TY  - BOOK
AU  - Abdullah Mohammed Abdullah Alamri, 
AU  - Ghada Dahy Fathy Kamel
AU  - Hesham N. Elmahdy
TI  - A novel framework for threat detection in IoT
U1  - 006.3 
PY  - 2025///
KW  - Internet of Things
KW  - Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡
KW  - Internet of Things (IoT)
KW  - Threat Detection
KW  - Intrusion Detection System (IDS)
KW  - Machine Learning (ML)
KW  - Random Forest
KW  - Feature Selection
KW  - Class Balancing
KW  - TON-IoT
KW  - Downsampling
KW  - Adaptive Learning
KW  - GDPR
KW  - Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡ (IoT)
KW  - ÙØ¸Ø§Ù ÙØ´Ù Ø§ÙØªØ³ÙÙ
N1  - Thesis (M.Sc)-Cairo University, 2025; Bibliography: pages 65-69; Issues also as CD
N2  - The rapid proliferation of Internet of Things (IoT) devices has resulted in the 
formation of highly interconnected ecosystems, simultaneously increasing the 
attack surface. This is because devices have limited resources, there are many 
different protocols, and standards that aren't always the same, which makes 
security holes quite clear. Traditional defenses that use signatures or rules have a 
hard time keeping up with the changing and multidimensional nature of IoT 
communications. In response, we propose a machine-learning-based intrusion 
detection method that combines feature selection with class rebalancing. We 
used the modern TON-IoT dataset, which comprises IoT/IIoT sensor telemetry, 
Windows/Linux logs, and network traces, to test this framework. 
There are four steps in our pipeline. Data preprocessing: StandardScaler is 
used to standardize numeric attributes and fix duplicates and missing values so 
that learning is stable. Change in class distribution: Downsampling fixes a big 
imbalance, so the "Normal" and " Malicious " classes (each with 160k instances) 
are now equally represented, and the multiclass proportions are almost the same 
(around 11% for each class). Feature selection: SelectKBest uses mutual 
information to find the best discriminative features, such as timestamp, 
source/destination IPs and ports, session duration, connection state, and volume 
measurements. This cuts down on dimensionality and training costs. Modeling 
and optimization: We look at Random Forest, Gradient Boosting, K-Nearest 
Neighbors, Decision Tree, SVM, Gaussian Naive Bayes, LDA, QDA, and MLP. 
We change the hyperparameters using GridSearchCV and 
RandomizedSearchCV. 
A comprehensive evaluation utilizing Accuracy, Precision, Recall, F1-score, 
and confusion matrices demonstrates the superiority of ensemble approaches. 
The balanced split yielded an accuracy of 98.79% with the Random Forest 
model. Gradient Boosting gets 96.75%, KNN gets 96.54%, and Decision Tree 
gets 95.58%. SVM gets 64.92%, which shows that IoT traffic is hard to separate 
in a simple way. On the other hand, Gaussian Naive Bayes and QDA only get 
5.57% and 4.33%, respectively. The results show how important it is to combine 
feature selection with class balancing to improve generalization and make the 
computer work faster. 


