{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T12:41:03Z","timestamp":1766580063430,"version":"build-2065373602"},"reference-count":21,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T00:00:00Z","timestamp":1748649600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Dr. Abdulaleem Almazroi","award":["0000"],"award-info":[{"award-number":["0000"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>To combat the growing danger of zero-day attacks on IoT networks, this study introduces a Cluster-Based Classification (CBC) method. Security vulnerabilities have become more apparent with the growth of IoT devices, calling for new approaches to identify unique threats quickly. The hybrid CBC approach uses optimized k-means clustering to find commonalities across different abnormalities, intending to quickly identify and classify unknown harmful attacks in a varied IoT network. The technique is fine-tuned for eight-class and two-class classifications, supporting different attacks using the IoTCIC2023 dataset and SelectKBest feature selection. Robust analysis is achieved by evaluating and aggregating the performance of machine learning classifiers such as XGBoost, AdaBoost, KNN, and Random Forest. In two-class classification, Random Forest achieves 95.11% accuracy, while in eight-class classification, KNN tops the charts with 88.24%. These results demonstrate noteworthy accuracy. The suggested CBC technique is effective, as shown by comparisons with state-of-the-art approaches. Despite several caveats and dataset specifications, this study provides a useful tool for academics and practitioners in the ever-changing field of cybersecurity by suggesting a method to strengthen the security of IoT networks against new threats.<\/jats:p>","DOI":"10.3390\/fi17060251","type":"journal-article","created":{"date-parts":[[2025,6,2]],"date-time":"2025-06-02T08:34:13Z","timestamp":1748853253000},"page":"251","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Hybrid Model for Novel Attack Detection Using a Cluster-Based Machine Learning Classification Approach for the Internet of Things (IoT)"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4758-8265","authenticated-orcid":false,"given":"Naveed","family":"Ahmed","sequence":"first","affiliation":[{"name":"Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru 81310, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4907-6359","authenticated-orcid":false,"given":"Md Asri","family":"Ngadi","sequence":"additional","affiliation":[{"name":"Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru 81310, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5778-350X","authenticated-orcid":false,"given":"Abdulaleem Ali","family":"Almazroi","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Rabigh 21911, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7352-7829","authenticated-orcid":false,"given":"Nouf Atiahallah","family":"Alghanmi","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Rabigh 21911, Saudi Arabia"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,31]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"3129","DOI":"10.1007\/s13042-020-01253-w","article-title":"A multiple-kernel clustering based intrusion detection scheme for 5G and IoT networks","volume":"12","author":"Hu","year":"2021","journal-title":"Int. J. Mach. Learn. Cybern."},{"key":"ref_2","first-page":"5949","article-title":"Improved Dragonfly Optimizer for Intrusion Detection Using Deep Clustering CNN-PSO Classifier","volume":"70","author":"Bhuvaneshwari","year":"2022","journal-title":"Comput. Mater. Contin."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Hammad, M., El-Medany, W., and Ismail, Y. (2020, January 20\u201321). Intrusion detection system using feature selection with clustering and classification machine learning algorithms on the UNSW-NB15 dataset. Proceedings of the 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT), Sakheer, Bahrain.","DOI":"10.1109\/3ICT51146.2020.9312002"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"61","DOI":"10.33166\/AETiC.2020.05.004","article-title":"A novel hybrid intrusion detection system (IDS) for the detection of Internet of Things (IoT) network attacks","volume":"14","author":"Ramadan","year":"2020","journal-title":"Ann. Emerg. Technol. Comput. (AETiC)"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"3753","DOI":"10.1007\/s10586-022-03776-z","article-title":"Internet of Things intrusion detection systems: A comprehensive review and future directions","volume":"26","author":"Heidari","year":"2022","journal-title":"Clust. Comput."