BENIGN-AWARE HISTOGRAM GRADIENT BOOSTING FOR MALICIOUS IOT NETWORK TRAFFIC DETECTION
DOI:
https://doi.org/10.35631/JISTM.1142020Keywords:
CICIoT2023, Class Imbalance, Histogram Gradient Boosting, IoT Security, Machine Learning, Malicious Traffic DetectionAbstract
Detecting malicious traffic in Internet of Things (IoT) networks remains challenging because flow distributions are highly skewed, attack behaviours evolve quickly, and practical deployments must balance accuracy with computational cost. This study evaluates five classical machine learning models on IoT-23 and CICIoT2023 under multiple sample sizes and preprocessing settings. The experimental design includes 1,000, 5,000, 10,000, and 50,000-record subsets, median imputation, five-fold stratified cross-validation, explicit hyperparameter tuning, SMOTE-based imbalance analysis, and training and inference cost measurement. In addition to the five baseline models, the study introduces a benign-aware histogram gradient boosting variant (BA-HGB) that applies tuned cost- sensitive weighting to the minority benign class without synthetic data generation. On CICIoT2023, BA-HGB achieved the best five-fold macro- F1 score relative to the baseline models on the 10,000-sample benchmark (0.8898 +/- 0.0153), the best macro-F1 at 50,000 samples (0.8996 +/- 0.0038), and the highest ROC-AUC (0.9971 +/- 0.0003). An ablation in- side the HGB family further showed that all HGB variants outperformed the RF and GB baselines, whereas SMOTE consistently reduced both macro-F1 and benign-class F1. These results support the generalizability of the findings and show that histogram-based boosting is a strong practical direction for IoT intrusion detection, while imbalance handling mainly changes the accuracy-stability trade-off within that family.
Downloads
References
Abdullah, M. M., Khan, H., Farhan, M., Khadim, F., et al. (2024). An Advance Machine Learning (ML) Approaches for Anomaly Detection based on Network Traffic. Spectrum of Engineering Sciences, 2(3):502–527.
Abolmaali, S. M. A., Mohammadi, R., and Nassiri, M. (2024). IoT Malicious Traffic Classification and Detection Using Machine Learning Algorithms. In Development Engineering Conferences Center Articles Database, volume 1.
Ac¸ıkkar, M. and Tokgo¨z, S. (2025). Improving multi-class classification: scaled extensions of harmonic mean- based adaptive k-nearest neighbors. Applied Intelligence, 55(3):168.
AlSalehy, A. S. and Bailey, M. (2025). Improving Time Series Data Quality: Identifying Outliers and Handling Missing Values in a Multilocation Gas and Weather Dataset. Smart Cities, 8(3):82.
Alzaabi, F. R. and Mehmood, A. (2024). A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods. IEEE Access, 12:30907–30927.
Bala, B. and Behal, S. (2024). A Brief Survey of Data Preprocessing in Machine Learning and Deep Learning Techniques. In 2024 8th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I- SMAC), pages 1755–1762. IEEE.
Diallo, R., Edalo, C., and Awe, O. O. (2024). Machine Learning Evaluation of Imbalanced Health Data: A Comparative Analysis of Balanced Accuracy, MCC, and F1 Score. In Practical Statistical Learning and Data Science Methods: Case Studies from LISA 2020 Global Network, USA, pages 283–312. Springer.
Eleftheriadis, C., Symeonidis, A., and Katsaros, P. (2024). Adversarial Robustness Improvement for Deep Neural Networks. Machine Vision and Applications, 35(3):35.
Garcıa, S., Parmisano, A., Erquiaga, M. J., Delgadillo, J., Hieskovsky´, M., Zonouzi, R., Cejka, T., Vojtech, J., DeKok, T., Sebestova, K., et al. (2020). Iot-23: A labelled dataset with malicious and benign IoT network traffic (Version 1.0.0)[Data set]. Zenodo.
Imani, M., Beikmohammadi, A., and Arabnia, H. R. (2025). Comprehensive Analysis of Random Forest and XGBoost Performance with SMOTE, ADASYN, and GNUS Under Varying Imbalance Levels. Technologies, 13(3):88.
