A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model


The Internet of Things (IoT) is adding the advancement in the technology for creating smart environments to facilitate humans for various works. The technological developments provide many comfort and opportunities to the businesses and open the doors for the intruders or attackers to explore and exploit various attacks to evade the IoT networks’ security. Hence, security and privacy are the key anxiety to the IoT network model. Protection of computer and IoT networks from various types of attacks and threats is necessary. The traditional intrusion detection system (IDS) collects and uses massive data with unnecessary, irrelevant, and inappropriate features, which cause high detection time and low accuracy. This paper proposes an IDS to identify various attacks for IoT networks. A combination of Grey Wolf Optimization (GWO) and Particle Swarm Optimization (PSO) is used to extract relevant IoT network features. The extracted features are fed to a random forest (RF) classifier to achieve high attack detection accuracy. The experiments are conducted in the python programming environment to evaluate the proposed model on KDDCup99, NSL–KDD, and CICIDS-2017 datasets. The proposed GWO–PSO–RF NIDS model has achieved an average accuracy of 99.66% for multiclass classification. The accuracy of the proposed model has been compared with other similar approaches to show its effectiveness. The work presented here also addresses the issue of data imbalance.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15


  1. 1.

    A. Ahmim, L. Maglaras, M. A. Ferrag, M. Derdour, and H. Janicke (2019) A novel hierarchical Intrusion detection system based on decision tree and rules-based models. In: 2019 15th international conference on Distributed Computing in Sensor Systems (DCOSS), Santorini island, Greece, Greece, 29–31 May 2019

  2. 2.

    Ferrag MA, Maglaras L, Ahmim A, Derdour M, Janicke H (2020) RDTIDS: Rules and decision tree-based intrusion detection system for internet-of-things networks. Futur. Internet 12(3):44

    Article  Google Scholar 

  3. 3.

    Saber M, Chadli S, Emharraf M, El Farissi I (2015) Modeling and implementation approach to evaluate the intrusion detection system. In: International conference on networked systems, pp 513–517

  4. 4.

    Rubio-Loyola J, Sala D, Ali AI (2008) Maximizing packet loss monitoring accuracy for reliable trace collections. In: 2008 16th IEEE workshop on local and metropolitan area networks, pp 61–66

  5. 5.

    Anwar S et al (2017) From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms 10(2):39

    Article  Google Scholar 

  6. 6.

    Zamani M, Movahedi M (2013) Machine learning techniques for intrusion detection. arXiv Prepr. arXiv1312.2177

  7. 7.

    Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202

    Article  Google Scholar 

  8. 8.

    Lin W-C, Ke S-W, Tsai C-F (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl based Syst 78:13–21

    Article  Google Scholar 

  9. 9.

    Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: First international conference on availability, reliability and security (ARES’06), 2006, p 8

  10. 10.

    Yang J, Deng J, Li S, Hao Y (2017) Improved traffic detection with support vector machine based on restricted Boltzmann machine. Soft Comput 21(11):3101–3112

    Article  Google Scholar 

  11. 11.

    Tran NN, Sarker R, Hu J (2017) An approach for host-based intrusion detection system design using convolutional neural network. In: International conference on mobile networks and management, pp 116–126

  12. 12.

    Rodda S (2018) Network intrusion detection systems using neural networks. Information systems design and intelligent applications. Springer, Berlin, pp 903–908

    Google Scholar 

  13. 13.

    Ali A, Shamsuddin SM, Ralescu AL et al (2015) Classification with class imbalance problem: a review. Int. J Adv Soft Comput Appl 7(3):176–204

    Google Scholar 

  14. 14.

    Abdulhammed R, Faezipour M, Abuzneid A, AbuMallouh A (2018) Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic. IEEE Sens Lett 3(1):1–4

    Article  Google Scholar 

  15. 15.

    Xiao Y, Xiao X (2019) An intrusion detection system based on a simplified residual network. Information 10(11):356

    Article  Google Scholar 

  16. 16.

    Hamid Y, Sugumaran M, Journaux L (2016) A fusion of feature extraction and feature selection technique for network intrusion detection. Int J Secur Appl 10(8):151–158

    Google Scholar 

  17. 17.

    Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357

    Article  Google Scholar 

  18. 18.

