{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T00:29:53Z","timestamp":1781656193039,"version":"3.54.5"},"reference-count":58,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2021,1,10]],"date-time":"2021-01-10T00:00:00Z","timestamp":1610236800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.<\/jats:p>","DOI":"10.3390\/s21020446","type":"journal-article","created":{"date-parts":[[2021,1,10]],"date-time":"2021-01-10T23:03:42Z","timestamp":1610319822000},"page":"446","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":219,"title":["An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1687-3749","authenticated-orcid":false,"given":"Andrew","family":"Churcher","sequence":"first","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6475-2434","authenticated-orcid":false,"given":"Rehmat","family":"Ullah","sequence":"additional","affiliation":[{"name":"School of Electronics, Electrical Engineering and Computer Science, Queen\u2019s University, Belfast BT9 5BN, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6289-8248","authenticated-orcid":false,"given":"Jawad","family":"Ahmad","sequence":"additional","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7823-3814","authenticated-orcid":false,"given":"Sadaqat","family":"ur Rehman","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Namal Institute, Mianwali 42250, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fawad","family":"Masood","sequence":"additional","affiliation":[{"name":"College of Information Engineering, Yangzhou University, Yangzhou 225127, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mandar","family":"Gogate","sequence":"additional","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9564-6653","authenticated-orcid":false,"given":"Fehaid","family":"Alqahtani","sequence":"additional","affiliation":[{"name":"Department of Computer Science, King Fahad Naval Academy, Al Jubail 35512, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5609-856X","authenticated-orcid":false,"given":"Boubakr","family":"Nour","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0809-3523","authenticated-orcid":false,"given":"William J.","family":"Buchanan","sequence":"additional","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,1,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Dorsemaine, B., Gaulier, J.P., Wary, J.P., Kheir, N., and Urien, P. (2015, January 9\u201311). Internet of Things: A Definition & Taxonomy. Proceedings of the 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, Cambridge, UK.","DOI":"10.1109\/NGMAST.2015.71"},{"key":"ref_2","unstructured":"Statista (2019). IoT: Number of Connected Devices Worldwide 2012\u20132025, Statista."},{"key":"ref_3","unstructured":"Doffman, Z. (2020, November 10). Cyberattacks On IOT Devices Surge 300% In 2019, \u2018Measured in Billions\u2019. Available online: https:\/\/www.forbes.com\/sites\/zakdoffman\/2019\/09\/14\/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims\/?sh=24e245575892."},{"key":"ref_4","unstructured":"Furbush, J. (2020, November 10). Machine Learning: A Quick and Simple Definition. Available online: https:\/\/www.oreilly.com\/content\/machine-learning-a-quick-and-simple-definition\/."},{"key":"ref_5","unstructured":"Jmj, A. (2020, November 10). 5 Industries That Heavily Rely on Artificial Intelligence and Machine Learning. Available online: https:\/\/medium.com\/datadriveninvestor\/5-industries-that-heavily-rely-on-artificial-intelligence-and-machine-learning-53610b6c1525."},{"key":"ref_6","unstructured":"Dosal, E. (Compuquip, 2018). 3 Advantages of a Network Threat Analysis, Compuquip."},{"key":"ref_7","unstructured":"Groopman, J. (2020, November 10). Understand the Top 4 Use Cases for AI in Cybersecurity. Available online: https:\/\/searchsecurity.techtarget.com\/tip\/Understand-the-top-4-use-cases-for-AI-in-cybersecurity."},{"key":"ref_8","unstructured":"Mohammad, A., Maen, A., Szilveszter, K., and Mouhammd, A. (2017, January 14\u201316). Evaluation of machine learning algorithms for intrusion detection system. Proceedings of the IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), Subotica, Serbia."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Sommer, R., and Paxson, V. (2010, January 16\u201319). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2010.25"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Foley, J., Moradpoor, N., and Ochenyi, H. (2020). Employing a Machine Learning Approach to Detect Combined Internet of Things Attacks against Two Objective Functions Using a Novel Dataset. Secur. Commun. Netw., 2020.","DOI":"10.1155\/2020\/2804291"},{"key":"ref_11","first-page":"628","article-title":"Internet of Things Cyber Attacks Detection using Machine Learning","volume":"10","author":"Alsamiri","year":"2019","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"100059","DOI":"10.1016\/j.iot.2019.100059","article-title":"Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches","volume":"7","author":"Hasan","year":"2019","journal-title":"Internet Things"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1559","DOI":"10.1007\/s42452-019-1356-9","article-title":"Evaluation of k-nearest neighbour classifier performance for heterogeneous data sets","volume":"1","author":"Ali","year":"2019","journal-title":"SN Appl. Sci."},{"key":"ref_14","unstructured":"Harrison, O. (Towards Data Science, 2019). Machine Learning Basics with the K-Nearest Neighbors Algorithm, Towards Data Science."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1016\/S0167-4048(02)00514-X","article-title":"Use of K-Nearest Neighbor classifier for intrusion detection","volume":"21","author":"Liao","year":"2002","journal-title":"Comput. Secur."},{"key":"ref_16","first-page":"2258","article-title":"K Nearest Neighbor Based Model for Intrusion Detection System","volume":"8","author":"Nikhitha","year":"2019","journal-title":"Int. J. Recent Technol. Eng."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Yao, J., Zhao, S., and Fan, L. (2006). An Enhanced Support Vector Machine Model for Intrusion Detection. Rough Sets Knowl. Technol. Lect. Notes Comput. Sci., 538\u2013543.","DOI":"10.1007\/11795131_78"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Cahyo, A.N., Hidayat, R., and Adhipta, D. (2016). Performance comparison of intrusion detection system based anomaly detection using artificial neural network and support vector machine. AIP Conf. Proc.","DOI":"10.1063\/1.4958506"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2094","DOI":"10.21275\/v5i4.NOV162954","article-title":"A Survey on Decision Tree Algorithms of Classification in Data Mining","volume":"5","author":"Sharma","year":"2016","journal-title":"Int. J. Sci. Res. (IJSR)"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Stampar, M., and Fertalj, K. (2015, January 25\u201329). Artificial intelligence in network intrusion detection. Proceedings of the 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia.","DOI":"10.1109\/MIPRO.2015.7160479"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Aloqaily, M., Otoum, S., Al Ridhawi, I., and Jararweh, Y. (2019). An Intrusion Detection System for Connected Vehicles in Smart Cities. Ad. Hoc. Netw.","DOI":"10.1016\/j.adhoc.2019.02.001"},{"key":"ref_22","unstructured":"Koehrsen, W. (2020, November 10). An Implementation and Explanation of the Random Forest in Python. Available online: https:\/\/towardsdatascience.com\/an-implementation-and-explanation-of-the-random-forest-in-python-77bf308a9b76."},{"key":"ref_23","unstructured":"Dubey, A. (2020, November 10). Feature Selection Using Random forest. Available online: https:\/\/towardsdatascience.com\/feature-selection-using-random-forest-26d7b747597f."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.procs.2016.06.047","article-title":"Random Forest Modeling for Network Intrusion Detection System","volume":"89","author":"Farnaaz","year":"2016","journal-title":"Procedia Comput. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"88","DOI":"10.18201\/ijisae.2019252786","article-title":"Performance analysis of ANN and Naive Bayes classification algorithm for data classification","volume":"7","author":"Saritas","year":"2019","journal-title":"Int. J. Intell. Syst. Appl. Eng."},{"key":"ref_26","unstructured":"(The Data Science Blog, 2016). Ujjwalkarn. A Quick Introduction to Neural Networks, The Data Science Blog."},{"key":"ref_27","first-page":"96","article-title":"Research paper on basic of artificial neural network","volume":"2","author":"Maind","year":"2014","journal-title":"Int. J. Recent Innov. Trends Comput. Commun."},{"key":"ref_28","first-page":"2583","article-title":"ANNIDS: Artificial Neural Network based Intrusion Detection System for Internet of Things","volume":"8","author":"Anitha","year":"2019","journal-title":"Int. J. Innov. Technol. Explor. Eng. Regul. Issue"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.icte.2018.04.003","article-title":"Intelligent intrusion detection systems using artificial neural networks","volume":"4","author":"Shenfield","year":"2018","journal-title":"ICT Express"},{"key":"ref_30","unstructured":"Rajput, H. (Knoldus Blogs, 2018). MachineX: Simplifying Logistic Regression, Knoldus Blogs."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ghosh, P., and Mitra, R. (2015, January 7\u20138). Proposed GA-BFSS and logistic regression based intrusion detection system. Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), Hooghly, India.","DOI":"10.1109\/C3IT.2015.7060117"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"1686","DOI":"10.1109\/COMST.2020.2986444","article-title":"Machine Learning in IoT Security: Current Solutions and Future Challenges","volume":"22","author":"Hussain","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Saleem, J., Hammoudeh, M., Raza, U., Adebisi, B., and Ande, R. (2018, January 26\u201327). IoT standardisation. Proceedings of the 2nd International Conference on Future Networks and Distributed Systems\u2014ICFNDS 18, Amman, Jordan.","DOI":"10.1145\/3231053.3231103"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.jnca.2017.10.016","article-title":"Data exfiltration: A review of external attack vectors and countermeasures","volume":"101","author":"Ullah","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Carthy, S.M.M., Sinha, A., Tambe, M., and Manadhata, P. (2016). Data Exfiltration Detection and Prevention: Virtually Distributed POMDPs for Practically Safer Networks. Lect. Notes Comput. Sci. Decis. Game Theory Secur., 39\u201361.","DOI":"10.1007\/978-3-319-47413-7_3"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1016\/j.cose.2019.03.021","article-title":"A-PANDDE: Advanced Provenance-based ANomaly Detection of Data Exfiltration","volume":"84","author":"Fadolalkarim","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_37","first-page":"260","article-title":"A Review: DoS and DDoS Attacks","volume":"4","author":"Malik","year":"2015","journal-title":"Int. J. Comput. Sci. Mob. Comput."