Inuwa, M. M. & Das, R. (2024). A comparative analysis of various machine learning methods for anomaly detection in cyber-attacks on IoT networks. Internet of Things, 26:101162.
Jabardi, M. (2025). Support Vector Machines: Theory, Algorithms, and Applications. Infocommunications Journal, 17(1).
Kamal, H. and Mashaly, M. (2025). Robust Intrusion Detection System Using an Improved Hybrid Deep Learning Model for Binary and Multi-Class Classification in IoT Networks.
Technologies (2227-7080), 13(3).
Khan, S. A. (2024). Privacy-Preserving Deep Learning Framework for IoT Malware Detection. PhD thesis, Old Dominion University.
Kruschel, S., Hambauer, N., Weinzierl, S., Zilker, S., Kraus, M., and Zschech, P. (2025). Challenging the Performance-Interpretability Trade-Off: An Evaluation of Interpretable Machine Learning Models. Business & Information Systems Engineerin. (68) pages 1–25.
Li, J. (2024). Area under the ROC Curve has the most consistent evaluation for binary classification. PLOS ONE, 19(12):e0316019.
Malalha, S. A. K., Burhanuddin, M., and Yunos, N. B. M. (2024). Unveiling the Tapestry of Machine Learning: A Comparative Analysis of Support Vector Machines, Random Forests, and Neural Networks in Diverse Applications. Tuijin Jishu/Journal of Propulsion Technology, 45(3):2024.
Mohale, V. Z. and Obagbuwa, I. C. (2025). Evaluating machine learning-based intrusion detection systems with explainable ai: enhancing transparency and interpretability. Frontiers in Computer Science, 7:1520741.
Ness, S., Eswarakrishnan, V., Sridharan, H., Shinde, V., Janapareddy, N. V. P., and Dhanawat, V. (2025). Anomaly Detection in Network Traffic Using Advanced Machine Learning Techniques. IEEE Access. vol 13. pp 16133-16149.
Neto, E., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A. A. (2023). Ciciot2023: CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors, 23(13):5941.
Rimal, Y., Sharma, N., and Alsadoon, A. (2024). The accuracy of machine learning models relies on hyperparameter tuning: student result classification using random forest, randomized search, grid search, bayesian, genetic, and optuna algorithms. Multimedia Tools and Applications, 83(30):74349–74364.
Rimal, Y., Sharma, N., Paudel, S., Alsadoon, A., Koirala, M. P., and Gill, S. (2025). Comparative analysis of heart disease prediction using logistic regression, svm, knn, and random forest with cross-validation for improved accuracy. Scientific Reports, 15(1):13444.
Shafiq, M., Gu, Z., Cheikhrouhou, O., Alhakami, W., and Hamam, H. (2022). The Rise of “Internet of Things”: Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks. Wireless Communications and Mobile Computing, 2022(1):8669348.
Sujon, K. M., Hassan, R. B., Towshi, Z. T., Othman, M. A., Samad, M. A., and Choi, K. (2024). When to Use Standardization and Normalization: Empirical Evidence From Machine Learning Models and XAI. IEEE Access. vol. 12, pp. 135300-135314
Wiggerthale, J., & Reich, C. (2024). Explainable Machine Learning in Critical Decision Systems: Ensuring Safe Application and Correctness. AI, 5(4), 2864-2896. https://doi.org/10.3390/ai5040138.
Zhang, HJ., Chen, CC., Ran, P. et al. A multi-dimensional hierarchical evaluation system for data quality in trustworthy AI. J Big Data 11, 136 (2024). https://doi.org/10.1186/s40537-024-00999-2.
Zhang, W. & Lazaro, J. P. (2024). A Survey on Network Security Traffic Analysis and Anomaly Detection Techniques. International Journal of Emerging Technologies and Advanced Applications, 1(4):8–16.
Zhu, J., Pu, S., He, J., Su, D., Cai, W., Xu, X., and Liu, H. (2024). Processing imbalanced medical data at the data level with assisted-reproduction data as an example. BioData Min, 17(1):29.
