Internet of Things (IoTs) Security: Intrusion Detection using Deep Learning




convolutional neural networks, Deep Learning, Imbalanced Datasets, Internet of Things, Web Security


With the development of sensor and communication technologies, the use of connected devices in industrial applications has been common for a long time. Reduction of costs during this period and the definition of Internet of Things (IoTs) concept have expanded the application area of small connected devices to the level of end-users. This paved the way for IoT technology to provide a wide variety of application alternative and become a part of daily life. Therefore, a poorly protected IoT network is not sustainable and has a negative effect on not only devices but also the users of the system. In this case, protection mechanisms which use conventional intrusion detection approaches become inadequate. As the intruders’ level of expertise increases, identification and prevention of new kinds of attacks are becoming more challenging. Thus, intelligent algorithms, which are capable of learning from the natural flow of data, are necessary to overcome possible security breaches. Many studies suggesting models on individual attack types have been successful up to a point in recent literature. However, it is seen that most of the studies aiming to detect multiple attack types cannot successfully detect all of these attacks with a single model. In this study, it is aimed to suggest an all-in-one intrusion detection mechanism for detecting multiple intrusive behaviors and given network attacks. For this aim, a custom deep neural network is designed and implemented to classify a number of different types of network attacks in IoT systems with high accuracy and F1-score. As a test-bed for comparable results, one of the up-to-date dataset (CICIDS2017), which is highly imbalanced, is used and the reached results are compared with the recent literature. While the initial propose was successful for most of the classes in the dataset, it was noted that achievement was low in classes with a small number of samples. To overcome imbalanced data problem, we proposed a number of augmentation techniques and compared all the results. Experimental results showed that the proposed methods yield highest efficiency among observed literature.


Download data is not yet available.

Author Biographies

Ozgur Koray Sahingoz, Department of Computer Engineering, Faculty of Engineering and Natural Sciences, Biruni University, Istanbul, Turkey

Ozgur Koray Sahingoz received the B.Sc. degree from the Computer Engineering Department, Bogazici University, in 1993, and the M.S. and Ph.D. degrees from the Computer Engineering Department, Istanbul Technical University, in 1998 and 2006, respectively. He is currently working as Professor with the Computer Engineering Department, Biruni University/Istanbul. He is the author of more than 100 articles. He has been working in two research projects. He graduated more than 13 M.Sc. students and supervised around six Ph.D. students. He has reviewed more than 80 national projects especially related to TUBITAK, KOSGEB-Ministry of Industry and Technology, Turkey. He is also a regular Reviewer for more than 40 Science Citation Index (/Expanded) international journals. His research interests include artificial intelligence, machine/deep learning, data science, software engineering, and UAV networking. Dr. Sahingoz has also been very active in scientific conferences, organized and/or works as program committee members more than 100 conferences/workshops on different research areas, especially on artificial intelligence and information sciences. He has developed and taught around 20 different academic courses.

Ugur Cekmez, Chooch Intelligence Technologies Co., California, USA

Ugur Cekmez was born in Istanbul, Turkey, in 1989. He received the B.Sc. degree from the Computer Science Department, Istanbul Bilgi University, in 2012, and the M.S. degree from the Computer Engineering Department, Turkish Air Force Academy, in 2014. He is currently pursuing the Ph.D. degree with the Computer Engineering Department, Marmara University. He is an experienced Research Scientist with a demonstrated history of working in the information technology industry. Skilled in AI, Data Intelligence, Container Technology, Python and node.js. His research interests include AI and Data Science, Evolutionary Algorithms, Cloud Technologies, E-commerce and Finance Technologies. He has been co-founding projects and start-ups in digital concepts. He previously worked as a Research Assistant at Yildiz Technical University, as a Senior Researcher at TUBITAK, as an R&D engineer at SIEMENS, Turkey and as a Senior Research Engineer at Turkish Television and Radio Corporation (TRT). He is currently working as a Senior Researcher at Chooch Intelligence Technologies Co, the USA.