3 

 
Our main contribution is to develop a robust and scalable Intrusion Detection 
System (IDS) framework for the Internet of Things (IoT), based on a combination 
of preprocessing, balancing, and feature selection with model-aware 
optimization. This includes attack type classification using multiclass 
categorization. We also offer best practices for deploying intelligent IOS systems 
across various IoT environments, highlighting practical benefits. Looking ahead, 
we advocate for lightweight, resource-efficient models that are suitable for 
limited devices and facilitate adaptive/online learning for monitoring emerging 
threats. We emphasize the importance of ethical safeguards, including privacy, 
fairness, openness, and accountability; Ø£Ø¯Ù Ø§ÙØ§ÙØªØ´Ø§Ø± Ø§ÙØ³Ø±ÙØ¹ ÙØ£Ø¬ÙØ²Ø© Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡ (IoT) Ø¥ÙÙ ØªÙÙÙÙ Ø£ÙØ¸ÙØ© Ø¨ÙØ¦ÙØ© ÙØªØ±Ø§Ø¨Ø·Ø© ÙÙØºØ§ÙØ© Ø ÙÙØ§ Ø£Ø¯Ù ÙÙ ÙÙØ³ Ø§ÙÙÙØª Ø¥ÙÙ Ø²ÙØ§Ø¯Ø© Ø³Ø·Ø­ Ø§ÙÙØ¬ÙÙ. ÙØ°ÙÙ ÙØ£Ù Ø§ÙØ£Ø¬ÙØ²Ø© ÙØ¯ÙÙØ§ ÙÙØ§Ø±Ø¯ ÙØ­Ø¯ÙØ¯Ø© Ø ÙÙÙØ§Ù Ø§ÙØ¹Ø¯ÙØ¯ ÙÙ Ø§ÙØ¨Ø±ÙØªÙÙÙÙØ§Øª Ø§ÙÙØ®ØªÙÙØ© Ø ÙØ§ÙÙØ¹Ø§ÙÙØ± Ø§ÙØªÙ ÙÙØ³Øª Ø¯Ø§Ø¦ÙØ§ ÙØªØ´Ø§Ø¨ÙØ© Ø ÙÙØ§ ÙØ¬Ø¹Ù Ø§ÙØ«ØºØ±Ø§Øª Ø§ÙØ£ÙÙÙØ© ÙØ§Ø¶Ø­Ø© ØªÙØ§ÙØ§. ØªÙØ§Ø¬Ù Ø§ÙØ¯ÙØ§Ø¹Ø§Øª Ø§ÙØªÙÙÙØ¯ÙØ© Ø§ÙØªÙ ØªØ³ØªØ®Ø¯Ù Ø§ÙØªÙÙÙØ¹Ø§Øª Ø£Ù Ø§ÙÙÙØ§Ø¹Ø¯ ØµØ¹ÙØ¨Ø© ÙÙ ÙÙØ§ÙØ¨Ø© Ø§ÙØ·Ø¨ÙØ¹Ø© Ø§ÙÙØªØºÙØ±Ø© ÙØ§ÙÙØªØ¹Ø¯Ø¯Ø© Ø§ÙØ£Ø¨Ø¹Ø§Ø¯ ÙØ§ØªØµØ§ÙØ§Øª Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡. Ø±Ø¯Ø§ Ø¹ÙÙ Ø°ÙÙ Ø ÙÙØªØ±Ø­ Ø·Ø±ÙÙØ© Ø§ÙÙØ´Ù Ø¹Ù Ø§ÙØªØ³ÙÙ Ø§ÙÙØ³ØªÙØ¯Ø© Ø¥ÙÙ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ ÙØ§ÙØªÙ ØªØ¬ÙØ¹ Ø¨ÙÙ ØªØ­Ø¯ÙØ¯ Ø§ÙÙÙØ²Ø© ÙØ¥Ø¹Ø§Ø¯Ø© ÙÙØ§Ø²ÙØ© Ø§ÙÙØµÙ. Ø§Ø³ØªØ®Ø¯ÙÙØ§ ÙØ¬ÙÙØ¹Ø© Ø¨ÙØ§ÙØ§Øª TON-IoT Ø§ÙØ­Ø¯ÙØ«Ø© Ø ÙØ§ÙØªÙ ØªØ´ØªÙÙ Ø¹ÙÙ Ø§ÙÙÙØ§Ø³ Ø¹Ù Ø¨Ø¹Ø¯ ÙÙØ³ØªØ´Ø¹Ø± IoT / IIoT Ø ÙØ³Ø¬ÙØ§Øª Windows / Linux Ø ÙØªØªØ¨Ø¹ Ø§ÙØ´Ø¨ÙØ© Ø ÙØ§Ø®ØªØ¨Ø§Ø± ÙØ°Ø§ Ø§ÙØ¥Ø·Ø§Ø±.
ÙÙØ§Ù Ø£Ø±Ø¨Ø¹ Ø®Ø·ÙØ§Øª ÙÙ Ø®Ø· Ø§ÙØ£ÙØ§Ø¨ÙØ¨ ÙØ¯ÙÙØ§. Ø§ÙÙØ¹Ø§ÙØ¬Ø© Ø§ÙÙØ³Ø¨ÙØ© ÙÙØ¨ÙØ§ÙØ§Øª: ÙØ³ØªØ®Ø¯Ù StandardScaler ÙØªÙØ­ÙØ¯ Ø§ÙØ³ÙØ§Øª Ø§ÙØ±ÙÙÙØ© ÙØ¥ØµÙØ§Ø­ Ø§ÙÙÙÙ Ø§ÙÙÙØ±Ø±Ø© ÙØ§ÙÙÙÙÙØ¯Ø© Ø¨Ø­ÙØ« ÙÙÙÙ Ø§ÙØªØ¹ÙÙ ÙØ³ØªÙØ±Ø§. Ø§ÙØªØºÙÙØ± ÙÙ ØªÙØ²ÙØ¹ Ø§ÙÙØ¦Ø©: ÙØ¹ÙÙ ØªÙÙÙÙ Ø§ÙØ¹ÙÙØ§Øª Ø¹ÙÙ Ø¥ØµÙØ§Ø­ Ø®ÙÙ ÙØ¨ÙØ± Ø ÙØ°Ø§ ÙØ¥Ù Ø§ÙÙØ¦ØªÙÙ "Ø¹Ø§Ø¯Ù" Ù "ØºÙØ± Ø¹Ø§Ø¯Ù" (ÙÙÙ ÙÙÙÙØ§ 160 Ø£ÙÙ ÙØ«ÙÙ) ÙÙØ«ÙØ© Ø§ÙØ¢Ù Ø¨Ø§ÙØªØ³Ø§ÙÙ Ø ÙØ§ÙÙØ³Ø¨ ÙØªØ¹Ø¯Ø¯Ø© Ø§ÙÙØ¦Ø§Øª ÙÙ ÙÙØ³ÙØ§ ØªÙØ±ÙØ¨Ø§ (Ø­ÙØ§ÙÙ 11Ùª ÙÙÙ ÙØ¦Ø©). ØªØ­Ø¯ÙØ¯ Ø§ÙÙÙØ²Ø©: ÙØ³ØªØ®Ø¯Ù SelectKBest Ø§ÙÙØ¹ÙÙÙØ§Øª Ø§ÙÙØªØ¨Ø§Ø¯ÙØ© ÙÙØ¹Ø«ÙØ± Ø¹ÙÙ Ø£ÙØ¶Ù Ø§ÙÙÙØ²Ø§Øª Ø§ÙØªÙÙÙØ²ÙØ©Ø ÙØ«Ù Ø§ÙØ·Ø§Ø¨Ø¹ Ø§ÙØ²ÙÙÙ ÙØ¹ÙØ§ÙÙÙ IP ÙØ§ÙÙÙØ§ÙØ° Ø§ÙÙØµØ¯Ø±/Ø§ÙÙØ¬ÙØ© ÙÙØ¯Ø© Ø§ÙØ¬ÙØ³Ø© ÙØ­Ø§ÙØ© Ø§ÙØ§ØªØµØ§Ù ÙÙÙØ§Ø³Ø§Øª Ø§ÙØ­Ø¬Ù. ÙØ°Ø§ ÙÙÙÙ ÙÙ Ø§ÙØ£Ø¨Ø¹Ø§Ø¯ ÙØªÙØ§ÙÙÙ Ø§ÙØªØ¯Ø±ÙØ¨. Ø§ÙÙÙØ°Ø¬Ø© ÙØ§ÙØªØ­Ø³ÙÙ: ÙÙØ¸Ø± Ø¥ÙÙ Ø§ÙØºØ§Ø¨Ø© Ø§ÙØ¹Ø´ÙØ§Ø¦ÙØ© Ø ÙØªØ¹Ø²ÙØ² Ø§ÙØªØ¯Ø±Ø¬ Ø ÙØ£ÙØ±Ø¨ Ø¬ÙØ±Ø§Ù K Ø ÙØ´Ø¬Ø±Ø© Ø§ÙÙØ±Ø§Ø± Ø Ù SVM Ø Ù Gaussian Naive Bayes Ø Ù LDA Ø Ù QDA Ø Ù MLP. ÙÙÙÙ Ø¨ØªØºÙÙØ± Ø§ÙÙØ¹ÙÙØ§Øª Ø§ÙÙØ§Ø¦ÙØ© Ø¨Ø§Ø³ØªØ®Ø¯Ø§Ù GridSearchCV Ù RandomizedSearchCV.
ÙÙØ¶Ø­ Ø§ÙØªÙÙÙÙ Ø§ÙØ´Ø§ÙÙ Ø§ÙØ°Ù ÙØ³ØªØ®Ø¯Ù ÙØµÙÙÙØ§Øª Ø§ÙØ¯ÙØ© ÙØ§ÙØ¯ÙØ© ÙØ§ÙØ§Ø³ØªØ¯Ø¹Ø§Ø¡ ÙØ¯Ø±Ø¬Ø© F1 ÙØ§ÙØ§Ø±ØªØ¨Ø§Ù ØªÙÙÙ ÙÙØ§ÙØ¬ Ø§ÙÙØ¬ÙÙØ¹Ø©. ÙÙÙØ­ Ø§ÙØªÙØ³ÙÙ Ø§ÙØ£ÙÙÙ ØºÙØ± Ø§ÙÙØªÙØ§Ø²Ù Ø¯ÙØ© Random    Forest  Ø¨ÙØ¶Ù Ø§ÙØªÙØ³ÙÙ Ø§ÙÙØªÙØ§Ø²Ù 98.79Ùª.  ÙØ­ØµÙ ØªØ¹Ø²ÙØ² Ø§ÙØªØ¯Ø±Ø¬ Ø¹ÙÙ 96.75Ùª Ø ÙØªØ­ØµÙ KNN Ø¹ÙÙ 96.54Ùª Ø ÙØ´Ø¬Ø±Ø© Ø§ÙÙØ±Ø§Ø± ØªØ­ØµÙ Ø¹ÙÙ 95.58Ùª. ØªØ­ØµÙ SVM Ø¹ÙÙ 64.92Ùª Ø ÙÙØ§ ÙØ¯Ù Ø¹ÙÙ Ø£ÙÙ ÙÙ Ø§ÙØµØ¹Ø¨ ÙØµÙ Ø­Ø±ÙØ© ÙØ±ÙØ± Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡ Ø¨Ø·Ø±ÙÙØ© Ø¨Ø³ÙØ·Ø©. ÙÙ ÙØ§Ø­ÙØ© Ø£Ø®Ø±Ù Ø ÙØ­ØµÙ Gaussian Naive Bayes Ù QDA Ø¹ÙÙ 5.57Ùª Ù 4.33Ùª ÙÙØ· Ø¹ÙÙ Ø§ÙØªÙØ§ÙÙ. ØªÙØ¶Ø­ Ø§ÙÙØªØ§Ø¦Ø¬ ÙØ¯Ù Ø£ÙÙÙØ© Ø§ÙØ¬ÙØ¹ Ø¨ÙÙ Ø§Ø®ØªÙØ§Ø± Ø§ÙÙÙØ²Ø© ÙÙÙØ§Ø²ÙØ© Ø§ÙÙØ¦Ø© ÙØªØ­Ø³ÙÙ Ø§ÙØªØ¹ÙÙÙ ÙØ¬Ø¹Ù Ø§ÙÙÙØ¨ÙÙØªØ± ÙØ¹ÙÙ Ø¨Ø´ÙÙ Ø£Ø³Ø±Ø¹.
ØªØªÙØ«Ù Ø§ÙÙØ³Ø§ÙÙØ© Ø§ÙØ±Ø¦ÙØ³ÙØ© ÙÙ ÙØ®Ø·Ø· IDS ÙÙÙ ÙÙØ§Ø¨Ù ÙÙØªØ·ÙÙØ± ÙØ¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡ ÙØ³ØªØ®Ø¯Ù ÙØ²ÙØ¬Ø§ ÙØ¨Ø¯Ø¦ÙØ§ ÙÙ Ø§ÙÙØ¹Ø§ÙØ¬Ø© Ø§ÙÙØ³Ø¨ÙØ© ÙØ§ÙÙÙØ§Ø²ÙØ© ÙØ§Ø®ØªÙØ§Ø± Ø§ÙÙÙØ²Ø§Øª ÙØ¹ Ø§ÙØªØ­Ø³ÙÙ Ø§ÙÙØ¯Ø±Ù ÙÙÙÙÙØ°Ø¬. ØªÙØµÙÙØ§ Ø£ÙØ¶Ø§ Ø¥ÙÙ ÙØµØ§Ø¦Ø­ Ø­ÙÙ Ø£ÙØ¶Ù Ø§ÙÙÙØ§Ø±Ø³Ø§Øª ÙØ§Ø³ØªØ®Ø¯Ø§Ù IDS Ø§ÙØ°ÙÙ ÙÙ Ø¥Ø¹Ø¯Ø§Ø¯Ø§Øª Ø¥ÙØªØ±ÙØª Ø§ÙØ£Ø´ÙØ§Ø¡ Ø§ÙÙØ®ØªÙÙØ© Ø Ø¨Ø§ÙØ¥Ø¶Ø§ÙØ© Ø¥ÙÙ ÙÙØ§Ø¦Ø¯ Ø§ÙØ¹Ø§ÙÙ Ø§ÙØ­ÙÙÙÙ. ÙÙ Ø®ÙØ§Ù ØªØ¨ÙÙ Ø§ÙÙØ³Ø§Ø¹Ù Ø§ÙÙØ³ØªÙØ¨ÙÙØ© Ø ÙØ¯Ø¹Ù Ø¥ÙÙ Ø§Ø¹ØªÙØ§Ø¯ ÙÙØ§Ø°Ø¬ Ø®ÙÙÙØ© Ø§ÙÙØ²Ù ÙÙØ¹Ø§ÙØ© ÙÙ Ø§Ø³ØªØ®Ø¯Ø§Ù Ø§ÙÙÙØ§Ø±Ø¯ ÙÙØ§Ø³Ø¨Ø© ÙÙØ£Ø¬ÙØ²Ø© Ø§ÙÙÙÙØ¯Ø© ÙØªØ³ÙÙ Ø§ÙØªØ¹ÙÙ Ø§ÙØªÙÙÙÙ / Ø¹Ø¨Ø± Ø§ÙØ¥ÙØªØ±ÙØª ÙÙØ±Ø§ÙØ¨Ø© Ø§ÙÙØ®Ø§Ø·Ø± Ø§ÙÙØ§Ø´Ø¦Ø©. ÙØ¤ÙØ¯ Ø£ÙØ¶Ø§ Ø¹ÙÙ ÙØ¯Ù Ø£ÙÙÙØ© ÙØ¬ÙØ¯ Ø­ÙØ§ÙØ© Ø£Ø®ÙØ§ÙÙØ© ÙÙØ®ØµÙØµÙØ© ÙØ§ÙØ¥ÙØµØ§Ù ÙØ§ÙØ§ÙÙØªØ§Ø­ ÙØ§ÙÙØ³Ø¤ÙÙÙØ©.
ER  -