O
Orclever
Back to Journal
Research Article Open AccessOrclever Native

Machine Learning Models and Explainable Artificial Intelligence Approaches for Intrusion Detection in IoT Networks

Asuman Besi Kütük1,
Özlem Çoşkun2,
Hikmet Kütük3,
İbrahim Kök4
1Ptt Bilgi Teknolojileri A.Ş.
2Ptt Bilgi Teknolojileri A.Ş.
3Ptt Bilgi Teknolojileri A.Ş.
4Ankara University
Published:May 31, 2025
DOI: 10.56038/ejrnd.v5i1.630
Vol. 5, No. 1

Abstract

The rapid spread of Internet of Things (IoT) technologies and the rapidly increasing use of IoT devices offer technological transformation and innovative solutions in many areas from daily life to industrial processes. However, the resource constraints, simple operating systems, non-standard protocols and embedded software of IoT devices make them vulnerable to cyber-attacks. This makes IoT networks risky against malicious attacks and increases the size of security threats. Moreover, the complexity and heterogeneity of IoT networks render traditional security approaches inadequate and increase the need for advanced solutions. In this context, the need for methods for detecting and preventing attacks on IoT networks that are not only reliable and effective, but also understandable by users and security experts has become increasingly critical. This need for network security necessitates the development of strategies that will both secure technical infrastructures and increase the trust of human elements interacting with these infrastructures. In this context, the need for more interpretable, explainable and transparent security approaches is increasing. In particular, machine learning (ML) and deep learning (DL) based intrusion detection systems offer effective solutions to security problems such as anomaly detection and attack classification. The comprehensibility of the decision mechanisms of the models used enables both security experts to manage the systems more effectively and users to have more confidence in the security measures taken. Explainable Artificial Intelligence (XAI) techniques make the decision processes of ML and DL models transparent, allowing to understand how and why attacks are detected. Accordingly, it has become a critical requirement for security systems not only to achieve high accuracy rates, but also to make the decisions taken interpretable. In this study, the effectiveness of artificial intelligence (ML and DL) techniques for the detection and classification of security threats in IoT networks is analysed. In addition, the applications of XAI methods such as SHapley Additive exPlanations (SHAP), Local Interpretable Model-Agnostic Explanations (LIME) and Explain Like I'm 5 (ELI5) for IoT security are investigated. It is shown how these methods make the decision processes of ML and DL models used in IoT networks more transparent and provide a better analysis. As a result, this study presents an approach that combines both performance and explainability in IoT security. By demonstrating the effectiveness of XAI-supported ML and DL models, it aims to contribute to future research and innovative security solutions for enhancing security in IoT networks.

Keywords
Intrusion DetectionMachine LearningDeep LearningExplainable Artificial Intelligence