    Dhaliwal SS, Nahid A-A, Abbas R (2018) Effective intrusion detection system using XGBoost. Information 9(7):149

    Article  Google Scholar 

  19. 19.

    Verma P, Anwar S, Khan S, Mane SB (2018) Network intrusion detection using clustering and gradient boosting. In: 2018 9th International conference on computing, communication and networking technologies (ICCCNT), 2018, pp 1–7

  20. 20.

    Kaja N, Shaout A, Ma D (2019) An intelligent intrusion detection system. Appl Intell 49(9):3235–3247

    Article  Google Scholar 

  21. 21.

    Lee J, Park K (2019) GAN-based imbalanced data intrusion detection system. Pers Ubiq Comput:1–8

  22. 22.

    Tkachenko R, Izonin I, Kryvinska N, Dronyuk I, Zub K (2020) An approach towards increasing prediction accuracy for the recovery of missing iot data based on the GRNN-SGTM ensemble. Sensors (Switzerland). https://doi.org/10.3390/s20092625

    Article  Google Scholar 

  23. 23.

    Kasinathan P, Costamagna G, Khaleel H, Pastrone C, Spirito MA (2013) An IDS framework for internet of things empowered by 6LoWPAN. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp 1337–1340

  24. 24.

    Kasinathan P, Pastrone C, Spirito MA, Vinkovits M (2013) Denial-of-Service detection in 6LoWPAN based Internet of Things. In: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob), 2013, pp 600–607

  25. 25.

    Lee T-H, Wen C-H, Chang L-H, Chiang H-S, Hsieh M-C (2014) A lightweight intrusion detection scheme based on energy consumption analysis in 6LowPAN. Advanced technologies, embedded and multimedia for human-centric computing. . Springer, Netherlands, pp 1205–1213

    Google Scholar 

  26. 26.

    Sonar K, Upadhyay H (2016) An approach to secure internet of things against DDoS. In: Proceedings of international conference on ICT for sustainable development, 2016, pp 367–376

  27. 27.

    Venkatraman S, Surendiran B (2020) Adaptive hybrid intrusion detection system for crowd sourced multimedia internet of things systems. Multimed Tools Appl 79(5):3993–4010

    Article  Google Scholar 

  28. 28.

    Zhou M, Han L, Lu H, Fu C (2020) Intrusion detection system for IoT heterogeneous perceptual network. Mob Netw Appl:1–14

  29. 29.

    Elrawy MF, Awad AI, Hamed HFA (2018) Intrusion detection systems for IoT-based smart environments: a survey. J Cloud Comput 7(1):21

    Article  Google Scholar 

  30. 30.

    Al-Hadhrami Y, Hussain FK (2020) Real time dataset generation framework for intrusion detection systems in IoT. Futur Gen Comput Syst

  31. 31.

    Li Y et al (2020) Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Measurement 154:107450

    Article  Google Scholar 

  32. 32.

    Ferrag MA, Maglaras L, Ahmim A, Derdour M, Janicke H (2020) RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Futur Internet 12(3):44

    Article  Google Scholar 

  33. 33.

    Babu MJ, Reddy AR (2020) SH-IDS: specification heuristics based intrusion detection system for IoT networks. Wirel Pers Commun:1–23

  34. 34.

    Torres P et al (2016) A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access 5:21954–21961

    Google Scholar 

  35. 35.

    Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access 5:21954–21961

    Article  Google Scholar 

  36. 36.

    Zarca AM et al (2019) Security management architecture for NFV/SDN-aware IoT systems. IEEE Internet Things J 6(5):8005–8020

    Article  Google Scholar 

  37. 37.

    Kumar P, Chandra M, Emmanuel P (2020) An optimal intrusion detection system using GWO-SSA-DSAE model, no. Cc, pp 1–18

  38. 38.

    Bagaa M, Taleb T, Bernabe JB, Skarmeta A (2020) A machine learning security framework for IoT systems. IEEE Access

  39. 39.

    Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356

    Article  Google Scholar 

  40. 40.

    KDD Cup 1999 Data

  41. 41.


  42. 42.

    IDS 2017|Datasets|Research|Canadian Institute for Cybersecurity|UNB

  43. 43.

