×
The submission system is temporarily under maintenance. Please send your manuscripts to
Go to Editorial ManagerAs Internet of Things (IoT) devices continue to spread, they also create many new entry points for cyberattacks. Traditional security methods struggle to keep up, which makes smarter and more adaptive defenses necessary. This paper introduces an Artificial Intelligence (AI)–driven threat intelligence framework designed to improve intrusion detection in diverse IoT networks. The framework combines Machine Learning (ML) and Deep Learning (DL) models to detect malicious activity more accurately across different types of network traffic. To evaluate the approach, three widely used benchmark datasets—UNSW-NB15, CIC-IDS2017, and IoT-Botnet—were used. Experimental results show that the proposed hybrid Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) model performs very well. It achieved 97% accuracy, a 0.95 F1-score, and a 0.98 Receiver Operating Characteristic – Area Under the Curve (ROC-AUC) on the UNSW-NB15 dataset, outperforming traditional ML models such as Random Forest, which reached 94% accuracy. While DL models provided better detection performance and stronger generalization, ML models proved to be much faster, with nearly three times lower inference latency—about 3 milliseconds per network flow. This makes them more suitable for real-time deployment at the IoT edge, where computing resources are limited. Overall, the proposed hybrid approach strikes a practical balance between detection accuracy and processing speed, offering a scalable and robust foundation for AI-based IoT threat intelligence in real-world environments.
This research introduces a deep learning-based framework for anomaly detection in wireless communication networks using Channel State Information (CSI)—a fine-grained physical-layer signal that captures wireless channel dynamics. Traditional detection methods often fall short in identifying subtle or evolving threats, whereas CSI provides a rich, underutilized source for context-aware monitoring. Inspired by its use in human activity recognition, we apply and compare deep learning architectures such as Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTMs), and Transformers to learn normal network behavior and detect anomalies, including spoofing, jamming, rogue access points, environmental disruptions, and Quality of Service (QoS) degradation. The system supports supervised, semi-supervised, and unsupervised settings, accommodating scenarios with limited labeled data. CSI data is collected using tools like the Intel 5300 NIC and Nexmon CSI under both controlled and realistic conditions. We benchmark our models against traditional techniques (e.g., Isolation Forests, Support Vector Machines (SVMs), Principal Component Analysis (PCA)), evaluating accuracy, false positives, latency, and robustness. To enhance transparency, we employ interpretability methods such as Gradient-weighted Class Activation Mapping (Grad-CAM) and t-distributed Stochastic Neighbor Embedding (t-SNE). Experimental results show that deep learning models outperform classical baselines by up to 30% in detection accuracy. The Transformer architecture achieved 96.2% accuracy with a false positive rate of 3.9%, while the CNN-LSTM hybrid achieved the best latency–performance tradeoff (5.1ms inference). Compared to Isolation Forest and One-Class SVM, our framework reduced false positives by over 10–14%.