{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T20:52:13Z","timestamp":1776286333424,"version":"3.50.1"},"reference-count":40,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2020,3,2]],"date-time":"2020-03-02T00:00:00Z","timestamp":1583107200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack\/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest their superiority in terms of accuracy, detection rate, false alarm rate and time overhead as compared to state of the art existing schemes.<\/jats:p>","DOI":"10.3390\/fi12030044","type":"journal-article","created":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:13:28Z","timestamp":1583205208000},"page":"44","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":216,"title":["RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0632-3172","authenticated-orcid":false,"given":"Mohamed Amine","family":"Ferrag","sequence":"first","affiliation":[{"name":"Department of Computer Science, Guelma University, Guelma 24000, Algeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5360-9782","authenticated-orcid":false,"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, De Montfort University, Leicester LE1 9BH, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5519-8868","authenticated-orcid":false,"given":"Ahmed","family":"Ahmim","sequence":"additional","affiliation":[{"name":"Departement of Mathematics and Computer Science, Mohamed-Cherif Messaadia University, Souk Ahras 41000, Algeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6622-4355","authenticated-orcid":false,"given":"Makhlouf","family":"Derdour","sequence":"additional","affiliation":[{"name":"Departement of Mathematics and Computer Science, University of Larbi Tebessi, Tebessa 12002, Algeria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1345-2829","authenticated-orcid":false,"given":"Helge","family":"Janicke","sequence":"additional","affiliation":[{"name":"Cyber Security Cooperative Research Centre, Edith Cowan University, Perth 6027, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2020,3,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.icte.2018.02.001","article-title":"Cyber security of critical infrastructures","volume":"4","author":"Maglaras","year":"2018","journal-title":"ICT Express"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"671","DOI":"10.1007\/s11235-017-0315-2","article-title":"EPEC: An efficient privacy-preserving energy consumption scheme for smart grid communications","volume":"66","author":"Ferrag","year":"2017","journal-title":"Telecommun. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1504\/IJSN.2016.078390","article-title":"EPSA: An efficient and privacy-preserving scheme against wormhole attack on reactive routing for mobile ad hoc social networks","volume":"11","author":"Ferrag","year":"2016","journal-title":"Int. J. Secur. Netw."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/j.ijcip.2014.12.002","article-title":"Critical infrastructure protection: Requirements and challenges for the 21st century","volume":"8","author":"Alcaraz","year":"2015","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"e132","DOI":"10.1002\/itl2.132","article-title":"Teaching the process of building an Intrusion Detection System using data from a small-scale SCADA testbed","volume":"3","author":"Maglaras","year":"2020","journal-title":"Internet Technol. Lett."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1550147718794615","DOI":"10.1177\/1550147718794615","article-title":"A survey of intrusion detection on industrial control systems","volume":"14","author":"Hu","year":"2018","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2236","DOI":"10.1109\/TII.2016.2599841","article-title":"A cybersecurity detection framework for supervisory control and data acquisition systems","volume":"12","author":"Cruz","year":"2016","journal-title":"IEEE Trans. Ind. Inf."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., and Janicke, H. (2019, January 29\u201331). A novel hierarchical intrusion detection system based on decision tree and rules-based models. Proceedings of the 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), Santorini Island, Greece.","DOI":"10.1109\/DCOSS.2019.00059"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"517","DOI":"10.1016\/j.compeleceng.2008.12.005","article-title":"A hybrid intrusion detection system design for computer network security","volume":"35","author":"Zaim","year":"2009","journal-title":"Comput. Electr. Eng."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"6225","DOI":"10.1016\/j.eswa.2010.02.102","article-title":"A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering","volume":"37","author":"Wang","year":"2010","journal-title":"Expert Syst. Appl."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1662","DOI":"10.1016\/j.comnet.2010.12.008","article-title":"Intrusion detection using neural based hybrid classification methods","volume":"55","author":"Govindarajan","year":"2011","journal-title":"Comput. Netw."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"3014","DOI":"10.1016\/j.asoc.2012.04.020","article-title":"A hybrid network intrusion detection system using simplified swarm optimization (SSO)","volume":"12","author":"Chung","year":"2012","journal-title":"Appl. Soft Comput."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"753","DOI":"10.1016\/j.asej.2013.01.003","article-title":"A hybrid network intrusion detection framework based on random forests and weighted k-means","volume":"4","author":"Elbasiony","year":"2013","journal-title":"Ain Shams Eng. J."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","article-title":"A novel hybrid intrusion detection method integrating anomaly detection with misuse detection","volume":"41","author":"Kim","year":"2014","journal-title":"Expert Syst. Appl."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.knosys.2015.01.009","article-title":"CANN: An intrusion detection system based on combining cluster centers and nearest neighbors","volume":"78","author":"Lin","year":"2015","journal-title":"Knowl. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1669","DOI":"10.1007\/s00521-015-1964-2","article-title":"A hybrid method consisting of GA and SVM for intrusion detection system","volume":"27","author":"Rahmani","year":"2016","journal-title":"Neural Comput. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1051","DOI":"10.1007\/s00521-016-2418-1","article-title":"An effective combining classifier approach using tree algorithms for network intrusion detection","volume":"28","author":"Kevric","year":"2017","journal-title":"Neural Comput. Appl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.eswa.2016.09.041","article-title":"Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system","volume":"67","author":"Othman","year":"2017","journal-title":"Expert Syst. Appl."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"e3547","DOI":"10.1002\/dac.3547","article-title":"An intrusion detection system based on combining probability predictions of a tree of classifiers","volume":"31","author":"Ahmim","year":"2018","journal-title":"Int. J. Commun. Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1016\/j.jocs.2017.03.006","article-title":"Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model","volume":"25","author":"Aljawarneh","year":"2018","journal-title":"J. Comput. Sci."},{"key":"ref_21","unstructured":"Ferrag, M.A., and Maglaras, L. (2019). DeepCoin: A novel deep learning and blockchain-based energy exchange framework for smart grids. IEEE Trans. Eng. Manag., 1\u201313."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Derhab, A., Guerroumi, M., Gumaei, A., Maglaras, L., Ferrag, M.A., Mukherjee, M., and Khan, F.A. (2019). Blockchain and random subspace learning-based IDS for SDN-enabled industrial IoT security. Sensors, 19.","DOI":"10.3390\/s19143119"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., and Maglaras, L. (2019). DeliveryCoin: An IDS and Blockchain-Based Delivery Framework for Drone-Delivered Services. Computers, 8.","DOI":"10.3390\/computers8030058"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018, January 22\u201324). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the ICISSP, Funchal, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"2188","DOI":"10.1109\/JIOT.2018.2882794","article-title":"Blockchain technologies for the internet of things: Research issues and challenges","volume":"6","author":"Ferrag","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L., Janicke, H., and Smith, R. (2019, January 10\u201312). Deep Learning Techniques for Cyber Security Intrusion Detection: A Detailed Analysis. Proceedings of the 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Athens, Greece.","DOI":"10.14236\/ewic\/icscsr19.16"},{"key":"ref_27","first-page":"102419","article-title":"Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study","volume":"50","author":"Ferrag","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1016\/j.asoc.2018.07.052","article-title":"An experimental evaluation of weightless neural networks for multi-class classification","volume":"72","author":"Giordano","year":"2018","journal-title":"Appl. Soft Comput."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/j.eswa.2017.08.002","article-title":"Forest PA: Constructing a decision forest by penalizing attributes used in previous trees","volume":"89","author":"Adnan","year":"2017","journal-title":"Expert Syst. Appl."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1016\/j.knosys.2014.12.023","article-title":"Coverage-based resampling: Building robust consolidated decision trees","volume":"79","author":"Ibarguren","year":"2015","journal-title":"Knowl. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1145\/1961189.1961199","article-title":"LIBSVM: A library for support vector machines","volume":"2","author":"Chang","year":"2011","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/s10618-009-0131-8","article-title":"FURIA: An Algorithm for Unordered Fuzzy Rule Induction","volume":"19","author":"Huehn","year":"2009","journal-title":"Data Min. Knowl. Discov."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Kang, P., and Cho, S. (2006, January 3\u20136). EUS SVMs: Ensemble of under-sampled SVMs for data imbalance problems. Proceedings of the International Conference on Neural Information Processing, Hong Kong, China.","DOI":"10.1007\/11893028_93"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Tsoumakas, G., Katakis, I., and Vlahavas, I. (2004, January 20\u201324). Effective voting of heterogeneous classifiers. Proceedings of the European Conference on Machine Learning, Pisa, Italy.","DOI":"10.1007\/978-3-540-30115-8_43"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/j.asoc.2016.05.044","article-title":"Evolving meta-ensemble of classifiers for handling incomplete and unbalanced datasets in the cyber security domain","volume":"47","author":"Folino","year":"2016","journal-title":"Appl. Soft Comput."},{"key":"ref_36","unstructured":"Frank, E., and Witten, I.H. (2020, February 29). Reduced-Error Pruning with Significance Tests. Available online: https:\/\/researchcommons.waikato.ac.nz\/bitstream\/handle\/10289\/1039\/uow-cs-wp-1999-10.pdf?sequence=1&isAllowed=y."},{"key":"ref_37","unstructured":"Cohen, W.W. (1995, January 9\u201312). Fast Effective Rule Induction. Proceedings of the Twelfth International Conference on Machine Learning, Tahoe City, CA, USA."},{"key":"ref_38","unstructured":"(2019, May 30). Bot-IoT Dataset. Available online: https:\/\/www.unsw.adfa.edu.au\/unsw-canberra-cyber\/cybersecurity\/ADFA-NB15-Datasets\/bot_iot.php."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Gharib, A., Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2016, January 19\u201322). An evaluation framework for intrusion detection dataset. Proceedings of the 2016 International Conference on Information Science and Security (ICISS), Pattaya, Thailand.","DOI":"10.1109\/ICISSEC.2016.7885840"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset","volume":"100","author":"Koroniotis","year":"2019","journal-title":"Future Gener. Comput. Syst."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/3\/44\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:03:13Z","timestamp":1760173393000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/3\/44"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,2]]},"references-count":40,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,3]]}},"alternative-id":["fi12030044"],"URL":"https:\/\/doi.org\/10.3390\/fi12030044","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,2]]}}}