Optimized detection of cyber-attacks on IoT networks via hybrid deep learning models
Ahmed Bensaoud, Jugal Kalita
TL;DR
This paper addresses the challenge of detecting both known and unknown cyber-attacks in IoT networks by proposing a hybrid framework that fuses Self-Organizing Maps (SOMs), Deep Belief Networks (DBNs), and Autoencoders (AEs). The approach is further enhanced by a novel Particle Swarm Optimization (PSO) scheme that jointly tunes hyperparameters across all three models, with an objective that combines reconstruction, clustering, and hierarchical losses. Experimental results on NSL-KDD, UNSW-NB15, and CICIoT2023 show near-perfect accuracy and MCC on multiple attack classes, demonstrating strong robustness to emerging threats and dataset diversity. The work highlights the potential of hybrid unsupervised-supervised architectures, augmented with optimization and attention-based interpretability, to deliver scalable, real-time intrusion detection for dynamic IoT environments, while outlining avenues for privacy-preserving, edge-enabled, and explainable enhancements.
Abstract
The rapid expansion of Internet of Things (IoT) devices has increased the risk of cyber-attacks, making effective detection essential for securing IoT networks. This work introduces a novel approach combining Self-Organizing Maps (SOMs), Deep Belief Networks (DBNs), and Autoencoders to detect known and previously unseen attack patterns. A comprehensive evaluation using simulated and real-world traffic data is conducted, with models optimized via Particle Swarm Optimization (PSO). The system achieves an accuracy of up to 99.99% and Matthews Correlation Coefficient (MCC) values exceeding 99.50%. Experiments on NSL-KDD, UNSW-NB15, and CICIoT2023 confirm the model's strong performance across diverse attack types. These findings suggest that the proposed method enhances IoT security by identifying emerging threats and adapting to evolving attack strategies.