Detection of network anomalies in the Internet of Things environment using modified statistical criteria and ensemble methods

Bazhayev N. Detection of network anomalies in the Internet of Things environment using modified statistical criteria and ensemble methods. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2026, vol. 26, no. 2, pp. 315–323 (in Russian). doi: 10.17586/2226-1494-2026-26-2-315-323

The rapid growth of Internet of Things (IoT) devices is accompanied by increasingly sophisticated security threats, including DDoS attacks, brute-force authentication attempts, and large-scale packet flooding. Traditional statistical methods for anomaly detection exhibit low robustness to noise and fail to account for the dynamic nature of IoT traffic. This results in a higher rate of false positives and reduced accuracy in attack identification. This paper proposes a hybrid approach to IoT traffic anomaly detection consisting of three stages: preliminary filtering of suspicious packets using a modified Z-score adjusted for sample size; adaptive probabilistic attack risk assessment based on a Bayesian classifier with a weighting function that amplifies the impact of significant deviations; final classification using an ensemble of models (Random Forest, SVM, and LSTM), which ensures robustness to noise and enables the identification of nonlinear dependencies in the data. Experimental evaluation on the UNSW-NB15 dataset, which includes both normal traffic and diverse attack scenarios, demonstrated that the proposed method achieved Precision = 89.1 %, Recall = 90.3 %, and F1-score = 89.9 %. The best results were observed in the analysis of message interval anomalies (up to 92 % accuracy), confirming the effectiveness of temporal features. The method outperformed classical algorithms (Rosner Test, Holt-Winters) and achieved comparable accuracy to autoencoder while requiring significantly fewer computational resources. The hybrid architecture enables adaptation to diverse attack types and reduces false alarms through the combination of statistical filtering and ensemble classification. Its noise resilience and low computational complexity make the method suitable for deployment in resource-constrained IoT environments. Future research directions include the integration of federated learning for decentralized anomaly detection and the use of self-adaptive neural architectures for predicting complex attack scenarios.

1. Stetsiuk M., Anikin V., Pyrch O., Kozelskiy O., Salem A.B.M. Method of detecting anomalies in IoT device traffic based on statistical analysis using the modified Z score. CEUR Workshop Proceedings, 2025, vol. 3963, pp. 284–298.

2. Wang J., Yu L., Lui J.C.S., Luo X. Modern DDoS threats and countermeasures: insights into emerging attacks and detection strategies. arXiv, 2025. arXiv:2502.19996. https://doi.org/10.48550/arXiv.2502.19996

3. Alam M.N., Laxmi V., Sharma A., Dangi S. Machine learning: key algorithms, practical applications, and current research directions. International Journal of Electrical and Electronics Engineering, 2025, vol. 12, no. 4, pp. 12–46. https://doi.org/10.14445/23488379/ijeee-v12i4p102

4. Chen Y., Peng Y., Tang J., Camilleri T., Camilleri K., Kong W., et al. EEG-based affective brain-computer interfaces: recent advancements and future challenges. Journal of Neural Engineering, 2025, vol. 22, no. 3, pp. 031004. https://doi.org/10.1088/1741-2552/ade290

5. Thakur P., Kaur N., Aggarwal N., Singh S. A comprehensive review of unimodal and multimodal emotion detection: datasets, approaches, and limitations. Expert Systems, 2025, vol. 42, no. 9, pp. e70103. https://doi.org/10.1111/exsy.70103

6. Rai N., Grover J. Analysis of crypto module in RIOT OS using Frama-C. The Journal of Supercomputing, 2024, vol. 80, no. 13, pp. 18521–18543. https://doi.org/10.1007/s11227-024-06171-0

7. Dymova H. Study of cryptographic security of computer networks. Computer-Integrated Technologies: Education, Science, Production, 2025, no. 57, pp. 15–19. https://doi.org/10.36910/6775-2524-0560-2024-57-02

8. Alaba F.A., Othman M., Hashem I.A.T., Alotaibi F. Internet of Things security: a survey. Journal of Network and Computer Applications, 2017, vol. 88, pp. 10–28. https://doi.org/10.1016/j.jnca.2017.04.002

9. Sicari S., Rizzardi A., Grieco L.A., Coen-Porisini A. Security, privacy and trust in Internet of Things: the road ahead. Computer Networks, 2015, vol. 76, pp. 146–164. https://doi.org/10.1016/j.comnet.2014.11.008

10. Roman R., Najera P., Lopez J. Securing the Internet of Things. Computer, 2011, vol. 44, no. 9, pp. 51–58. https://doi.org/10.1109/mc.2011.291

11. Jing Q., Vasilakos A.V., Wan J., Lu J., Qiu D. Security of the Internet of Things: perspectives and challenges. Wireless Networks, 2014, vol. 20, no. 8, pp. 2481–2501. https://doi.org/10.1007/s11276-014-0761-7

12. Yang Y., Wu L., Yin G., Li L., Zhao H. A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 2017, vol. 4, no. 5, pp. 1250–1258. https://doi.org/10.1109/JIOT.2017.2694844

13. Granjal J., Monteiro E., Silva J.S. Security for the Internet of Things: a survey of existing protocols and open research issues. IEEE Communications Surveys & Tutorials, 2015, vol. 17, no. 3,pp. 1294–1312. 

14. Weber R.H. Internet of Things – New security and privacy challenges. Computer Law & Security Review, 2010, vol. 26, no. 1, pp. 23–30. https://doi.org/10.1016/j.clsr.2009.11.008

15. Mosenia A., Jha N.K. A comprehensive study of security of Internet-of-Things. IEEE Transactions on Emerging Topics in Computing, 2017, vol. 5, no. 4, pp. 586–602. https://doi.org/10.1109/TETC.2016.2606384

16. Khan M.A., Salah K. IoT security: review, blockchain solutions, and open challenges. Future Generation Computer Systems, 2018, vol. 82, pp. 395–411. https://doi.org/10.1016/j.future.2017.11.022

17. Savenko O., Lysenko S., Kryschuk A. Multi-agent based approach of botnet detection in computer systems. Communications in Computer and Information Science, 2012, vol. 291, pp. 171–180. https://doi.org/10.1007/978-3-642-31217-5_19

18. Dong Z. Artificial Intelligence for Multimodal Data Analysis and Applications: Ph.D. Dissertation. State University of New York at Stony Brook, 2025.

19. Ahmed M., Mahmood A.N., Hu J. A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 2016, vol. 60, pp. 19–31. https://doi.org/10.1016/j.jnca.2015.11.016

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License