Ali Buldu, Department of Computer Engineering, Faculty of Technology, Marmara University, Istanbul, Turkey

Ali Buldu was born in 1971 in Kayseri, Turkey. He received the B.Sc. degree from Marmara University Technical Education Faculty Electronic and Computer Department. He received M.Sc. and Ph.D. degrees from Marmara University Institute for Graduate Studies in Pure and Applied Sciences in 1996 and 2003, respectively. Dr. Buldu has been Professor with the Computer Engineering Department since October 2019. His research interests focus on Computer Hardware, Circuit Design with Embedded Systems Computer Aided Education, Information Technologies and Computer Programming Languages.


S. Steinberg, “Cyberattacks now cost companies $200,000 on average, putting many out of business,”, 2019, accessed: 2021-05-31.

S. Jenkins, “Learning to love siem,” Network Security, vol. 2011, no. 4, pp. 18–19, 2011.

J. P. Farwell and R. Rohozinski, “Stuxnet and the future of cyber war,” Survival, vol. 53, no. 1, pp. 23–40, 2011.

C. Bronk and E. Tikk-Ringas, “The cyber attack on saudi aramco,” Survival, vol. 55, no. 2, pp. 81–96, 2013.

R. Walters, “Cyber attacks on us companies in 2014,” The Heritage Foundation, vol. 4289, pp. 1–5, 2014.

L. M. at Forbes, “Hackers use ddos attack to cut heat to apartments,”, 2016, accessed: 2021-05-31.

L. Mathews, “Criminals hacked a fish tank to steal data from a casino,”, 2017, accessed: 2021-05-31.

A. Greenberg, “The jeep hackers are back to prove car hacking can get much worse,”, 2016, accessed: 2021-05-31.

A. Chiu, “She installed a ring camera in her children’s room for ‘peace of mind.’ a hacker accessed it and harassed her 8-year-old daughter,”, 2019, accessed: 2021-05-31.

S. Jain, “Woman says hacker spied on her through webcam,”, 2017, accessed: 2021-05-31.

C. Matyszczyk, “Hacker shouts at baby through baby monitor,”, 2014, accessed: 2021-05-31.

E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R. Atkinson, “Shallow and deep networks intrusion detection system: A taxonomy and survey,” arXiv preprint arXiv:1701.02145, 2017.

U. Cekmez, Z. Erdem, A. G. Yavuz, O. K. Sahingoz, and A. Buldu, “Network anomaly detection with deep learning,” in 2018 26th Signal Processing and Communications Applications Conference (SIU). IEEE, 2018, pp. 1–4.

G. Klambauer, T. Unterthiner, A. Mayr, and S. Hochreiter, “Self-normalizing neural networks,” in Advances in Neural Information Processing Systems, 2017, pp. 971–980.

L. Xu, M. Skoularidou, A. Cuesta-Infante, and K. Veeramachaneni, “Modeling tabular data using conditional gan,” in Advances in Neural Information Processing Systems, 2019, pp. 7335–7345.

J. H. Nord, A. Koohang, and J. Paliszkiewicz, “The internet of things: Review and theoretical framework,” Expert Systems with Applications, vol. 133, pp. 97–108, 2019.

P. P. Ray, “A survey on internet of things architectures,” Journal of King Saud University-Computer and Information Sciences, vol. 30, no. 3, pp. 291–319, 2018.

S. H. Shah and I. Yaqoob, “A survey: Internet of things (iot) technologies, applications and challenges,” in 2016 IEEE Smart Energy Grid Engineering (SEGE). IEEE, 2016, pp. 381–385.

P. Scully, “Top 10 iot applications in 2020,”, 2019, accessed: 2021-05-31.

M. Ndiaye, S. S. Oyewobi, A. M. Abu-Mahfouz, G. P. Hancke, A. M. Kurien, and K. Djouani, “Iot in the wake of covid-19: A survey on contributions, challenges and evolution,” IEEE Access, vol. 8, pp. 186 821–186 839, 2020.

R. P. Singh, M. Javaid, A. Haleem, and R. Suman, “Internet of things (iot) applications to fight against covid-19 pandemic,” Diabetes & Metabolic Syndrome: Clinical Research & Reviews, 2020.

Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for internet of things,” Journal of network and computer applications, vol. 42, pp. 120–134, 2014.

