{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:29:06Z","timestamp":1772119746843,"version":"3.50.1"},"reference-count":65,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2022,7,12]],"date-time":"2022-07-12T00:00:00Z","timestamp":1657584000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Algorithms"],"abstract":"<jats:p>Cybersecurity is a common Internet of Things security challenge. The lack of security in IoT devices has led to a great number of devices being compromised, with threats from both inside and outside the IoT infrastructure. Attacks on the IoT infrastructure result in device hacking, data theft, financial loss, instability, or even physical damage to devices. This requires the development of new approaches to ensure high-security levels in IoT infrastructure. To solve this problem, we propose a new approach for IoT cyberattack detection based on machine learning algorithms. The core of the method involves network traffic analyses that IoT devices generate during communication. The proposed approach deals with the set of network traffic features that may indicate the presence of cyberattacks in the IoT infrastructure and compromised IoT devices. Based on the obtained features for each IoT device, the feature vectors are formed. To conclude the possible attack presence, machine learning algorithms were employed. We assessed the complexity and time of machine learning algorithm implementation considering multi-vector cyberattacks on IoT infrastructure. Experiments were conducted to approve the method\u2019s efficiency. The results demonstrated that the network traffic feature-based approach allows the detection of multi-vector cyberattacks with high efficiency.<\/jats:p>","DOI":"10.3390\/a15070239","type":"journal-article","created":{"date-parts":[[2022,7,12]],"date-time":"2022-07-12T20:52:41Z","timestamp":1657659161000},"page":"239","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency"],"prefix":"10.3390","volume":"15","author":[{"given":"Sergii","family":"Lysenko","sequence":"first","affiliation":[{"name":"Computer Engineering and Information Systems Department, Khmelnytskyi National University, 29016 Khmelnytskyi, Ukraine"}]},{"given":"Kira","family":"Bobrovnikova","sequence":"additional","affiliation":[{"name":"Computer Engineering and Information Systems Department, Khmelnytskyi National University, 29016 Khmelnytskyi, Ukraine"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5352-077X","authenticated-orcid":false,"given":"Vyacheslav","family":"Kharchenko","sequence":"additional","affiliation":[{"name":"Department of Computer Systems, Networks and Cybersecurity, National Aerospace University \u201cKhAI\u201d, 61001 Kharkiv, Ukraine"}]},{"given":"Oleg","family":"Savenko","sequence":"additional","affiliation":[{"name":"Computer Engineering and Information Systems Department, Khmelnytskyi National University, 29016 Khmelnytskyi, Ukraine"}]}],"member":"1968","published-online":{"date-parts":[[2022,7,12]]},"reference":[{"key":"ref_1","unstructured":"Nozomi Networks Labs (2022, February 03). New OT\/IoT Security Report: Trends and Countermeasures for Critical Infrastructure Attacks. Available online: https:\/\/www.nozominetworks.com\/blog\/new-ot-iot-security-report-trends-and-countermeasures-for-critical-infrastructure-attacks\/."},{"key":"ref_2","unstructured":"Global Cyber Alliance (2021, December 05). GCA Internet Integrity Papers: IoT Policy and Attack Report. Available online: https:\/\/www.globalcyberalliance.org\/wp-content\/uploads\/IoT-Policy-and-Attack-Report_FINAL.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Shaaban, A.M., Chlup, S., El-Araby, N., and Schmittner, C. (2022). Towards Optimized Security Attributes for IoT Devices in Smart Agriculture Based on the IEC 62443 Security Standard. Appl. Sci., 12.","DOI":"10.3390\/app12115653"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Seo, S., and Kim, D. (2022). IoDM: A Study on a IoT-Based Organizational Deception Modeling with Adaptive General-Sum Game Competition. Electronics, 11.","DOI":"10.3390\/electronics11101623"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Makarichev, V., Lukin, V., Illiashenko, O., and Kharchenko, V. (2022). Digital Image Representation by Atomic Functions: The Compression and Protection of Data for Edge Computing in IoT Systems. Sensors, 22.","DOI":"10.3390\/s22103751"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"514","DOI":"10.3390\/smartcities4020027","article-title":"Homo Digitus: Its Dependable and Resilient Smart Ecosystem","volume":"4","author":"Bliss","year":"2021","journal-title":"Smart Cities"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Deorankar, A.V., and Thakare, S.S. (2020, January 11\u201313). Survey on Anomaly Detection of (IoT)- Internet of Things Cyberattacks Using Machine