TITLE:
Improving the Performance of a Data-Driven Intelligent Model for Intrusion Detection in IoT Networks
AUTHORS:
Severin Nguendap, Hamdane Allamine Moussa, Eric Fotsing, Armand Nzeukou, Jean Pierre Lienou
KEYWORDS:
IoT Environments, Intrusion Detection, AE-LSTM, IoT-23, NSL-KDD
JOURNAL NAME:
Journal of Computer and Communications,
Vol.13 No.9,
September
26,
2025
ABSTRACT: This work contributes to the development of intelligent data-driven approaches to improve intrusion management in smart IoT environments. The proposed model combines a hybrid AutoEncoder-LSTM designed to capture the temporal structure of network traffic and transform latent representations into explicit predictions. An analysis of the model results on two datasets, NSL-KDD and IoT-23, and aims to improve intrusion detection in IoT environments. The NSL-KDD dataset comprises data of 41 attributes, including 38 continuous and 3 discrete, which are pre-processed by cleaning (outlier removal), one-hot encoding of categorical variables (protocol_type, service, flag), conversion to numeric format, normalization, and rebalancing (50% Normal, 22% DoS, 13% Probe, 12% R2L, 3% U2R), with anomaly detection based on MSELoss, achieving 98.88% accuracy, precision, recall, and F1-Score. For the IoT-23 dataset, which includes data from 20 malware captures and 3 harmless traffic, the dataset undergoes preprocessing including removal of unlabeled or duplicate lines, conversion to numerical values, dimensionality reduction (correlation > 0.95), and correlation heatmap, with an unbalanced distribution (56.6% Normal, 21.3% Infiltration, 18.9% Gagfyt, 3.2% Mirai Bruteforce, 0.1% Mirai DDoS), providing 99.02% accuracy, 99.05% precision, 99.07% recall, and 99.09% F1-Score. Both models demonstrate rapid convergence and good generalization, but the AE-LSTM model applied to the IoT-23 dataset performs better thanks to its distribution favoring normal reconstruction, slightly outperforming the NSL-KDD model despite the diversity of attacks covered by the latter. Our model is suitable for intrusion detection in smart IoT environments, combining robustness and generalization capacity.