Cover
Vol. 2 No. 1 (2026)

Published: June 1, 2026

Pages: 25-34

Original Article

AI-Driven Threat Intelligence for IoT Networks: Leveraging Machine Learning for Enhanced Intrusion Detection

Mustafa Aljumaily 1 Hyder Abed 2 Salam Alyassri 3
1 R&D Department, Daw Alfada Company, Baghdad, Iraq
2 CEO, Daw Alfada Company
3 Electrical, and computer Engineering Department, University of Altinbas, Istanbul, Turkey
History
  • Received: October 1, 2025
  • Revised: October 29, 2025
  • Accepted: November 18, 2025
  • Available Online: June 1, 2026
DOI

https://doi.org/10.33971/ijmrai.2.1.4

Abstract

As Internet of Things (IoT) devices continue to spread, they also create many new entry points for cyberattacks. Traditional security methods struggle to keep up, which makes smarter and more adaptive defenses necessary. This paper introduces an Artificial Intelligence (AI)–driven threat intelligence framework designed to improve intrusion detection in diverse IoT networks. The framework combines Machine Learning (ML) and Deep Learning (DL) models to detect malicious activity more accurately across different types of network traffic. To evaluate the approach, three widely used benchmark datasets—UNSW-NB15, CIC-IDS2017, and IoT-Botnet—were used. Experimental results show that the proposed hybrid Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) model performs very well. It achieved 97% accuracy, a 0.95 F1-score, and a 0.98 Receiver Operating Characteristic – Area Under the Curve (ROC-AUC) on the UNSW-NB15 dataset, outperforming traditional ML models such as Random Forest, which reached 94% accuracy. While DL models provided better detection performance and stronger generalization, ML models proved to be much faster, with nearly three times lower inference latency—about 3 milliseconds per network flow. This makes them more suitable for real-time deployment at the IoT edge, where computing resources are limited. Overall, the proposed hybrid approach strikes a practical balance between detection accuracy and processing speed, offering a scalable and robust foundation for AI-based IoT threat intelligence in real-world environments.