References

  1. 1.Xia, F., Yang, L. T., Wang, L., & Vinel, A. (2012). Internet of Things. International Journal of Communication Systems, 25(9), 1101–1102. doi:10.1002/dac.2417DOI
  2. 2.Statista Research Department (2016), Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025, Available at https://www.statista.com/statistics/471264/ iot-number-of-connected-devices-worldwide/. Online; accessed 10 January 2025.Link
  3. 3.Sezer, O. B., Dogdu, E., & Ozbayoglu, A. M. (2018). Context-Aware Computing, Learning, and Big Data in Internet of Things: A Survey. IEEE Internet of Things Journal, 5(1), 1–27.
  4. 4.Perera, C., Zaslavsky, A., Compton, M., Christen, P., & Georgakopoulos, D. (2013). Semantic-Driven Configuration of Internet of Things Middleware. 2013 Ninth International Conference on Semantics, Knowledge and Grids. doi:10.1109/skg.2013.9DOI
  5. 5.Ge, M., Fu, X., Syed, N., Baig, Z., Teo, G., & Robles-Kelly, A. (2019). Deep Learning-Based Intrusion Detection for IoT Networks. 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC). doi:10.1109/prdc47002.2019.00056DOI
  6. 6.Y. K. Saheed, A. I. Abiodun, S. Misra, M. K. Holone, and R. Colomo-Palacios, "A machine learning-based intrusion detection for detecting internet of things network attacks," Alexandria Eng. J., vol. 61, pp. 9395–9409, 2022.
  7. 7.B. Sharma, L. Sharma, C. Lal, and S. Roy, "Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning based approach," Expert Syst. Appl., vol. 238, p. 121751, 2024.
  8. 8.E. Gürbüz, Ö. Turgut and İ. Kök, "Explainable AI-Based Malicious Traffic Detection and Monitoring System in Next-Gen IoT Healthcare," 2023 International Conference on Smart Applications, Communications and Networking (SmartNets), Istanbul, Turkiye, 2023, pp. 1-6, doi: 10.1109/SmartNets58706.2023.10215896.DOI
  9. 9.K. Zhao and L. Ge, "A survey on the internet of things security," in Int'l Conf. on Computational Intelligence and Security (CIS), 663-667, 2013.
  10. 10.L. Atzori, A. Iera, G. Morabito, and M. Nitti, "The social internet of things (siot)–when social networks meet the internet of things: Concept, architecture and network characterization," Computer Networks, vol. 56, 3594-3608, 2012.
  11. 11.Leo, M., Battisti, F., Carli, M., & Neri, A. (2014). A federated architecture approach for Internet of Things security. 2014 Euro Med Telco Conference (EMTC).
  12. 12.Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.-L., Iorkyase, E., Tachtatzis, C., & Atkinson, R. (2016). Threat analysis of IoT networks using artificial neural network intrusion detection system. 2016 International Symposium on Networks, Computers and Communications (ISNCC). doi:10.1109/isncc.2016.7746067DOI
  13. 13.Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62.
  14. 14.Imtithal A. Saeed Ali Selamat Ali M. A. Abuagoub, A Survey on Malware and Malware Detection Systems, International Journal of Computer Applications (0975 – 8887) Volume 67– No.16, April 2013
  15. 15.McGraw, G. and G. Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Softw., 2000. 17(5): p. 33-41.
  16. 16.Xufang, L., P.K.K. Loh, and F. Tan. Mechanisms of Polymorphic and Metamorphic Viruses. in Intelligence and Security Informatics Conference (EISIC), 2011 European. 2011.
  17. 17.Sen, R., & Borle, S. (2015). Estimating the Contextual Risk of Data Breach: An Empirical Approach. Journal of Management Information Systems, 32(2), 314–341
  18. 18.Liu, H., & Lang, B. (2019). Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 9(20), 4396.
  19. 19.Wikipedia," Supervised learning," Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Supervised_learning. [Access Date: 15 Mar. 2025].Link
  20. 20.Wikipedia, " Unsupervised learning," Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Unsupervised_learning. [Access Date: 15 Mar. 2025].Link
  21. 21.Peng, C.-Y. J., Lee, K. L., & Ingersoll, G. M. (2002). An Introduction to Logistic Regression Analysis and Reporting. The Journal of Educational Research, 96(1), 3–14. doi:10.1080/00220670209598786DOI
  22. 22.Sperandei, S. (2014). Understanding logistic regression analysis. Biochemia Medica, 12–18. doi:10.11613/bm.2014.003DOI
  23. 23.Real Python, "Python Programming Tutorials," Real Python. [Online]. Available: https://realpython.com/. [Access Date: Mar. 20, 2025].Link
  24. 24.Safavian, S. R., & Landgrebe, D. (1991). A survey of decision tree classifier methodology. IEEE Transactions on Systems, Man, and Cybernetics, 21(3), 660–674.
  25. 25.Apté, C., & Weiss, S. (1997). Data mining with decision trees and decision rules. Future Generation Computer Systems, 13(2-3), 197–210. doi:10.1016/s0167-739x(97)00021-6DOI
  26. 26.Friedl, M. A., & Brodley, C. E. (1997). Decision tree classification of land cover from remotely sensed data. Remote Sensing of Environment, 61(3), 399–409. doi:10.1016/s0034-4257(97)00049-7DOI
  27. 27.Farnaaz, N., & Jabbar, M. A. (2016). Random Forest Modeling for Network Intrusion Detection System. Procedia Computer Science, 89, 213–217.
  28. 28.Pal, M. (2005). Random forest classifier for remote sensing classification. International Journal of Remote Sensing, 26(1), 217–222
  29. 29.W. Wang, X. Du, N. Wang, "Building a Cloud IDS Using an Efficient Feature Selection Method and SVM," IEEE Access, vol. 7, pp. 1345–1354, 2019.