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Kokaz, A.S., and Kurnaz T\u00fcrkben, A. (2025). A New Iots Security Framework Using Hybrid Machine Learning Techniques. IETE J. Res., 1\u201328.","DOI":"10.1080\/03772063.2024.2447875"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"100009","DOI":"10.1016\/j.teler.2022.100009","article-title":"Towards an effective deep learning-based intrusion detection system in the Internet of Things","volume":"7","author":"Pampapathi","year":"2022","journal-title":"Telemat. Inform. Rep."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"22931","DOI":"10.1109\/ACCESS.2025.3536638","article-title":"An Efficient and Hybrid Deep Learning-Driven Model to Enhance Security and Performance of Healthcare Internet of Things","volume":"13","author":"Babar","year":"2025","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Uthradevi, G., Thiruvasagam, P., Mythili, S., and Manoj, S.O. (2025). A Semi-Supervised Deep Learning Approach for Intrusion Detection and Classification for the Internet of Things. Biomed. Mater. Devices.","DOI":"10.1007\/s44174-025-00321-5"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"3527","DOI":"10.1007\/s10489-021-02621-x","article-title":"A lightweight intelligent network intrusion detection system using OCSVM and Pigeon Inspired Optimizer","volume":"52","author":"Alazzam","year":"2022","journal-title":"Appl. Intell."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kaliyaperumal, P., Periyasamy, S., Thirumalaisamy, M., Balusamy, B., and Benedetto, F. (2024). A novel hybrid unsupervised learning approach for enhanced cybersecurity in the IoT. Future Internet, 16.","DOI":"10.3390\/fi16070253"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"108731","DOI":"10.1016\/j.compeleceng.2023.108731","article-title":"AI-empowered malware detection system for Industrial Internet of Things","volume":"108","author":"Smmarwar","year":"2023","journal-title":"Comput. Electr. Eng."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1007\/s12065-019-00291-w","article-title":"UIDS: A unified intrusion detection system for IoT environment","volume":"14","author":"Kumar","year":"2021","journal-title":"Evol. Intell."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gadal, S., Mokhtar, R., Abdelhaq, M., Alsaqour, R., Ali, E.S., and Saeed, R. (2022). Machine learning-based anomaly detection using K-Mean Array and Sequential Minimal Optimization. Electronics, 11.","DOI":"10.3390\/electronics11142158"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"428","DOI":"10.3390\/iot2030022","article-title":"Towards a hybrid deep learning model for anomalous activities detection in internet of things networks","volume":"2","author":"Ullah","year":"2021","journal-title":"IoT"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"100612","DOI":"10.1016\/j.measen.2022.100612","article-title":"Intrusion detection system in distributed cloud computing: Hybrid clustering and classification methods","volume":"25","author":"Samunnisa","year":"2023","journal-title":"Meas. Sensors"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"51","DOI":"10.15866\/irecap.v14i2.24944","article-title":"Intrusion Detection System Using Hybrid Machine Learning Classifiers and Optimum Feature Selection in Internet of Things (IoT)","volume":"14","author":"Ahmed","year":"2024","journal-title":"Int. J. Commun. Antenna Propag. (IRECAP)"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"e499","DOI":"10.1002\/spy2.499","article-title":"PCM-RF: A Hybrid Feature Selection Mechanism for Intrusion Detection System in IoT","volume":"8","author":"Ahmed","year":"2025","journal-title":"Secur. Priv."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"4944","DOI":"10.1109\/JIOT.2020.3034156","article-title":"Hybrid Deep Learning for Botnet Attack Detection in the Internet-of-Things Networks","volume":"8","author":"Popoola","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensor, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"9395","DOI":"10.1016\/j.aej.2022.02.063","article-title":"A machine learning-based intrusion detection for detecting internet of things network attacks","volume":"61","author":"Saheed","year":"2022","journal-title":"Alex. Eng. J."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/251\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:45:02Z","timestamp":1760031902000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/251"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,31]]},"references-count":21,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2025,6]]}},"alternative-id":["fi17060251"],"URL":"https:\/\/doi.org\/10.3390\/fi17060251","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,5,31]]}}}