Anomaly-based Intrusion Detection in IoT using Enhanced Kepler Optimization Algorithm for Feature Selection

Abstract

The proliferation of Internet of Things (IoT) devices has increased the risk of botnet attacks due to the inherent vulnerabilities of IoT networks. To mitigate this threat, this study presents an anomaly-based intrusion detection framework that incorporates the Enhanced Kepler Optimization Algorithm (EKOA) for feature selection. EKOA integrates adaptive processes, such as dynamic adaptation, oscillatory chaotic force, crosswise solution formation, and optimization based on elites, in an effort to balance exploitation and exploration in favor of enhancing convergence speed alongside solution diversity. The selected features are evaluated using K-Nearest Neighbor (KNN) and Decision Tree (DT) classifiers. Experiments were conducted on typical IoT datasets, i.e., Mirai and Gafgyt. Accuracy, AUC, G-mean, and precision were also used for performance evaluation. The new system achieved detection accuracy greater than 99% and reduced the list of features by 35%. The new system exhibits good generalization capability, botnet attack resistance, and applicability in high-dimensional applications. The results show a good future for practical application in real-time intrusion detection on IoTs

Author Biography

Lulu Zhang, Hebei Chemical & Pharmaceutical College

Lulu ZHANG graduated from Northwestern Polytechnical University in 2018 with a Master's degree in Software Engineering. She is now working at Hebei Chemical & Pharmaceutical College. She has published two papers. Her research interests include Machine Learning, Networks, and Information Security.

References

B. Pourghebleh and N. J. Navimipour, "Data aggregation mechanisms in the Internet of things: A systematic review of the literature and recommendations for future research," Journal of Network and Computer Applications, vol. 97, pp. 23-34, 2017, doi: https://doi.org/10.1016/j.jnca.2017.08.006.

P. Kumari and A. K. Jain, "A comprehensive study of DDoS attacks over IoT network and their countermeasures," Computers & Security, vol. 127, p. 103096, 2023.

B. Bala and S. Behal, "AI techniques for IoT-based DDoS attack detection: Taxonomies, comprehensive review and research challenges," Computer science review, vol. 52, p. 100631, 2024.

V. Hayyolalam, B. Pourghebleh, and A. A. Pourhaji Kazem, "Trust management of services (TMoS): investigating the current mechanisms," Transactions on Emerging Telecommunications Technologies, vol. 31, no. 10, p. e4063, 2020.

T. Al-Shurbaji et al., "Deep Learning-Based Intrusion Detection System For Detecting IoT Botnet Attacks: A Review," IEEE Access, 2025.

M. A. Alkhonaini et al., "Sandpiper optimization with hybrid deep learning model for blockchain-assisted intrusion detection in iot environment," Alexandria Engineering Journal, vol. 112, pp. 49-62, 2025.

B. Pourghebleh, K. Wakil, and N. J. Navimipour, "A comprehensive study on the trust management techniques in the Internet of Things," IEEE Internet of Things Journal, vol. 6, no. 6, pp. 9326-9337, 2019, doi: https://doi.org/10.1109/JIOT.2019.2933518.

A. Heidari and M. A. Jabraeil Jamali, "Internet of Things intrusion detection systems: a comprehensive review and future directions," Cluster Computing, vol. 26, no. 6, pp. 3753-3780, 2023.

S. Tsimenidis, T. Lagkas, and K. Rantos, "Deep learning in IoT intrusion detection," Journal of network and systems management, vol. 30, no. 1, p. 8, 2022.

J. Azimjonov and T. Kim, "Stochastic gradient descent classifier-based lightweight intrusion detection systems using the efficient feature subsets of datasets," Expert Systems with Applications, vol. 237, p. 121493, 2024.

J. Li, M. S. Othman, H. Chen, and L. M. Yusuf, "Optimizing IoT intrusion detection system: feature selection versus feature extraction in machine learning," Journal of Big Data, vol. 11, no. 1, p. 36, 2024.