    Mirjalili SM, Mirjalili SM, Lewis A (2014) Grey wolf optimizer. Adv Eng Softw 69:46–61. https://doi.org/10.1016/j.advengsoft.2013.12.007

    Article  Google Scholar 

  44. 44.

    Mohammadi-Ivatloo B, Moradi-Dalvand M, Rabiee A (2013) Combined heat and power economic dispatch problem solution using particle swarm optimization with time varying acceleration coefficients. Electr Power Syst Res 95:9–18

    Article  Google Scholar 

  45. 45.

    Mittal N, Singh U, Sohi BS (2016) Modified grey wolf optimizer for global engineering optimization, vol 2016

  46. 46.

    Machine learning random forest algorithm—Javatpoint

  47. 47.

    Abdulhammed R, Musafer H, Alessa A, Faezipour M, Abuzneid A (2019) Features dimensionality reduction approaches for machine learning based network intrusion detection. Electron. https://doi.org/10.3390/electronics8030322

    Article  Google Scholar 

  48. 48.

    De Gregorio M, Giordano M (2018) An experimental evaluation of weightless neural networks for multi-class classification. Appl Soft Comput 72:338–354

    Article  Google Scholar 

  49. 49.

    Adnan MN, Islam MZ (2017) Forest PA: Constructing a decision forest by penalizing attributes used in previous trees. Expert Syst Appl 89:389–403

    Article  Google Scholar 

  50. 50.

    Ibarguren I, Pérez JM, Muguerza J, Gurrutxaga I, Arbelaitz O (2015) Coverage-based resampling: Building robust consolidated decision trees. Knowl Based Syst 79:51–67

    Article  Google Scholar 

  51. 51.

    Yulianto A, Sukarno P, Suwastika NA (2019) Improving adaboost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. J Phys Conf Ser. https://doi.org/10.1088/1742-6596/1192/1/012018

    Article  Google Scholar 

  52. 52.

    Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550

    Article  Google Scholar 

  53. 53.

    Zhou Y, Cheng G, Jiang S, Dai M (2020) Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput Netw:107247

  54. 54.

    Zhou Y et al (2019) Intrusion detection in sdn-based networks: deep recurrent neural network approach. arXiv Prepr. arXiv1904.01352, vol. 7, pp 175–195

  55. 55.

    Hosseini S, Seilani H (2019) Anomaly process detection using negative selection algorithm and classification techniques. Evol Syst. https://doi.org/10.1007/s12530-019-09317-1

    Article  Google Scholar 

  56. 56.

    Sapre S, Ahmadi P, Islam K (2019) A robust comparison of the KDDCup99 and NSL-KDD IoT network intrusion detection datasets through various machine learning algorithms

  57. 57.

    Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768

    Article  Google Scholar 

  58. 58.

    Li L, Yu Y, Bai S, Hou Y, Chen X (2017) An effective two-step intrusion detection approach based on binary classification and k-NN. IEEE Access 6:12060–12073

    Article  Google Scholar 

  59. 59.

    Li Y et al (2020) “Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Meas J Int Meas Conf. https://doi.org/10.1016/j.measurement.2019.107450

    Article  Google Scholar 

  60. 60.

    Dushimimana A, Tao T, Kindong R, Nishyirimbere A (2020) Bi-directional Recurrent Neural network for Intrusion Detection System (IDS) in the internet of things (IoT). Int J Adv Eng Res Sci 7(3):524–539. https://doi.org/10.22161/ijaers.73.68

    Article  Google Scholar 

  61. 61.

    Kim J, Kim J, Kim H et al (2015) An approach to build an efficient intrusion detection classifier. J Platf Technol 3(4):43–52

    Google Scholar 

  62. 62.

    Putchala MK (2017) Deep learning approach for intrusion detection system (Ids) in the Internet of Things (Iot) network using gated recurrent neural networks (GRU). Thesis 1(1):1188–1197

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Pankaj Kumar Keserwani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Keserwani, P.K., Govil, M.C., Pilli, E.S. et al. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. J Reliable Intell Environ 7, 3–21 (2021). https://doi.org/10.1007/s40860-020-00126-x

Download citation


  • IDS
  • IoT
  • Random forest
  • Grey wolf optimization (GWO)
  • Particle swarm optimization (PSO)
  • Feature selection (FS)