Enhancing IoT Anomaly Detection using Hybrid CNN-LSTM Model and Interpretable Feature Selection

Authors

  • soran Ahmed Hasan Department of Software and Informatics Engineering, College of Engineering, Salahaddin University-Erbil, Erbil, Kurdistan Region, Iraq
  • Marwan Aziz Mohammed 1Department of Software and Informatics Engineering, College of Engineering, Salahaddin University-Erbil, Erbil, Kurdistan Region, Iraq 2Department of Computer Engineering, College of Engineering, Knowledge University, Erbil 44001, Iraq

DOI:

https://doi.org/10.21271/ZJPAS.37.6.13

Keywords:

Anomaly Detection, CICIoT2023 Dataset, DDoS Detection, CNN-LSTM, IoT Security

Abstract

Securing Internet of Things (IoT) networks is an ongoing challenge. As more devices connect to the internet with limited resources, these systems have become more vulnerable to cyberattacks. Many attacks continually evolve and become more sophisticated. This highlights the need for scalable, efficient anomaly detection deployable close to IoT devices to minimize latency, while maintaining high accuracy with low memory and computational demands. Many solutions have been applied for enhancing the problem area, either they are heavy models unsuitable for edge devices or they lack generalizability with recent datasets and current attack traffic patterns. Our research suggests a lightweight anomaly detection model that combines Convolution Neural Network (CNN) and Long Short Term Memory (LSTM) model, to recognize patterns across both spatial and temporal dimensions, as well as identify significant relationships among an interpretable selected set of features. with SHapley Additive exPlanations (SHAP) for feature selection and Synthetic Minority Oversampling Technique - Edited Nearest Neighbors (SMOTE-ENN) for balancing the distribution of classes in the datasets. The model’s performance was evaluated using accuracy, precision, recall, and F1 parameters. Following the study, an accuracy rate of 99.12% for multiclassification is achieved in the CICIoT2023 dataset. In the TON_IoT dataset, a multiclassification success rate of 99.08% is reached. The model with 10 features selected achieved 99.0%, 98.85% in the CICIoT2023 and TON_IoT dataset. With just 43,406 trainable parameters and Top 10 features selected proposed framework offers a lightweight, explainable model that is effective for edge IoT devices with limited resources.

References

Albulayhi, K., Al-Haija, Q. A., Alsuhibany, S. A., Jillepalli, A. A., Ashrafuzzaman, M. & Sheldon, F. T. 2022. IoT Intrusion Detection Using Machine Learning with a Novel High Performing Feature Selection Method. Applied Sciences (Switzerland), 12.

Alzahrani, H., Sheltami, T., Barnawi, A., Imam, M. & Yaser, A. 2024. A Lightweight Intrusion Detection System Using Convolutional Neural Network and Long Short-Term Memory in Fog Computing. Computers, Materials and Continua, 80, 4703-4728.

Anwer, M. A., Qattan, G. A. & Ali, A. M. 2024. Ocular disease classification using different kinds of machine learning algorithms. Zanco Journal of Pure and Applied Sciences, 36, 25-34.

Bakhsh, S. A., Khan, M. A., Ahmed, F., Alshehri, M. S., Ali, H. & Ahmad, J. 2023. Enhancing IoT network security through deep learning-powered Intrusion Detection System. Internet of Things (Netherlands), 24.

Gueriani, A., Kheddar, H. & Mazari, A. C. 2024. Enhancing IoT Security with CNN and LSTM-Based Intrusion Detection Systems.

Hajjouz, A. & Avksentieva, E. 2024. Optimizing Intrusion Detection for DoS, DDoS, and Mirai Attacks Subtypes Using Hierarchical Feature Selection and CatBoost on the CICIoT2023 Dataset. Data and Metadata, 3.

Hassen, S. & Abdlrazaq, A. 2024. Contextual Deep Semantic Feature Driven Multi-Types Network Intrusion Detection System for IoT-Edge Networks. Zanco Journal of Pure and Applied Sciences, 36, 132-147.