K. Harahsheh, R. Al-Naimat, and C.-H. Chen, "Using Feature Selection Enhancement to Evaluate Attack Detection in the Internet of Things Environment," Electronics, vol. 13, no. 9, p. 1678, 2024.

H. Haddadpajouh, A. Mohtadi, A. Dehghantanaha, H. Karimipour, X. Lin, and K.-K. R. Choo, "A multikernel and metaheuristic feature selection approach for IoT malware threat hunting in the edge layer," IEEE Internet of Things Journal, vol. 8, no. 6, pp. 4540-4547, 2020.

R. Abu Khurma, I. Almomani, and I. Aljarah, "IoT botnet detection using salp swarm and ant lion hybrid optimization model," Symmetry, vol. 13, no. 8, p. 1377, 2021.

F. Hosseini, F. S. Gharehchopogh, and M. Masdari, "A botnet detection in IoT using a hybrid multi-objective optimization algorithm," New Generation Computing, vol. 40, no. 3, pp. 809-843, 2022.

F. S. Gharehchopogh, B. Abdollahzadeh, S. Barshandeh, and B. Arasteh, "A multi-objective mutation-based dynamic Harris Hawks optimization for botnet detection in IoT," Internet of Things, vol. 24, p. 100952, 2023.

M. Alkhammash, "A Metaheuristic Approach to Detecting and Mitigating DDoS Attacks in Blockchain-Integrated Deep Learning Models for IoT Applications," IEEE Access, 2024.

L. A. Maghrabi et al., "Enhancing cybersecurity in the internet of things environment using bald eagle search optimization with hybrid deep learning," IEEE Access, vol. 12, pp. 8337-8345, 2024.

M. Maazalahi and S. Hosseini, "Machine learning and metaheuristic optimization algorithms for feature selection and botnet attack detection," Knowledge and Information Systems, pp. 1-49, 2025.

E. Elsedimy and S. M. AboHashish, "An intelligent hybrid approach combining fuzzy C-means and the sperm whale algorithm for cyber attack detection in IoT networks," Scientific Reports, vol. 15, no. 1, p. 1005, 2025.

M. Abdel-Basset, R. Mohamed, S. A. A. Azeem, M. Jameel, and M. Abouhawwash, "Kepler optimization algorithm: A new metaheuristic algorithm inspired by Kepler’s laws of planetary motion," Knowledge-based systems, vol. 268, p. 110454, 2023.

B. Abdollahzadeh and F. S. Gharehchopogh, "A multi-objective optimization algorithm for feature selection problems," Engineering with Computers, vol. 38, no. Suppl 3, pp. 1845-1863, 2022.

T. M. Hamdani, J.-M. Won, A. M. Alimi, and F. Karray, "Multi-objective feature selection with NSGA II," in Adaptive and Natural Computing Algorithms: 8th International Conference, ICANNGA 2007, Warsaw, Poland, April 11-14, 2007, Proceedings, Part I 8, 2007: Springer, pp. 240-247.

E. Hancer, B. Xue, M. Zhang, D. Karaboga, and B. Akay, "Pareto front feature selection based on artificial bee colony optimization," Information Sciences, vol. 422, pp. 462-479, 2018.

B. Xue, M. Zhang, and W. N. Browne, "Particle swarm optimization for feature selection in classification: A multi-objective approach," IEEE transactions on cybernetics, vol. 43, no. 6, pp. 1656-1671, 2012.

Authors

  • Lulu Zhang Hebei Chemical & Pharmaceutical College

DOI:

https://doi.org/10.31449/inf.v49i11.8708

Downloads

Published

11/22/2025

How to Cite

Zhang, L. (2025). Anomaly-based Intrusion Detection in IoT using Enhanced Kepler Optimization Algorithm for Feature Selection. Informatica, 49(11). https://doi.org/10.31449/inf.v49i11.8708

Issue

Vol. 49 No. 11 (2025): Online-only issue

Section

Online-only

License

I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.

I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.

In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.

I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal.  The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.


Copyright ©  Slovenian Society Informatika