I. Cvitić, M. Vujić et al., “Classification of security risks in the iot environment.” Annals of DAAAM & Proceedings, vol. 26, no. 1, 2015.

L. Tawalbeh, F. Muheidat, M. Tawalbeh, M. Quwaider et al., “Iot privacy and security: Challenges and solutions,” Applied Sciences, vol. 10, no. 12, p. 4102, 2020.

A. Selamat and Z. Iqal, “Open challenges in internet of things security,” in Journal of Physics: Conference Series, vol. 1447, no. 1. IOP Publishing, 2020, p. 012054.

F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, “Internet of things security: A survey,” Journal of Network and Computer Applications, vol. 88, pp. 10–28, 2017.

F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine learning in iot security: current solutions and future challenges,” IEEE Communications Surveys & Tutorials, 2020.

H.-S. Chae and S. Choi, “Feature selection for efficient intrusion detection using attribute ratio,” International Journal of Computers and Communications, vol. 8, 2014.

L. H. Yeo, X. Che, and S. Lakkaraju, “Modern intrusion detection systems,” CoRR, vol. abs/1708.07174, 2017. [Online]. Available:

A. A. Aburomman and M. B. I. Reaz, “A survey of intrusion detection systems based on ensemble and hybrid classifiers,” Computers & Security, vol. 65, pp. 135 – 152, 2017.

A. Patel, Q. Qassim, and C. Wills, “A survey of intrusion detection and prevention systems,” Information Management & Computer Security, vol. 18/4, pp. 277–290, 2010.

O. K. Sahingoz and N. Erdogan, “Rubdes: A rule based distributed event system,” in Computer and Information Sciences - ISCIS 2003. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 284–291.

W. Hu and Y. Tan, “Generating adversarial malware examples for black-box attacks based on gan,” arXiv preprint arXiv:1702.05983, 2017.

J. Kos, I. Fischer, and D. Song, “Adversarial examples for generative models,” in 2018 IEEE Security and Privacy Workshops (SPW). IEEE, 2018, pp. 36–42.

G. Karatas and O. K. Sahingoz, “Neural network based intrusion detection systems with different training functions,” in Proceedings of the 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, 2018.

M. Roopak, G. Y. Tian, and J. Chambers, “Deep learning models for cyber security in iot networks,” in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2019, pp. 0452–0457.

O. Faker and E. Dogdu, “Intrusion detection using big data and deep learning techniques,” in Proceedings of the 2019 ACM Southeast Conference, 2019, pp. 86–93.

M. D. Hossain, H. Ochiai, F. Doudou, and Y. Kadobayashi, “Ssh and ftp brute-force attacks detection in computer networks: Lstm and machine learning approaches,” in 2020 5th International Conference on Computer and Communication Systems (ICCCS). IEEE, 2020, pp. 491–497.

Z. Pelletier and M. Abualkibash, “Evaluating the cic ids-2017 dataset using machine learning methods and creating multiple predictive models in the statistical computing language r,” Science, vol. 5, no. 2, pp. 187–191, 2020.

H. Zhang, L. Huang, C. Q. Wu, and Z. Li, “An effective convolutional neural network based on smote and gaussian mixture model for intrusion detection in imbalanced dataset,” Computer Networks, p. 107315, 2020.

R. Abdulhammed, H. Musafer, A. Alessa, M. Faezipour, and A. Abuzneid, “Features dimensionality reduction approaches for machine learning based network intrusion detection,” Electronics, vol. 8, no. 3, p. 322, 2019.

Y. Zhang, X. Chen, D. Guo, M. Song, Y. Teng, and X. Wang, “Pccn: Parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows,” IEEE Access, vol. 7, pp. 119 904–119 916, 2019.

W. Elmasry, A. Akbulut, and A. H. Zaim, “Empirical study on multiclass classification-based network intrusion detection,” Computational Intelligence, vol. 35, no. 4, pp. 919–954, 2019.

——, “Evolving deep learning architectures for network intrusion detection using a double pso metaheuristic,” Computer Networks, vol. 168, p. 107042, 2020.

A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” computers & security, vol. 31, no. 3, pp. 357–374, 2012.

D. S. Terzi, R. Terzi, and S. Sagiroglu, “Big data analytics for network anomaly detection from netflow data,” in 2017 International Conference on Computer Science and Engineering (UBMK). IEEE, 2017, pp. 592–597.

D. Krovich, A. Cottrill, and D. J. Mancini, “A cloud based entitlement granting engine,” in National Cyber Summit. Springer, 2019, pp. 220–231.

G. Maciá-Fernández, J. Camacho, R. Magán-Carrión, P. García-Teodoro, and R. Therón, “Ugr’16: A new dataset for the evaluation of cyclostationarity-based network idss,” Computers & Security, vol. 73, pp. 411–424, 2018.

X. A. Larriva-Novo, M. Vega-Barbas, V. A. Villagrá, and M. S. Rodrigo, “Evaluation of cybersecurity data set characteristics for their applicability to neural networks algorithms detecting cybersecurity anomalies,” IEEE Access, vol. 8, pp. 9005–9014, 2020.

L. Dhanabal and S. Shantharajah, “A study on nsl-kdd dataset for intrusion detection system based on classification algorithms,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446–452, 2015.

N. Moustafa and J. Slay, “Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set),” in 2015 military communications and information systems conference (MilCIS). IEEE, 2015, pp. 1–6.

W. Zong, Y.-W. Chow, and W. Susilo, “Interactive three-dimensional visualization of network intrusion detection data for machine learning,” Future Generation Computer Systems, vol. 102, pp. 292–306, 2020.

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the kdd cup 99 data set,” in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on. IEEE, 2009, pp. 1–6.

“Darpa 98 data set,”, 1998, accessed: 2021-05-31.

J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions on Information and System Security (TISSEC), vol. 3, no. 4, pp. 262–294, 2000.

“Kdd cup 99,”, 1999, accessed: 2021-05-31.

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization.” in ICISSP, 2018, pp. 108–116.

I. Ullah and Q. H. Mahmoud, “A scheme for generating a dataset for anomalous activity detection in iot networks,” in Canadian Conference on Artificial Intelligence. Springer, 2020, pp. 508–520.

H. Hindy, C. Tachtatzis, R. Atkinson, E. Bayne, and X. Bellekens, “Mqtt-iot-ids2020: Mqtt internet of things intrusion detection dataset,” 2020. [Online]. Available:

H. Kang, D. H. Ahn, G. M. Lee, J. D. Yoo, K. H. Park, and H. K. Kim, “Iot network intrusion dataset,” 2019. [Online]. Available:

H. Hindy, E. Bayne, M. Bures, R. Atkinson, C. Tachtatzis, and X. Bellekens, “Machine learning based iot intrusion detection system: An mqtt case study (mqtt-iot-ids2020 dataset),” 2020.

F. Chollet, “Xception: Deep learning with depthwise separable convolutions,” in Proceedings of the IEEE conference on computer vision and pattern recognition, 2017, pp. 1251–1258.

S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” CoRR, vol. abs/1502.03167, 2015. [Online]. Available:

B.-C. Kim, Y. S. Sung, and H.-I. Suk, “Deep feature learning for pulmonary nodule classification in a lung ct,” in 2016 4th International Winter Conference on Brain-Computer Interface (BCI). IEEE, 2016, pp. 1–3.

I. Loshchilov and F. Hutter, “Fixing weight decay regularization in adam,” arXiv preprint arXiv:1711.05101, 2017.

“Tensorflow documentation for imbalanced data,”, 2020, accessed: 2021-05-31.

O. Gencoglu, M. van Gils, E. Guldogan, C. Morikawa, M. Süzen, M. Gruber, J. Leinonen, and H. Huttunen, “Hark side of deep learning–from grad student descent to automated machine learning,” arXiv preprint arXiv:1904.07633, 2019.

M. A. Hossen, F. Siddika, T. K. Chanda, and T. Bhuiyan, “A comparison of some soft computing methods on imbalanced data,” in International Conference on Cyber Security and Computer Science, 2018.

V. Chamola, V. Hassija, V. Gupta, and M. Guizani, “A comprehensive review of the covid-19 pandemic and the role of iot, drones, ai, blockchain, and 5g in managing its impact,” IEEE Access, vol. 8, pp. 90 225–90 265, 2020.