Learning. Proceedings of the 2020 Fourth International Conference on Computing Methodologies and Communication (ICCMC), Erode, India.","DOI":"10.1109\/ICCMC48092.2020.ICCMC-00023"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Hristov, A., and Trifonov, R.A. (2021, January 16\u201317). Model for Identification of Compromised Devices as a Result of Cyberattack on IoT Devices. Proceedings of the 2021 International Conference on Information Technologies (InfoTech), Varna, Bulgaria.","DOI":"10.1109\/InfoTech52438.2021.9548556"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Lysenko, S., Bobrovnikova, K., Shchuka, R., and Savenko, O. (2020, January 14\u201318). A Cyberattacks Detection Technique Based on Evolutionary Algorithms. Proceedings of the 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT), Kyiv, Ukraine.","DOI":"10.1109\/DESSERT50317.2020.9125016"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Lysenko, S., Pomorova, O., Savenko, O., Kryshchuk, A., and Bobrovnikova, K. (2015, January 24\u201326). DNS-based Anti-evasion Technique for Botnets Detection. Proceedings of the 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Warsaw, Poland.","DOI":"10.1109\/IDAACS.2015.7340777"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Savenko, B., Lysenko, S., Bobrovnikova, K., Savenko, O., and Markowsky, G. (2021, January 22\u201325). Detection DNS Tunneling Botnets. Proceedings of the 2021 IEEE 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Cracow, Poland.","DOI":"10.1109\/IDAACS53288.2021.9661022"},{"key":"ref_12","first-page":"688","article-title":"DDoS Botnet Detection Technique Based on the Use of the Semi-Supervised Fuzzy c-Means Clustering","volume":"2104","author":"Lysenko","year":"2018","journal-title":"CEUR-WS"},{"key":"ref_13","first-page":"3651","article-title":"Detection of the botnets\u2019 low-rate DDoS attacks based on self-similarity","volume":"10","author":"Lysenko","year":"2020","journal-title":"Int. J. Electr. Comput. Eng."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Shire, R., Shiaeles, S., Bendiab, K., Ghita, B., and Kolokotronis, N. (2019). Malware Squid: A Novel IoT Malware Traffic Analysis Framework Using Convolutional Neural Network and Binary Visualisation. Ininternet of Things, Smart Spaces, and Next Generation Networks and Systems, Springer.","DOI":"10.1007\/978-3-030-30859-9_6"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Elmrabit, N., Zhou, F., Li, F., and Zhou, H. (2020, January 15\u201319). Evaluation of machine learning algorithms for anomaly detection. Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland.","DOI":"10.1109\/CyberSecurity49315.2020.9138871"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"399","DOI":"10.18178\/ijmlc.2021.11.6.1068","article-title":"Machine Learning Based Intrusion Detection for IoT Botnet","volume":"11","author":"Bagui","year":"2021","journal-title":"Int. J. Mach. Learn. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"3749","DOI":"10.1007\/s13369-020-05181-3","article-title":"Toward design of an intelligent cyberattack detection system using hybrid feature reduced approach for IoT networks","volume":"46","author":"Kumar","year":"2021","journal-title":"Arab. J. Sci. Eng."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3559","DOI":"10.1109\/JIOT.2020.2973176","article-title":"Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture","volume":"7","author":"Ravi","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"e3803","DOI":"10.1002\/ett.3803","article-title":"DL-IDS: A deep learning-based intrusion detection framework for securing IoT","volume":"33","author":"Otoum","year":"2019","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"2287","DOI":"10.1007\/s11277-019-06986-8","article-title":"Machine learning based intrusion detection systems for IoT applications","volume":"111","author":"Verma","year":"2020","journal-title":"Wirel. Pers. Commun."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Alrashdi, I., Alqazzaz, A., Aloufi, E., Alharthi, R., Zohdy, M., and Ming, H. (2019, January 7\u20139). Ad-IoT: Anomaly Detection of IoT Cyberattacks in smart City Using Machine Learning. Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2019.8666450"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Krishna, E.S., and Thangavelu, A. (2021). Attack detection in IoT devices using hybrid metaheuristic lion optimization algorithm and firefly optimization algorithm. Int. J. Syst. Assur. Eng. Manag., 1\u201314.","DOI":"10.1007\/s13198-021-01150-7"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"107716","DOI":"10.1016\/j.compeleceng.2022.107716","article-title":"Denial of service attack detection and mitigation for internet of things using looking-back-enabled machine learning techniques","volume":"98","author":"Mihoub","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Khan, M.A., Khan Khattk, M.A., Latif, S., Shah, A.A., Ur Rehman, M., Boulila, W., and Ahmad, J. (2022). Voting classifier-based intrusion detection for IoT networks. Advances on Smart and Soft Computing, Springer.","DOI":"10.1007\/978-981-16-5559-3_26"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alharbi, A., Alosaimi, W., Alyami, H., Rauf, H.T., and Dama\u0161evi\u010dius, R. (2021). Botnet attack detection using local global best bat algorithm for industrial internet of things. Electronics, 10.","DOI":"10.3390\/electronics10111341"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Liu, H., and Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Appl. Sci., 9.","DOI":"10.3390\/app9204396"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Saia, R., Carta, S., and Recupero, D.R. (2018, January 18\u201320). A Probabilistic-driven Ensemble Approach to Perform Event Classification in Intrusion Detection System. Proceedings of the 10th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, Seville, Spain.","DOI":"10.5220\/0006893801410148"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Abdulhammed, R., Musafer, H., Alessa, A., Faezipour, M., and Abuzneid, A. (2019). Features dimensionality reduction approaches for machine learning based network intrusion detection. Electronics, 8.","DOI":"10.3390\/electronics8030322"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/LSENS.2018.2879990","article-title":"Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic","volume":"3","author":"Abdulhammed","year":"2018","journal-title":"IEEE Sens. Lett."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Carta, S., Podda, A.S., Recupero, D.R., and Saia, R. (2020). A local feature engineering strategy to improve network anomaly detection. Future Internet, 12.","DOI":"10.3390\/fi12100177"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Rokach, L., and Maimon, O. (2014). Data Mining with Decision Trees: Theory and Applications, World Scientific.","DOI":"10.1142\/9097"},{"key":"ref_32","unstructured":"(2021, December 10). Flow of Decision Tree Algorithm. Available online: https:\/\/www.analyticsvidhya.com\/blog\/2022\/04\/complete-flow-of-decision-tree-algorithm\/."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Kotu, V., and Deshpande, B. (2019). Data Science: Concepts and Practice, Morgan Kaufmann.","DOI":"10.1016\/B978-0-12-814761-0.00002-2"},{"key":"ref_34","unstructured":"Polamuri, S. (2021, December 10). How the Random Forest Algorithm Works in Machine Learning. Available online: https:\/\/dataaspirant.com\/2017\/05\/22\/random-forest-algorithm-machine-learing."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1007\/s11749-016-0481-7","article-title":"Random Forest Guided Tour","volume":"25","author":"Biau","year":"2016","journal-title":"Test"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1716","DOI":"10.1214\/15-AOS1321","article-title":"Consistency of random forests","volume":"43","author":"Scornet","year":"2015","journal-title":"Ann. Statist."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1148","DOI":"10.1214\/18-AOS1709","article-title":"Generalized random forests","volume":"47","author":"Athey","year":"2019","journal-title":"Ann. Statist."},{"key":"ref_38","unstructured":"Ronaghan, S. (2021, December 10). The Mathematics of Decision Trees, Random Forest and Feature Importance in Scikit-Learn and Spark. Available online: https:\/\/towardsdatascience.com\/the-mathematics-of-decision-trees-random-forest-and-feature-importance-in-scikit-learn-and-spark-f2861df67e3."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"891","DOI":"10.1007\/s10618-015-0444-8","article-title":"On the evaluation of unsupervised outlier detection: Measures, datasets, and an empirical study","volume":"30","author":"Campos","year":"2016","journal-title":"Data Min. Knowl. Discov."},{"key":"ref_40","first-page":"1","article-title":"Xgboost: Extreme gradient boosting","volume":"1","author":"Chen","year":"2015","journal-title":"R Package Version 0.4-2"},{"key":"ref_41","first-page":"668","article-title":"Feature selection for SVMs","volume":"13","author":"Weston","year":"2001","journal-title":"Advances in neural information processing systems"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1023\/A:1012450327387","article-title":"Choosing multiple parameters for support vector machines","volume":"46","author":"Chapelle","year":"2002","journal-title":"Mach. Learn."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Lysenko, S., Bobrovnikova, K., Savenko, O., and Kryshchuk, A. (2019). BotGRABBER: SVM-Based Self-Adaptive System for the Network Resilience Against the Botnets\u2019 Cyberattacks. International Conference on Computer Networks, Springer.","DOI":"10.1007\/978-3-030-21952-9_10"},{"key":"ref_44","unstructured":"(2021, December 11). GoldenEye Is a HTTP DoS Test Tool. Available online: https:\/\/www.kali.org\/tools\/goldeneye\/."