Hizal, S., Cavusoglu, U. & Akgun, D. 2024. A novel deep learning-based intrusion detection system for IoT DDoS security. Internet of Things (Netherlands), 28.

Ji, R., Kumar, N. & Padha, D. 2024. Hybrid Enhanced Intrusion Detection Frameworks for Cyber-Physical Systems via Optimal Features Selection. Article in Indian Journal of Science and Technology, 17, 3069-3069.

Khan, M. M. & Alkhathami, M. 2024. Anomaly detection in IoT-based healthcare: machine learning for enhanced security. Scientific Reports, 14.

Khanday, S. A., Fatima, H. & Rakesh, N. 2024. A Novel Data Preprocessing Model for Lightweight Sensory IoT Intrusion Detection. International Journal of Mathematical, Engineering and Management Sciences, 9, 188-204.

Krzysztoń, E., Rojek, I. & Mikołajewski, D. 2024. A Comparative Analysis of Anomaly Detection Methods in IoT Networks: An Experimental Study. Applied Sciences (Switzerland). Multidisciplinary Digital Publishing Institute (MDPI).

Manokaran, J. & Vairavel, G. 2024. DL-ADS: Improved Grey Wolf Optimization Enabled AE-LSTM Technique for Efficient Network Anomaly Detection in Internet of Thing Edge Computing. IEEE Access, 12, 75983-76002.

Modi, P. Towards Efficient Machine Learning Method for IoT DDoS Attack Detection.

Moustafa, N. 2021. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets. 72.

Nazir, A., He, J., Zhu, N., Qureshi, S. S., Qureshi, S. U., Ullah, F., Wajahat, A. & Pathan, M. S. 2024. A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Engineering Journal, 15.

Neto, E. C. P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R. & Ghorbani, A. A. 2023. CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors, 23.

Sanju, P. 2023. Enhancing intrusion detection in IoT systems: A hybrid metaheuristics-deep learning approach with ensemble of recurrent neural networks. Journal of Engineering Research (Kuwait), 11, 356-361.

Shareef, S. M. 2023. The adoption of the Internet of Things in E-government towards the Smart Government. Zanco Journal of Pure and Applied Sciences, 35, 67-78.

Shtayat, M. B. M., Hasan, M. K., Sulaiman, R., Islam, S. & Khan, A. U. R. 2023. An Explainable Ensemble Deep Learning Approach for Intrusion Detection in Industrial Internet of Things. IEEE Access, 11, 115047-115061.

Tabassoum, N., Bindu, F., Sheikh, S., Rab, R., Leshob, A. & Wahab, T. B. Multiclass Feature Selection Model for Adversarial Attacks in IoT Environment. Proceedings - 2024 IEEE International Conference on e-Business Engineering, ICEBE 2024, 2024. Institute of Electrical and Electronics Engineers Inc., 53-59.

Wang, Y. C., Houng, Y. C., Chen, H. X. & Tseng, S. M. 2023a. Network Anomaly Intrusion Detection Based on Deep Learning Approach. Sensors, 23.

Wang, Z., Chen, H., Yang, S., Luo, X., Li, D. & Wang, J. 2023b. A lightweight intrusion detection method for IoT based on deep learning and dynamic quantization. PeerJ Computer Science, 9.

Downloads

Published

2025-12-31

How to Cite

Hasan, soran A., & Marwan Aziz Mohammed. (2025). Enhancing IoT Anomaly Detection using Hybrid CNN-LSTM Model and Interpretable Feature Selection. Zanco Journal of Pure and Applied Sciences, 37(6), 161–181. https://doi.org/10.21271/ZJPAS.37.6.13

Issue

Vol. 37 No. 6 (2025): Zanco Journal of Pure and Applied Sciences

Section

Engineering and Computer Sciences

License

Copyright (c) 2025 soran Ahmed Hasan, Marwan Aziz Mohammed

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC