Using Ensemble Learning for Identifying the Type in IoT Intrusion
https://doi.org/10.21683/1729-2646-2026-26-1-49-61
Abstract
Aim. The aim of this work is to improve the quality of multi‑class classification for Intrusion Detection Systems (IDS) in the Internet of Things (IoT) environment. The goal of the research is to determine the impact of preliminary binary traffic filtering and the application of ensemble models on prediction accuracy, especially for minority attack classes, taking into account the computational constraints of IoT environments.
Methods. Three architectural approaches were studied: direct multi‑class classification, direct multi‑class classification (including the “normal” class), and a hierarchical architecture based on initial binary detection followed by classification by attack type. Eight machine learning algorithms, as well as three ensemble methods (Soft Voting Classifier (SVC), Hard Voting Classifier (HVC), and Stacking Classifier (SC)), were evaluated. Experiments were conducted on the UNSW‑NB15 dataset using metrics such as Precision, Recall, and F1‑score.
Results. The results show that direct classification provides better overall attack coverage (average F1‑score up to 63% for Gradient Boosting Classifier(GBC)), but may require longer training times (over2000 seconds for GBC). Hierarchical binary filtering significantly reduces computation time but can decrease performance for some rare classes. The GBC, Random Forest (RF), and Extra Trees (ET) algorithms stand out for their performance. Among the ensemble methods, the Stacking Classifier (SC) demonstrates the best results (F1‑score of 73.87%), surpassing individual classifiers, although it also requires substantial training time.
Conclusion. This research shows that implementing binary filtration is a relevant strategy for reducing computational costs, but a trade‑off must be found between performance, coverage, and efficiency. GBC remains the most effective meth‑ od for rare attacks but, due to its computational cost, is poorly suited for embedded systems. ET and RF represent an excellent compromise between accuracy and speed. SC, while the most effective, requires significant resources. The scientific novelty of the research lies in the systematic evaluation of hierarchical and ensemble approaches for IDS in IoT, paving the way for creating more robust architectures adapted to IoT cybersecurity tasks.
About the Authors
P. M. NiangeRussian Federation
Papa Malik Niange, Postgraduate student
ul. Obraztsova 9, building 9, Moscow, 127994
V. G. Sidorenko
Russian Federation
Valentina G. Sidorenko, Doctor of Sciences (Engineering); Professor; Professor, Department of Control and Information Security, Russian University of Transport (RUT MIIT)
ul. Obraztsova 9, building 9, Moscow, 127994
References
1. Sadhu P.K., Yanambaka V.P., Abdelgawad A. Internet of things: Security and solutions survey. Sensors 2022;22(19):7433. (accessed 06.01.2026). Available at: https://www.mdpi.com/1424-8220/22/19/7433. DOI: 10.3390/s22197433 EDN: ZFJPEH.
2. Janabi A.H., Kanakis T., Johnson M. Survey: Intrusion detection system in software-defined networking. IEEE Access 2024. (accessed: 06.01.2026). Available at: https:// ieeexplore.ieee.org/abstract/document/10746482/. DOI: 10.1109/access.2024.3493384 EDN: JQSXDN.
3. Moustafa N., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE; 2015. Pp. 1-6. DOI: 10.1109/MilCIS.2015.7348942.
4. Lin W.C., Ke S.W., Tsai C.F. CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-based systems 2015;78:13-21. DOI: 10.1109/MilCIS.2015.7348942.
5. Niang P.M. Analysis of data sets for the study of computer network vulnerabilities. In: Proceedings of the III International Science and Practice Conference Intelligent Transport Systems (May 30, 2024). Moscow: Pero Publishing; 2024. Pp. 699-709. DOI: 10.30932/9785002446094-2024-699-709 EDN: TTNUUB. (in Russ.)
6. Niang P.M., Sidorenko V.G. Choosing the machine learning algorithm for detecting intrusions into IoT. Dependability 2024;24(3):44-51. (In Russ.) DOI: 10.21683/1729-2646-2024-24-3-44-51 EDN: HYJCRA.
7. Malik N.P., Sidorenko V.G. Application of Multiclassification for Detecting Intrusions in IoT and Their Type Recognizing. In: 2024 International Conference Quality Management, Transport and Information Security, Information Technologies (QM&TIS&IT). IEEE; 2024. Pp. 78-83. DOI: 10.1109/QMTISIT63393.2024.10762926.
8. Kulagin M.A., Loginova L.N., Sidorenko V.G. et al. Formation of skills in using machine learning algorithms for information security specialists. Informatizatsiya obrazovaniya i nauki 2025;1(65):56-65. (accessed: 06.01.2026). Available at: https://journal.ficto.ru/archive.html#journal_65. (in Russ.)
9. Ganaie M.A., Hu M., Malik A.K. et al. Ensemble deep learning: A review. Engineering Applications of Artificial Intelligence 2022;115:105151. DOI: 10.1016/j.engappai.2022.105151 EDN: OZQDBQ.
10. Yang Y., Lv H., Chen N. A survey on ensemble learning under the era of deep learning. Artificial Intelligence Review 2023;56(6):5545-5589. (in Russ.) DOI: 10.1007/s10462-022-10283-5 EDN: UNDPUQ.
11. Mienye I.D., Sun Y. A survey of ensemble learning: Concepts, algorithms, applications, and prospects. IEEE Access 2022;10:99129-99149. DOI: 10.1109/ACCESS.2022.3207287 EDN: YZJLXM.
12. Rezk S.S., Selim K.S. Metaheuristic-based ensemble learning: an extensive review of methods and applications. Neural Computing and Applications 2024;36(29):17931-17959. DOI: 10.1007/s00521-024-10203-4 EDN: IQOHYX.
13. Zhang Y., Liu J., Shen W. A review of ensemble learning algorithms used in remote sensing applications. Applied Sciences 2022;12(17):8654. DOI: 10.3390/app12178654 EDN: GVPHOT.
14. Ahuja R., Sharma S.C. Stacking and voting ensemble methods fusion to evaluate instructor performance in higher education. International Journal of Information Technology 2021;13(5):1721-1731. DOI: 10.1007/s41870-021-00729-4 EDN: GLMTHI.
Review
For citations:
Niange P.M., Sidorenko V.G. Using Ensemble Learning for Identifying the Type in IoT Intrusion. Dependability. 2026;26(1):49-61. (In Russ.) https://doi.org/10.21683/1729-2646-2026-26-1-49-61
JATS XML





























