 11, no. 2, pp. 120–128, 2025.

[19] A. Deshmukh, P. E. de la Rosa, R. V. Rodriguez, and S. Dasari, “Enhancing Privacy in IoT-Enabled Digital Infrastructure: Evaluating Federated Learning for Intrusion and Fraud Detection,” Sensors, vol. 25, no. 10, p. 3043, 2025.

[20] D. R. Reddy, S. Ramani, D. Mohan, and L. Sahukar, “Secure IoTNet: A Graph-Residual Adversarial Network Integrated with Hawk-Bee Optimizer for Intrusion Detection in IoT Wireless Networks,” International Journal of Information Security, 2025.

[21] D. Papatsaroucha, E. K. Markakis, and D. Sygletos, “Developing a Near-Real Time AI-Based Network Intrusion Detection System,” Now Publishers, 2025.

[22] P. Verma, D. O’Shea, T. Newe, N. Mehta, and N. Bharot, “ABIDS-VEM: Leveraging an Equilibrium Optimizer and Data Ramification in Association with Ensemble Learning for Anomaly-Based Intrusion Detection System,” The Journal of Supercomputing, 2025.

[23] I. Ali, M. Raza, S. Bakhet, and M. U. Saleem, “Deep Learning Enabled Data Protection and Security (DPS) Techniques for Intrusion Mitigation, and Network Vulnerabilities Detection in the Internet of Things (IoTs),” Annual Multidisciplinary Research Review, 2025.

[24] Z. Alwaisi, “Memory-Efficient and Robust Detection of Mirai Botnet for Future 6G-Enabled IoT Networks,” Internet of Things, vol. 21, 2025

[25] R. K. Suggala, J. Kumar, P. Jain, and B. K. Kumar, “Blockchain Technology for Digital Twin Security in Smart Grids Using Interpretable Generalized Additive Neural Networks,” Peer-to-Peer Networking and Applications, 2025

[26] W. Peng, H. Zhang, and Y. Liu, “Modeling Realistic Adversarial Traffic Against Deep Learning-Based Intrusion Detection System in Industrial IoT,” IEEE Internet of Things Journal, 2025.

[27] T. M. Aruna, “AI-Driven Anomaly Detection in IoT Time Series: A Hybrid Approach to Classification and Feature Extraction,” Journal of Advancement in Data Computational Science, 2025.

[28] M. Mashaly and H. Kamal, “Hybrid Deep Learning Models-Based Anomaly Detection Method for Two-Stage Binary and Multi-Class Classification of Attacks in Intrusion Detection,” Algorithms, vol. 18, no. 2, p. 69, 2025.

[29] E. Li, Z. Shang, O. Güngör, and T. Rosing, “SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection,” arXiv preprint, arXiv:2502.07119, Feb. 2025.

[30] D. D. Kim and M. R. Asghar, “MTD-AD: Moving Target Defense as Adversarial Defense for Anomaly Detection in IoT,” IEEE Transactions on Dependable and Secure Computing, 2025.

[31] S. Behera and N. Padhy, “Classification Algorithms for Pump Control and Optimization Using Autoencoders in IoT Environments,” in IEEE Conference on Intelligent Systems, 2025.

[32] E. B. Edwin, S. Kumar, M. S. Ahmed, and P. P. Reddy, “Ensemble of Deep Learning Models with Walrus Optimization Algorithm for Botnet Detection,” Iran Journal of Computer Science, 2025.

[33] H. Yan, J. Zhang, L. Wang, and Z. Chen, “MalAE: A Feature-Optimized and Autoencoder Ensemble-Based Method for IoT Malware Classification,” IEEE Internet of Things Journal, 2025.

[34] H. Fan, S. Li, and Y. Liu, “Rule-Extracted Deep Autoencoder for Interpretable Anomaly Detection in Smart Cities,” Sensors, vol. 24, no. 5, p. 1231, 2025.

[35] R. Saranya and K. Rani, “An Ensemble Model for Multilayer Deep Autoencoder in IoT Network Attack Detection,” Computers, Materials & Continua, vol. 78, no. 1, pp. 155–170, 2025.

[36] T. Naith, A. Qamar, and H. Singh, “Distributed Anomaly Detection in IoT Networks Using Self-Organizing Deep Autoencoder Models,” Computer Networks, vol. 237, 2025.

[37] R. Kumar, S. I. Immadisetty, and A. Patel, “Graph-Based Deep Autoencoder Architecture for IoT Security,” IEEE Access, vol. 11, pp. 112023–112036, 2023.

[38] A. Bezanjani, M. Hosseinzadeh, and M. F. Khoshrou, “Blockchain-Integrated Convolutional Autoencoder for IoT-Based Healthcare Systems,” Sensors, vol. 23, no. 9, p. 4120, 2023.

[39] Y. Wu, L. Liu, Y. Yu, G. Chen, and J. Hu, “Online Ensemble Learning-Based Anomaly Detection for IoT Systems,” Applied Soft Computing, vol. 173, p. 112931, 2025

[40] A. S. Abdullah, H. J. Sunil, and M. S. H. Nazmudeen, "A new model to evaluate signature and anomaly based intrusion detection in medical IoT system using ensemble approach," SN Comput. Sci., vol. 6, no. 4, p. 347, 2025.

[41] J. P. Ntayagabiri, Y. Bentaleb, J. Ndikumagenge, and H. El Makhtoum, “OMIC: A Bagging-Based Ensemble Learning Framework for Large-Scale IoT Intrusion Detection,” Journal of Future Artificial Intelligence Technology, vol. 1, no. 4, pp. 401–416, 2025.

[42] M. S. Rahman, I. Khan, M. Z. A. Eidmum, P. Shaha, B. Muiz, N. Hasan, and M. Rahman, “Stacked Ensemble Method: An Advanced Machine Learning Approach for Anomaly-Based Intrusion Detection System,” Statistics, Optimization & Information Computing, 2025.

[43] M. U. Tanveer, K. Munir, M. Amjad, H. J. Alyamani, A. Bermak, and A. U. Rehman, “LightEnsemble-Guard: An Optimized Ensemble Learning Framework for Securing Resource-Constrained IoT Systems,” IEEE Access, 2025

[44] N. Dashtifard, H. Mahmoud, M. Idrissi, and N. Elmitwally, “Enhanced Anomaly Detection in Wireless 5G Networks with Hybrid Learning Technique Using AWID3 Dataset,” Environments, vol. 2, no. 3, 2025.

[45] A. K. Tajari Siah Marzkouh, “Intrusion Detection Model in Smart Homes Based on Principal Component Analysis and Random Forest Classification,” Electron. Cyber Def., vol. 12, no. 2, pp. 15–25, 2024. (in Persian)dor:https://dor.isc.ac/dor/20.1001.1.23224347.1403.12. 22.2.

[46] A. Karimi and M. R. Khosravi Farsani, “Improving the Accuracy of Code Smell Detection Using the Gray Wolf Algorithm Based on Machine Learning and Majority Voting Techniques,” Electron. Cyber Def., vol. 12, no. 1, pp. 109–122, 2024. (in Persian).dor: https://dor.isc.ac/dor/20.1001.1.23224347.1403.12.1.9.7.

[47] M. Khurram and M. Rahmani Manesh, “DDOS Attack Detection System Using Clustering Method and Active Learning Approach,” Electron. Cyber Def., vol. 11, no. 3, pp. 101–118, 2023. (in Persian).dor: https://dor.isc.ac/dor/20.1001.1.23224347.1402.11.3.10.5

[48] M. Hesabi and M. De Pierre, “An Improved Method for Detecting Malware Attacks in Cloud Computing Using Crowd Learning,” Electron. Cyber Def., vol. 10, no. 4, pp. 33–39, 2023. (in Persian).dor: https://dor.isc.ac/dor/20.1001.1.23224347.1401.10.4.4.4

[49] K. A. Alaghbari, H. S. Lim, M. H. M. Saad, and Y. S. Yong, “Deep Autoencoder-Based Integrated Model for Anomaly Detection and Efficient Feature Extraction in IoT Networks,” IoT, vol. 4, no. 3, pp. 345–365, 2023

[50] K. N. Singh et al., “LSTM Based Stacked Autoencoder Approach for Time Series Forecasting,” J. Indian Soc. Agric. Stat., vol. 77, pp. 71–78, 2023.

[51] E. Tsogbaatar et al., “DeL-IoT: A Deep Ensemble Learning Approach to Uncover Anomalies in IoT,” Internet of Things, vol. 14, p. 100391, 2021.

[52] M. Kusy and P. A. Kowalski, “Weighted Probabilistic Neural Network,” Information Sciences, vol. 430, pp. 65–76, 2018.

[53] I. Ullah and Q. H. Mahmoud, “A Technique for Generating a Botnet Dataset for Anomalous Activity Detection in IoT Networks,” in Proc. IEEE Int. Conf. Systems, Man, and Cybernetics (SMC), Oct. 2020.

[54] I. Ullah and Q. H. Mahmoud, “A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks,” in Advances in Artificial Intelligence (Lecture Notes in Computer Science), vol. 12109, C. Goutte and X. Zhu, Eds. Cham, Switzerland: Springer, 2020, pp. 508–520

[55] I. Ullah and Q. H. Mahmoud, “Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks,” IEEE Access, vol. 9, pp. 103906–103926, 2021.

[56] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proc. IEEE Symp. Comput. Intell. Security Defense Applications, Jul. 2009.

[57] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019.

[58] H. Kang, D. H. Ahn, G. M. Lee, J. D. Yoo, K. H. Park, and H. K. Kim, “IoT Network Intrusion Dataset,” IEEE Dataport, Tech. Rep.,2020.

[59] A. Parmisano, S. Garcia, and M. J. Erquiaga, “IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic,” Stratosphere Laboratory, Praha, Czech Republic, Tech. Rep., 2020.

[60] H. Hindy, E. Bayne, M. Bures, R. Atkinson, C. Tachtatzis, and X. Bellekens, “Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset),” in Proc. Int. Networking Conf., 2020, pp. 73–84

[61] I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso, “MQTTset: A New Dataset for Machine Learning Techniques on MQTT,” Sensors, vol. 20, no. 22, p. 6578, Nov. 2020.