Improving IoT IDS with Harmony Search Feature Selection and ADASYN on UNSW-NB15 and CIC- IoT23

Abstract The proliferation of Internet of Things (IoT) devices and increasing frequency of cyber-attacks have resulted in significant security challenges. The Intrusion Detection System (IDS) is a crucial network component, as it helps to protect the system from different threats and vulnerabilities. Machine learning (ML) models have demonstrated great potential in detecting attacks on IoT systems, enhancing security through intelligent threat detection. However, the perfor- mance of ML classification models can be negatively influenced by the unbalanced class distributions found in real-world datasets. To identify various attack types and to enhance IDS, we propose ensembling the Harmony Search Algorithm for feature selection (RF-HSA) together with the Adaptive Synthetic Sampling (ADASYN) to overcome class imbalance. The ADASYN enhances class balancing by generating synthetic samples, focusing more on hard-to-learn instances near decision boundaries and this approach reduces bias, improves model generaliza- tion, and mitigates overfitting for imbalanced datasets. We employed prominent ML models such as Bagging, Gradient Boosting, LightGBM, and Random For- est to classify genuine traffic from intrusion traffic. Using the UNSW-NB15 and CIC-IoT23 datasets, the proposed classifier is evaluated against other distinct classifiers to offer a detailed IDS. Performance analysis is demonstrated using evaluation metrics such as recall, F1-score, accuracy, and precision, and the out- comes are compared with the existing baselines. Apart from evaluation metrics, the training and prediction times (sec) are computed with and without ADASYN for both datasets. The proposed approach achieves accuracy values of 96.92% for the UNSW-NB15 dataset and 99.94% for the CIC-IoT23 dataset and outperforms all evaluation measures compared to baseline models for multi-classification of the IDS. Based on empirical evidence, the proposed HSA-ADASYN approach effectively outperforms existing IDS in identifying and categorizing attacks.