{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T11:55:36Z","timestamp":1780401336260,"version":"3.54.1"},"reference-count":59,"publisher":"MDPI AG","issue":"13","license":[{"start":{"date-parts":[[2024,6,26]],"date-time":"2024-06-26T00:00:00Z","timestamp":1719360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.<\/jats:p>","DOI":"10.3390\/s24134152","type":"journal-article","created":{"date-parts":[[2024,6,26]],"date-time":"2024-06-26T09:29:33Z","timestamp":1719394173000},"page":"4152","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":43,"title":["Enhanced Network Intrusion Detection System for Internet of Things Security Using Multimodal Big Data Representation with Transfer Learning and Game Theory"],"prefix":"10.3390","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1030-1275","authenticated-orcid":false,"given":"Farhan","family":"Ullah","sequence":"first","affiliation":[{"name":"School of Software, Northwestern Polytechnical University, Xian 710072, China"},{"name":"Division of Computer Science, University of Camerino, 62032 Camerino, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5445-9728","authenticated-orcid":false,"given":"Ali","family":"Turab","sequence":"additional","affiliation":[{"name":"School of Software, Northwestern Polytechnical University, Xian 710072, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6399-8461","authenticated-orcid":false,"given":"Shamsher","family":"Ullah","sequence":"additional","affiliation":[{"name":"National Engineering Laboratory for Big Data System Computing Technology, Shenzhen University, Shenzhen 518060, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4491-0666","authenticated-orcid":false,"given":"Diletta","family":"Cacciagrano","sequence":"additional","affiliation":[{"name":"Division of Computer Science, University of Camerino, 62032 Camerino, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7865-5555","authenticated-orcid":false,"given":"Yue","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Computer Science, College of Science, Mathematics and Technology, Wenzhou-Kean University, Wenzhou 325015, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,26]]},"reference":[{"key":"ref_1","first-page":"291","article-title":"A survey on Internet of Things architectures","volume":"30","author":"Ray","year":"2018","journal-title":"J. King Saud Univ. Comput. Inf. Sci."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"3833","DOI":"10.1109\/JIOT.2020.2975418","article-title":"Modeling quality of IoT experience in autonomous vehicles","volume":"7","author":"Minovski","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"2271","DOI":"10.1109\/TII.2017.2759178","article-title":"IIHub: An industrial Internet-of-Things hub toward smart manufacturing based on cyber-physical system","volume":"14","author":"Tao","year":"2017","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"9310","DOI":"10.1109\/JIOT.2021.3130434","article-title":"Hierarchical adversarial attacks against graph-neural-network-based IoT network intrusion detection system","volume":"9","author":"Zhou","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"102435","DOI":"10.1016\/j.cose.2021.102435","article-title":"STL-HDL: A new hybrid network intrusion detection system for imbalanced dataset on big data environment","volume":"110","author":"Al","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1798","DOI":"10.1109\/TCE.2023.3328320","article-title":"NIDS-VSB: Network Intrusion Detection System for VANET using Spark-Based Big Data Optimization and Transfer Learning","volume":"70","author":"Ullah","year":"2023","journal-title":"IEEE Trans. Consum. Electron."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"102668","DOI":"10.1016\/j.cose.2022.102668","article-title":"Intrusion detection in big data using hybrid feature fusion and optimization enabled deep learning based on spark architecture","volume":"116","author":"Ramkumar","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1016\/j.future.2018.09.061","article-title":"A novel method for parallel indexing of real time geospatial big data generated by IoT devices","volume":"97","author":"Limkar","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Alsirhani, A., Sampalli, S., and Bodorik, P. (2018, January 26\u201328). DDoS attack detection system: Utilizing classification algorithms with Apache Spark. Proceedings of the 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France.","DOI":"10.1109\/NTMS.2018.8328686"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"4815","DOI":"10.1109\/JIOT.2018.2871719","article-title":"An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of Internet of Things","volume":"6","author":"Moustafa","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.cose.2019.06.005","article-title":"A survey of network-based intrusion detection data sets","volume":"86","author":"Ring","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"108117","DOI":"10.1016\/j.comnet.2021.108117","article-title":"PBCNN: Packet bytes-based convolutional neural network for network intrusion detection","volume":"194","author":"Yu","year":"2021","journal-title":"Comput. Netw."},{"key":"ref_13","first-page":"16","article-title":"Intrusion detection system to detect sinkhole attack on RPL protocol in Internet of Things","volume":"4","author":"Stephen","year":"2017","journal-title":"Int. J. Electr. Electron. Comput. Sci."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"2661","DOI":"10.1016\/j.adhoc.2013.04.014","article-title":"SVELTE: Real-time intrusion detection in the Internet of Things","volume":"11","author":"Raza","year":"2013","journal-title":"Ad Hoc Networks"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Shreenivas, D., Raza, S., and Voigt, T. Intrusion Detection in the RPL-connected 6LoWPAN Networks. Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, Abu Dhabi, United Arab Emirates, 2 April 2017.","DOI":"10.1145\/3055245.3055252"},{"key":"ref_16","first-page":"1","article-title":"Real Time Intrusion and Wormhole Attack Detection in Internet of Things","volume":"121","author":"Pongle","year":"2015","journal-title":"Int. J. Comput. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Jun, C., and Chi, C. (2014, January 10\u201311). Design of Complex Event-Processing IDS in Internet of Things. 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). Proceedings of the 2014 6th International Conference on Measuring Technology and Mechatronics Automation, Zhangjiajie, China.","DOI":"10.1109\/ICMTMA.2014.57"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Summerville, D.H., Zach, K.M., and Chen, Y. (2015, January 14\u201316). Ultra-lightweight deep packet anomaly detection for Internet of Things devices. Proceedings of the 2015 IEEE 34th International Performance Computing and Communications Conference, Nanjing, China.","DOI":"10.1109\/PCCC.2015.7410342"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Santos, L., Rabadao, C., and Goncalves, R. (2018, January 13\u201316). Intrusion detection systems in Internet of Things: A literature review. Proceedings of the 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, Spain.","DOI":"10.23919\/CISTI.2018.8399291"},{"key":"ref_20","unstructured":"Ioulianou, P., Vasilakis, V., Moscholios, I., and Logothetis, M. (2018, January 3\u20135). A signature-based intrusion detection system for the Internet of Things. Proceedings of the Information and Communication Technology Forum, Bandung, Indonesia."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: A systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","article-title":"Deep learning approach for intelligent intrusion detection system","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Gupta, A., Birkner, R., Canini, M., Feamster, N., Mac-Stoker, C., and Willinger, W. Network monitoring as a streaming analytics problem. Proceedings of the 15th ACM Workshop on Hot Topics in Networks, Atlanta, GA, USA, 9\u201310 November 2016.","DOI":"10.1145\/3005745.3005748"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.procs.2018.01.091","article-title":"Performance evaluation of intrusion detection based on machine learning using Apache Spark","volume":"127","author":"Belouch","year":"2018","journal-title":"Proc. Comput. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"9552","DOI":"10.1109\/JIOT.2020.2993782","article-title":"FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks","volume":"7","author":"Jia","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1109\/TNSM.2017.2691007","article-title":"Cost Efficient Design of Fault Tolerant Geo-Distributed Data Centers","volume":"14","author":"Tripathi","year":"2017","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.dcan.2023.03.008","article-title":"IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic","volume":"10","author":"Ullah","year":"2024","journal-title":"Digital Communications and Networks"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Seyyar, Y.E., Yavuz, A.G., and \u00dcnver, H.M. (2022, January 15\u201318). Detection of web attacks using the BERT model. Proceedings of the 30th Signal Processing and Communications Applications Conference (SIU), Safranbolu, Turkey.","DOI":"10.1109\/SIU55565.2022.9864721"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"141787","DOI":"10.1109\/ACCESS.2020.3013849","article-title":"The Weighted Word2vec Paragraph Vectors for Anomaly Detection Over HTTP Traffic","volume":"8","author":"Li","year":"2020","journal-title":"IEEE Access"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"4943509","DOI":"10.1155\/2018\/4943509","article-title":"TR-IDS: Anomaly-based intrusion detection through text-convolutional neural network and random forest","volume":"2018","author":"Min","year":"2018","journal-title":"Security and Communication Networks"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Wang, F., Jiang, M., Qian, C., Yang, S., Li, C., Zhang, H., Wang, X., and Tang, X. (2017, January 21\u201326). Residual Attention Network for Image Classification. Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Honolulu, HI, USA.","DOI":"10.1109\/CVPR.2017.683"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1007\/s41060-016-0027-9","article-title":"Big data analytics on Apache Spark","volume":"1","author":"Salloum","year":"2016","journal-title":"Int. J. Data Sci. Anal."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40537-019-0178-3","article-title":"A survey on data storage and placement methodologies for cloud-big data ecosystem","volume":"6","author":"Mazumdar","year":"2019","journal-title":"J. Big Data"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"10880","DOI":"10.1109\/TVT.2021.3106940","article-title":"Anomaly Detection for In-Vehicle Network Using CNN-LSTM With Attention Mechanism","volume":"70","author":"Sun","year":"2021","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Dadkhah, S., Mahdikhani, H., Danso, P.K., Zohourian, A., Truong, K.A., and Ghorbani, A.A. (2022, January 22\u201324). Towards the development of a realistic multidimensional IoT profiling dataset. Proceedings of the 2022 19th Annual International Conference on Privacy, Security & Trust (PST), New Brunswick, Canada.","DOI":"10.1109\/PST55820.2022.9851966"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"40281","DOI":"10.1109\/ACCESS.2022.3165809","article-title":"Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning","volume":"10","author":"Ferrag","year":"2022","journal-title":"IEEE Access"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Tavafoghi, H., Ouyang, Y., Teneketzis, D., and Wellman, M.P. (2019). Game theoretic approaches to cyber security: Challenges, results, and open problems. Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Control-and Game-Theoretic Approaches to Cyber Security, Springer.","DOI":"10.1007\/978-3-030-30719-6_3"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"2902","DOI":"10.1109\/VETECF.2004.1400591","article-title":"A non-cooperative game approach for intrusion detection in sensor networks","volume":"Volume 4","author":"Agah","year":"2004","journal-title":"Proceedings of the IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004"},{"key":"ref_40","first-page":"2595","article-title":"A game theoretic approach to decision and analysis in network intrusion detection","volume":"Volume 3","author":"Alpcan","year":"2003","journal-title":"Proceedings of the 42nd IEEE International Conference on Decision and Control (IEEE Cat. No. 03CH37475)"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1073\/pnas.36.1.48","article-title":"Equilibrium points in n-person games","volume":"Volume 36","author":"Nash","year":"1950","journal-title":"Proceedings of the National Academy of Sciences"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Liu, B., Xu, H., and Zhou, X. (2018). Stackelberg Dynamic Game-Based Resource Allocation in Threat Defense for Internet of Things. Sensors, 18.","DOI":"10.3390\/s18114074"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1016\/j.jpdc.2020.09.011","article-title":"Detection resource allocation scheme for two-layer cooperative IDSs in smart grids","volume":"147","author":"Xia","year":"2021","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Boudko, S., Aursand, P., and Abie, H. (2020). Evolutionary Game for Confidentiality in IoT-Enabled Smart Grids. Information, 11.","DOI":"10.20944\/preprints202011.0002.v1"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"4059","DOI":"10.1109\/JIOT.2022.3203249","article-title":"A survey on IoT intrusion detection: Federated learning, game theory, social psychology, and explainable AI as future directions","volume":"10","author":"Arisdakessian","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Estiri, M., and Khademzadeh, A. (2010, January 2\u20135). A game-theoretical model for intrusion detection in wireless sensor networks. Proceedings of the CCECE 2010, Calgary, AB, Canada.","DOI":"10.1109\/CCECE.2010.5575157"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"491","DOI":"10.1016\/j.ins.2018.06.017","article-title":"Intrusion detection model of wireless sensor networks based on game theory and an autoregressive model","volume":"476","author":"Han","year":"2019","journal-title":"Inf. Sci."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Krichen, M. (2023). A Survey on Formal Verification and Validation Techniques for Internet of Things. Appl. Sci., 13.","DOI":"10.3390\/app13148122"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"107233","DOI":"10.1016\/j.comnet.2020.107233","article-title":"Towards formal verification of IoT protocols: A Review","volume":"174","year":"2020","journal-title":"Comput. Netw."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"2287","DOI":"10.1007\/s11277-019-06986-8","article-title":"Machine Learning Based Intrusion Detection Systems for IoT Applications","volume":"111","author":"Verma","year":"2020","journal-title":"Wirel. Pers. Commun."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"10327","DOI":"10.1109\/JIOT.2020.3048038","article-title":"Adversarial Attacks Against Network Intrusion Detection in IoT Systems","volume":"8","author":"Qiu","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"102031","DOI":"10.1016\/j.simpat.2019.102031","article-title":"Deep recurrent neural network for IoT intrusion detection system","volume":"101","author":"Almiani","year":"2020","journal-title":"Simul. Model. Pract. Theory"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"9042","DOI":"10.1109\/JIOT.2019.2926365","article-title":"A supervised intrusion detection system for smart home IoT devices","volume":"6","author":"Anthi","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Granjal, J., Silva, J.M., and Louren\u00e7o, N. (2018). Intrusion Detection and Prevention in CoAP Wireless Sensor Networks Using Anomaly Detection. Sensors, 18.","DOI":"10.3390\/s18082445"},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"103381","DOI":"10.1016\/j.cose.2023.103381","article-title":"Dependable federated learning for IoT intrusion detection against poisoning attacks","volume":"132","author":"Yang","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_56","unstructured":"Sugi, S.S.S., and Ratna, S.R. (2020, January 3\u20135). Investigation of machine learning techniques in intrusion detection system for IoT network. Proceedings of the 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, India."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2990499","article-title":"Intelligent Intrusion Detection in Low-Power IoTs","volume":"16","author":"Saeed","year":"2016","journal-title":"ACM Trans. Internet Technol."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Ullah, F., Alsirhani, A., Alshahrani, M.M., Alomari, A., Naeem, H., and Shah, S.A. (2022). Explainable Malware Detection System Using Transformers-Based Transfer Learning and Multi-Model Visual Representation. Sensors, 22.","DOI":"10.3390\/s22186766"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Ullah, F., Ullah, S., Naeem, M.R., Mostarda, L., Rho, S., and Cheng, X. (2022). Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation. Sensors, 22.","DOI":"10.3390\/s22155883"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/13\/4152\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:04:59Z","timestamp":1760108699000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/13\/4152"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,26]]},"references-count":59,"journal-issue":{"issue":"13","published-online":{"date-parts":[[2024,7]]}},"alternative-id":["s24134152"],"URL":"https:\/\/doi.org\/10.3390\/s24134152","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,26]]}}}