Keywords

References

  1. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146–164, 2015. https://doi.org/10.1016/j.comnet.2014.11.008
  2. A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, "Fog computing for the Internet of Things: Security and privacy issues," IEEE Internet Computing, vol. 21, no. 2, pp. 34–42, 2017. https://doi.org/10.1109/MIC.2017.37
  3. N. Kshetri, "Can blockchain strengthen the Internet of Things?" IT Professional, vol. 19, no. 4, pp. 68–72, 2017. https://doi.org/10.1109/MITP.2017.3051335
  4. A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016. https://doi.org/10.1109/COMST.2015.2494502
  5. M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, "A survey of network-based intrusion detection data sets," Computers & Security, vol. 86, pp. 147–167, 2019. https://doi.org/10.1016/j.cose.2019.06.005
  6. R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, "Deep learning approach for intelligent intrusion detection system," IEEE Access, vol. 7, pp. 41525–41550, 2019. https://doi.org/10.1109/ACCESS.2019.2895334
  7. Oueslati, Nour Elhouda, Hichem Mrabet, and Abderrazak Jemai. "A survey on intrusion detection systems for IoT networks based on long short-term memory." International Conference on Model and Data Engineering. Cham: Springer Nature Switzerland, 2023. https://doi.org/10.1007/978-3-031-55729-3_19
  8. Kheddar, Hamza, et al. "Reinforcement-learning-based intrusion detection in communication networks: A review." IEEE Communications Surveys & Tutorials (2024). https://doi.org/10.1109/COMST.2024.3484491
  9. T. A. Tang, L. Mhamdi, D. McLernon, S. A. Zaidi, and M. Ghogho, "Deep learning approaches for anomaly-based intrusion detection systems: A survey," IEEE Access, vol. 6, pp. 21954–21961, 2018.https://doi.org/10.1016/j.knosys.2019.105124
  10. P. Kairouz et al., "Advances and open problems in federated learning," Foundations and Trends® in Machine Learning, vol. 14, no. 1–2, pp. 1–210, 2021. http://dx.doi.org/10.1561/2200000083
  11. M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret, "Network traffic classifier with convolutional and recurrent neural networks for Internet of Things," IEEE Access, vol. 5, pp. 18042–18050, 2017. https://doi.org/10.1109/ACCESS.2017.2747560
  12. K. Biswas, and V. Muthukkumarasamy, "Securing smart cities using blockchain technology", 2016 IEEE 18th international conference on high performance computing and communications; IEEE 14th international conference on smart city; IEEE 2nd international conference on data science and systems (HPCC/SmartCity/DSS), IEEE, 2016. https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0198
  13. F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, "Machine learning in IoT security: Current solutions and future challenges." IEEE Communications Surveys & Tutorials 22.3 (2020): 1686-1721. https://doi.org/10.1109/COMST.2020.2986444
  14. N. Moustafa and J. Slay, "UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," in 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia, 2015, pp. 1–6. https://doi.org/10.1109/MilCIS.2015.7348942
  15. I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," in 2018 International Conference on Information Systems Security and Privacy (ICISSP), Funchal, Madeira, Portugal, 2018, pp. 108–116. DOI: 10.5220/0006639801080116
  16. A. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, "Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset," Future Generation Computer Systems, vol. 100, pp. 779–796, 2019. https://doi.org/10.1016/j.future.2019.05.041
  17. J. Han, M. Kamber, and J. Pei, Data Mining: Concepts and Techniques, 3rd ed. San Francisco, CA, USA: Morgan Kaufmann, 2011.
  18. T. G. Dietterich, "Machine learning for sequential data: A review," in Structural, Syntactic, and Statistical Pattern Recognition, Lecture Notes in Computer Science, vol. 2396, pp. 15–30, 2002. https://doi.org/10.1007/3-540-70659-3_2
  19. N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, "SMOTE: Synthetic minority over-sampling technique," Journal of Artificial Intelligence Research, vol. 16, pp. 321–357, 2002. https://doi.org/10.1613/jair.953
  20. I. Guyon and A. Elisseeff, "An introduction to variable and feature selection," Journal of Machine Learning Research, vol. 3, pp. 1157–1182, 2003.
  21. I. T. Jolliffe and J. Cadima, "Principal component analysis: A review and recent developments," Philosophical Transactions of the Royal Society A, vol. 374, no. 2065, p. 20150202, 2016. https://doi.org/10.1098/rsta.2015.0202
  22. T. Fawcett, "An introduction to ROC analysis," Pattern Recognition Letters, vol. 27, no. 8, pp. 861–874, 2006. https://doi.org/10.1016/j.patrec.2005.10.010
  23. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, "Scikit-learn: Machine learning in Python," Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
  24. S. Naseer, Y. Saleem, S. Khalid, M. K. Bashir, J. Han, M. M. Iqbal, and Kijun Han, "Enhanced network anomaly detection based on deep neural networks," IEEE Access, vol. 6, pp. 48231–48246, 2018. https://doi.org/10.1109/ACCESS.2018.2863036
  25. H. Hindy, D. Brosset, E. Bayne, A. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens, "A taxonomy and survey of intrusion detection system design techniques, network threats, and datasets," IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2681–2701, 2019. https://doi.org/10.1145/nnnnnnn.nnnnnnn
  26. H. Liu, and B. Lang, "Machine learning and deep learning methods for intrusion detection systems: A survey." applied sciences, vol. 9, no. 20, 2019. https://doi.org/10.3390/app9204396
  27. T. Yang, Y. Qiao, and B. Lee, "Towards trustworthy cybersecurity operations using Bayesian Deep Learning to improve uncertainty quantification of anomaly detection." Available at SSRN 4609553 (2024). https://doi.org/10.1016/j.cose.2024.103909
  28. O. Arreche, T. R. Guntur, J. W. Roberts, and M. Abdallah, "E-xai: Evaluating black-box explainable AI frameworks for network intrusion detection", IEEE Access, vol. 12, pp. 23954-23988, 2024. https://doi.org/10.1109/ACCESS.2024.3365140
  29. U. C. Akuthota, and L. Bhargava, "Transformer based intrusion detection for iot networks", IEEE Internet of Things Journal (2025). https://doi.org/10.1109/JIOT.2025.3525494
  30. I. Idrissi, M. Azizi, and O. Moussaoui, "A lightweight optimized deep learning-based host-intrusion detection system deployed on the edge for IoT.", International Journal of Computing and Digital System, 2022. https://dx.doi.org/10.12785/ijcds/110117
  31. A. Rauniyar, D. H. Hagos, D. Jha, J. E. Håkegård, U. Bagci, D. B. Rawat, and V. Vlassov, "Federated learning for medical applications: A taxonomy, current trends, challenges, and future research directions." IEEE Internet of Things Journal, vol. 11, no. 5 (2023): 7374-7398. https://doi.org/10.1109/JIOT.2023.3329061