  30. 30.M. Al-Qatf, Y. Lasheng, M. Al-Habib, K. Al-Sabahi, "Deep Learning Approach Combining Sparse Autoencoder with SVM for Network Intrusion Detection," IEEE Access, vol. 6, pp. 52843–52856, 2018.
  31. 31.W. Feng, J. Sun, L. Zhang, C. Cao, Q. Yang, "A support vector machine based naive Bayes algorithm for spam filtering," in Proc. 2016 IEEE 35th Int. Perform. Comput. Commun. Conf. (IPCCC 2016), 2017
  32. 32.Cybenko, G. 1989. Approximation by superpositions of a sigmoidal function Mathematics of Control, Signals, and Systems, 2(4), 303–314.
  33. 33.Van den Oord, Aaron; Dieleman, Sander; Schrauwen, Benjamin (2013-01-01). Burges, C. J. C.; Bottou, L.; Welling, M.; Ghahramani, Z.; Weinberger, K. Q. (eds.). Deep content-based music recommendation (PDF). Curran Associates, Inc. pp. 2643–2651.
  34. 34.Tealab, Ahmed (1 Aralık 2018). "Time series forecasting using artificial neural networks methodologies: A systematic review". Future Computing and Informatics Journal (İngilizce). 3 (2). ss. 334-340. doi:10.1016/j.fcij.2018.10.003 . ISSN 2314-7288.DOI
  35. 35.Graves, Alex; Liwicki, Marcus; Fernandez, Santiago; Bertolami, Roman; Bunke, Horst; Schmidhuber, Jürgen (2009). "A Novel Connectionist System for Improved Unconstrained Handwriting Recognition" (PDF). IEEE Transactions on Pattern Analysis and Machine Intelligence. 31 (5). ss. 855-868. CiteSeerX 10.1.1.139.4502 $2. doi:10.1109/tpami.2008.137. PMID 19299860DOI
  36. 36.Ribeiro, M. T., Singh, S., & Guestrin, C. (2016). ‘‘Why should i trust you?’’ Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 1135–1144).
  37. 37.Q. Sun, A. Akman ve B. W. Schuller, "Explainable Artificial Intelligence for Medical Applications: A Review," ACM Transactions on Computing for Healthcare, cilt 6, sayı 2, ss. 1-31, Şubat 2025. DOI: 10.1145/3709367DOI
  38. 38.S. M. Lundberg and S. I. Lee, "A unified approach to interpreting model predictions," in Advances in Neural Information Processing Systems (NeurIPS), 2017.
  39. 39.E. S. G. Ribeiro, "ELI5: A Python package for machine learning model explanation," ELI5 Documentation, [Online]. Available: https://eli5.readthedocs.io/en/latest/overview.html. [Access Date: 2-Mar-2025].Link
  40. 40.H. Moraliyage, G. Kulawardana, D. De Silva, Z. Issadeen, M. Manic, and S. Katsura, "Explainable Artificial Intelligence with Integrated Gradients for the Detection of Adversarial Attacks on Text Classifiers," Appl. Syst. Innov., vol. 8, no. 1, p. 17, Jan. 2025, doi: 10.3390/asi8010017.DOI
  41. 41.H. Xiao, Y. Xing, J. Zhang, and F. Zhao, "A CNN-based IDS model for network intrusion detection," IEEE Access, vol. 7, pp. 156665-156675, 2019.
  42. 42.S. Nagisetty and S. Gupta, "Comparison of deep learning models for IoT intrusion detection using open-source datasets," IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 2201-2215, 2019.
  43. 43.Y. Liang, J. Chen, and S. Wang, "DNN-based IDS for NSL-KDD dataset," IEEE Transactions on Network Science and Engineering, vol. 8, no. 1, pp. 25-37, 2019.
  44. 44.R. Vinayakumar, K. Alazab, and M. Simic, "DNN-based intrusion detection: An evaluation on NSL-KDD dataset," IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 2310-2319, 2019.
  45. 45.H. Kim, J. Kim, D. Kim, J. Shim, and H. Choi, "CNN-RNN hybrid model for DoS attack detection," IEEE Transactions on Network and Service Management, vol. 17, no. 4, pp. 1342-1355, 2020.
  46. 46.A. Kasongo and H. Sun, "Deep neural network-based intrusion detection system using UNSW-NB15 dataset," IEEE Transactions on Information Forensics and Security, vol. 15, no. 3, pp. 1517-1525, 2020.
  47. 47.M. Awan, R. Khan, and H. Ali, "Real-time DDoS detection in IoT using big data analytics and random forest," IEEE Access, vol. 9, pp. 118234-118245, 2021.
  48. 48.S. Sahu, P. Patel, and A. Sharma, "Hybrid CNN-LSTM model for IoT security: Anomaly detection in network traffic," IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 6, no. 3, pp. 432-445, 2021.
  49. 49.W. Ge, F. Syed, Y. Fu, Z. Baig, and A. Robles-Kelly, "A feedforward neural network model for intrusion detection," IEEE Internet of Things Journal, vol. 9, no. 2, pp. 1433-1444, 2021.
  50. 50.E. Sungur and B. Bakır, "A hybrid deep learning model for DDoS attack detection in SDN-based IoT environments," IEEE Transactions on Information Forensics and Security, vol. 18, no. 5, pp. 2871-2882, 2023.
  51. 51.H. Pehlivanoğlu, A. Demir, and Y. Kılıç, "Evaluation of ML-based IDS for IoT: Performance analysis with multiple classifiers," IEEE Transactions on Network and Service Management, vol. 20, no. 2, pp. 2156-2169, 2023.
  52. 52.J. Kim and L. Wang, "Explainable AI for IoT security: SHAP and LIME in intrusion detection," IEEE Access, vol. 10, pp. 120456-120468, 2022.
  53. 53.[14] F. Zhang, X. Li, and H. Chen, "Federated learning with explainable AI for privacy-preserving intrusion detection in IoT," IEEE Internet of Things Journal, vol. 9, no. 7, pp. 6111-6124, 2023.
Download PDF
Cite This Article
Kütük, A. B., Çoşkun, Ö., Kütük, H., Kök, İ. (2025). Machine Learning Models and Explainable Artificial Intelligence Approaches for Intrusion Detection in IoT Networks. *The European Journal of Research and Development*, 5(1), 17-33. https://doi.org/10.56038/ejrnd.v5i1.630

Bibliographic Info

JournalThe European Journal of Research and Development
Volume5
Issue1
Pages17–33
PublishedMay 31, 2025
eISSN2822-2296