},{"key":"ref_38","first-page":"2","article-title":"A survey of distributed denial-of-service attack, prevention, and mitigation techniques","volume":"13","author":"Mahjabin","year":"2017","journal-title":"Int. J. Distrib. Sens. Networks"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Vald\u00e9s, J.F., and Luna-Valero, F. (2020). Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach. Sensors, 20.","DOI":"10.3390\/s20030816"},{"key":"ref_41","first-page":"297","article-title":"DoS\/DDoS Detection for E-Healthcare in Internet of Things","volume":"9","author":"Ul","year":"2018","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_42","unstructured":"Olzak, T. (2020, November 12). Keystroke Logging (Keylogging). Available online: https:\/\/www.researchgate.net\/publication\/228797653_Keystroke_logging_keylogging."},{"key":"ref_43","first-page":"25","article-title":"Survey of Keylogger Technologies","volume":"5","author":"Abukar","year":"2014","journal-title":"Int. J. Comput. Sci. Telecommun."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Ortolani, S., Giuffrida, C., and Crispo, B. (2010). Bait Your Hook: A Novel Detection Technique for Keyloggers. Lect. Notes Comput. Sci. Recent Adv. Intrusion Detect., 198\u2013217.","DOI":"10.1007\/978-3-642-15512-3_11"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Wajahat, A., Imran, A., Latif, J., Nazir, A., and Bilal, A. (2019, January 30\u201331). A Novel Approach of Unprivileged Keylogger Detection. Proceedings of the 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), Sukkur, Pakistan.","DOI":"10.1109\/ICOMET.2019.8673404"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"318","DOI":"10.1016\/j.comnet.2018.11.013","article-title":"Towards automatic fingerprinting of IoT devices in the cyberspace","volume":"148","author":"Yang","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Aneja, S., Aneja, N., and Islam, M.S. (2018, January 1\u20133). IoT Device Fingerprint using Deep Learning. Proceedings of the 2018 IEEE International Conference on Internet of Things and Intelligence System (IOTAIS), Bali, Indonesia.","DOI":"10.1109\/IOTAIS.2018.8600824"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"1565","DOI":"10.1093\/comjnl\/bxr035","article-title":"Surveying Port Scans and Their Detection Methodologies","volume":"54","author":"Bhuyan","year":"2011","journal-title":"Comput. J."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Markowsky, L., and Markowsky, G. (2015, January 24\u201326). Scanning for vulnerable devices in the Internet of Things. Proceedings of the 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Warsaw, Poland.","DOI":"10.1109\/IDAACS.2015.7340779"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Sivanathan, A., Gharakheili, H.H., and Sivaraman, V. (2018, January 21\u201322). Can We Classify an IoT Device using TCP Port Scan?. Proceedings of the 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS), Colombo, Sri Lanka.","DOI":"10.1109\/ICIAFS.2018.8913346"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"2627","DOI":"10.1002\/sec.1508","article-title":"A fuzzy detection approach toward different speed port scan attacks based on Dempster-Shafer evidence theory","volume":"9","author":"Shao","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Lopez-Vizcaino, M., Novoa, F.J., Fernandez, D., Carneiro, V., and Cacheda, F. (2019, January 26\u201328). Early Intrusion Detection for OS Scan Attacks. Proceedings of the 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA.","DOI":"10.1109\/NCA.2019.8935067"},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Rashid, M.M., Kamruzzaman, J., Hassan, M.M., Imam, T., and Gordon, S. (2020). Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques. Int. J. Environ. Res. Public Health, 17.","DOI":"10.3390\/ijerph17249347"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., and Sakurai, K. (2020). Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture. Sensors, 20.","DOI":"10.3390\/s20164372"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Ioannou, C., and Vassiliou, V. (2019, January 29\u201331). Classifying Security Attacks in IoT Networks Using Supervised Learning. Proceedings of the 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), Santorini Island, Greece.","DOI":"10.1109\/DCOSS.2019.00118"},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset","volume":"100","author":"Koroniotis","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"1565","DOI":"10.1038\/nbt1206-1565","article-title":"What is a support vector machine?","volume":"24","author":"Noble","year":"2006","journal-title":"Nat. Biotechnol."},{"key":"ref_58","unstructured":"Rish, I. (2001, January 4). An empirical study of the naive Bayes classifier. Proceedings of the IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence, Seattle, WA, USA."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/2\/446\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:09:25Z","timestamp":1760159365000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/2\/446"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,10]]},"references-count":58,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,1]]}},"alternative-id":["s21020446"],"URL":"https:\/\/doi.org\/10.3390\/s21020446","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,10]]}}}