},{"key":"ref_45","unstructured":"(2021, December 11). hping3 Network Tool. Available online: https:\/\/github.com\/antirez\/hping."},{"key":"ref_46","unstructured":"(2021, December 11). DNS Tunneling Tool. Available online: https:\/\/github.com\/yarrick\/iodine."},{"key":"ref_47","unstructured":"Zeek (2022, May 11). An Open Source Network Security Monitoring Tool. Available online: https:\/\/zeek.org\/."},{"key":"ref_48","unstructured":"(2021, December 11). UCI Machine Learning Repository. Available online: https:\/\/archive.ics.uci.edu\/ml\/index.php."},{"key":"ref_49","unstructured":"Kaggle (2021, December 11). DS2OS Traffic Traces. Available online: https:\/\/www.kaggle.com\/datasets\/francoisxa\/ds2ostraffictraces."},{"key":"ref_50","unstructured":"IEEEDataPort (2021, December 11). The Bot-IoT Dataset. Available online: https:\/\/ieee-dataport.org\/documents\/bot-iot-dataset."},{"key":"ref_51","unstructured":"Kaggle (2021, December 11). N-BaIoT Dataset to Detect IoT Botnet Attacks. Available online: https:\/\/www.kaggle.com\/datasets\/mkashifn\/nbaiot-datasetURL."},{"key":"ref_52","unstructured":"Hochschule Coburg (2021, December 11). CIDDS-Coburg Intrusion Detection Data Sets. Available online: https:\/\/www.hs-coburg.de\/forschung\/forschungsprojekte-oeffentlich\/informationstechnologie\/cidds-coburg-intrusion-detection-data-sets.html."},{"key":"ref_53","unstructured":"UNSW Sydney (2021, December 11). The UNSW-NB15 Dataset. Available online: https:\/\/research.unsw.edu.au\/projects\/unsw-nb15-dataset."},{"key":"ref_54","unstructured":"UNB (2021, December 11). University of New Brunswick. NSL-KDD Dataset., Available online: https:\/\/www.unb.ca\/cic\/datasets\/nsl.html."},{"key":"ref_55","unstructured":"(2022, May 11). What Is the Mirai Botnet?. Available online: https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/mirai-botnet\/."},{"key":"ref_56","unstructured":"(2022, May 11). Gafgyt Botnet Lifts DDoS Tricks from Mirai. Available online: https:\/\/threatpost.com\/gafgyt-botnet-ddos-mirai\/165424\/."},{"key":"ref_57","unstructured":"(2022, May 11). Dark Nexus, the Latest IoT Botnet Targets a Wide Range of Devices. Available online: https:\/\/crazygreek.co.uk\/dark-nexus-iot-botnet-targets-devices\/."},{"key":"ref_58","unstructured":"Scikit-Learn (2022, May 11). Machine Learning in Python. Available online: https:\/\/scikit-learn.org\/stable\/index.html."},{"key":"ref_59","unstructured":"(2022, May 11). Sklearn.Tree.DecisionTreeClassifier\u2014Scikit-Learn 1.0.2 Documentation. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.tree.DecisionTreeClassifier.html."},{"key":"ref_60","unstructured":"(2022, May 15). Sklearn.Ensemble.RandomForestClassifier\u2014Scikit-Learn 1.0.2 Documentation. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.ensemble.RandomForestClassifier.html."},{"key":"ref_61","unstructured":"(2022, May 15). Sklearn.Neighbors.KNeighborsClassifier\u2014Scikit-Learn 1.0.2 Documentation. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.neighbors.KNeighborsClassifier.html."},{"key":"ref_62","unstructured":"(2022, May 11). Sklearn.Neighbors.GradientBoostingClassifier\u2014Scikit-Learn 1.0.2 Documentation. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.ensemble.GradientBoostingClassifier.html."},{"key":"ref_63","unstructured":"(2022, May 15). Sklearn.Svm.SVC\u2014Scikit-Learn 1.0.2 Documentation. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.svm.SVC.html."},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"133","DOI":"10.32620\/reks.2021.1.12","article-title":"Vulnerability analysis and method of selection of communication protocols for information transfer in Internet of Things systems","volume":"1","author":"Kolisnyk","year":"2021","journal-title":"Radioelectron. Comput. Syst."},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"139","DOI":"10.15588\/1607-3274-2020-4-14","article-title":"Conception and application of dependable Internet of Things based systems","volume":"4","author":"Illiashenko","year":"2020","journal-title":"Radio Electron. Comput. Sci. Control"}],"container-title":["Algorithms"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/7\/239\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:48:36Z","timestamp":1760140116000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/7\/239"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,12]]},"references-count":65,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2022,7]]}},"alternative-id":["a15070239"],"URL":"https:\/\/doi.org\/10.3390\/a15070239","relation":{},"ISSN":["1999-4893"],"issn-type":[{"value":"1999-4893","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,12]]}}}