International Journal of Electrical and Computer Engineering (IJECE) Vol.
No.
June 2025, pp.
ISSN: 2088-8708.
DOI: 10.
11591/ijece.
Exploring the effectiveness of multiclass decision jungle for internet of things security Smitha Rajagopal1.
Abhik Sarkar2.
Venkat Narayanan Manjunath1 Alliance School of Advanced Computing.
Alliance University.
Bengaluru.
India Alliance School of Liberal Arts.
Alliance University.
Bengaluru.
India
Article Info
ABSTRACT
Article history:
Network intrusion detection systems (NIDS) are vital in protecting computer networks against cyber security incidents.
The relationship between NIDS and internet of things (IoT) security is pivotal and NIDS plays a significant role in ensuring the security and reliability of IoT ecosystems.
Ensuring the security of IoT devices is critical for several reasons.
It helps safeguard sensitive information, guarantees the dependability of crucial infrastructure, meets regulatory obligations, and fosters user confidence.
As the IoT ecosystem expands, prioritizing security is essential to minimize risks and maximize the benefits of connected devices.
Given the ever-expanding cyber threat landscape, the multiclass classification task is essential to empower the NIDS with an ability to distinguish between various attack patterns in less computational time.
The multiclass decision jungle algorithm is investigated to optimize the performance of NIDS.
The research has considered permutation feature importance to include only the relevant features from the data.
Using a contemporary dataset such as CICIOT 2023, the study has demonstrated an impressive attack detection rate of over 90% for 20 modern attack types.
This research has investigated the effectiveness of IoT security measures and its prospective contributions to the field of cyber security.
Received Aug 25, 2024 Revised Feb 4, 2025 Accepted Mar 3, 2025 Keywords:
CICIOT 2023
Decision jungle Internet of things security Network intrusion detection Permutation feature importance This is an open access article under the CC BY-SA license.
Corresponding Author:
Smitha Rajagopal Alliance School of Advanced Computing.
Alliance University Bengaluru.
India Email: smitha.
research1012@gmail.
INTRODUCTION
The network landscape is highly vulnerable to security threats.
The constant emergence of newer threats is paramount in developing reliable and adaptive security measures.
The method by which an attacker gains access to a network, thereby sending malicious packets to a userAos system to steal, modify, or ravage confidential data is termed intrusion .
Existing system vulnerabilities, such as human errors, misconfiguration, or software bugs can lead to an attack on the server or device.
As and when humungous data is being exchanged on the Internet, networks become increasingly susceptible to attacks.
Therefore, intrusion detection systems (IDS) are required to safeguard organizational networks.
The quantity of internet of things (IoT) connections has improved over the past decade.
This trend is anticipated to maintain in numerous sectors in the coming years, however demanding situations continue to It ought to be fixed to make certain that IoT gadgets operate appropriately and effectively .
Implementing security features under IoT is more complicated than implementing them on traditional networks because of the extensive form of protocols such as all applicable node quantities .
Through Journal homepage: http://ijece.
ISSN: 2088-8708
distributed denial-of-carrier (DDoS) assaults, targeting IoT gadgets such as virtual cameras and digital video recorders (DVR.
, is an instance of a cyber hazard that constantly happens in the IoT landscape.
Internet of things (IoT) networks have unique characteristics that set them apart from wireless sensor networks (WSN) and cyber physical systems (CPS).
This distinction arises from the heterogenous layers of protocols employed in IoT networks.
Additionally, the challenges encountered during the deployment of various IoT use cases vary significantly from those associated with WSN networks, due to the specific context and requirements of each application .
, .
To enhance security in an IoT environment, it is crucial to design a data-oriented security mechanism.
This mechanism should prioritize data confidentiality and integrity to mitigate threats.
Traditional cryptography-based security measures may not be ideal for IoT due to the vast amount of data involved .
Figure 1 illustrates the IoT security landscape.
Figure 1.
IoT security landscape IDS can be divided into different types.
For example, they can be grouped as host-based or networkbased.
Network-based systems watch over network traffic and devices for any unusual activities, while hostbased systems check individual devices for changes in files, logs, or behaviors that donAot match whatAos expected .
, .
Typically.
IDS can be analyzed using two main methods: signature-based and anomalybased systems.
Signature-based IDS, like SIDS and AIDS, detect attacks by looking for known patterns stored in a database.
SIDS specifically searches for these predefined patterns, while AIDS keeps track of normal system behavior and sends alerts when there are big differences from whatAos considered normal .
, .
This research aims to strengthen security in the field of IoT by creating and evaluating an enhanced intrusion detection system (IDS) that uses multiclass decision jungle (MDJ) algorithm .
By employing a sophisticated algorithm like MDJ, the IDS aims to detect and guard against a broad spectrum of cyber threats that target IoT protocols.
The IDS framework incorporates the MDJ complemented by feature engineering and data cleansing techniques to improve classification accuracy.
Through exhaustive performance testing, this research intends to offer cutting-edge insights into the field of IoT security.
The rationale behind using multiclass decision jungle for multiclass classification is delineated below:
Network intrusion detection systems (NIDS) need to classify network traffic into different categories, not limiting to only benign or nefarious.
The multiclass decision jungle is robust enough to detect various types of intrusions.
The constantly changing patterns of network traffic and the growing number of cyber threats require feasible solutions.
Decision jungles, which use appropriate decision-making processes and being an ensemble of DAGs can handle these changes better than simpler methods.
The decision jungle algorithm is light-weight and can easily scale to handle more data, making it a good fit for systems with limited resources, such as IoT devices.
It can quickly manage large amounts of data without compromising on the effectiveness.
False positives and false negatives pose a considerable challenge for NIDS, as they can inundate administrators and undermine their confidence in the system.
Decision jungles optimize the parameters to reduce false alerts while efficiently detecting the majority of threats.
The multiclass decision jungle algorithm demonstrates exceptional proficiency in managing imbalanced datasets, which is a prevalent challenge in the network intrusion detection study where instances of Int J Elec & Comp Eng.
Vol.
No.
June 2025: 3095-3106
Int J Elec & Comp Eng
ISSN: 2088-8708
attacks are substantially outnumbered by regular traffic patterns.
By utilizing its ensemble mechanism, a decision jungle significantly improves detection accuracy for both frequently occurring and rare attack Network intrusion detection systems face challenges in detecting anomalies efficiently.
The first challenge pertains to the fact that malicious attacks and threats are constantly evolving, making it difficult for existing intrusion detection systems to contend with.
This often leads to low detection rates and high false The second challenge is that the traditional machine learning algorithms applied in the field of network intrusion detection suffer from problems such as overfitting, where the model performs well on training data but does not perform well on unknown instances and the presence of high bias due to irrelevant Additionally, the class distribution of network traffic is often unbalanced, with normal traffic being much more common than nefarious traffic due to which the machine learning model may fail to learn the network patterns effectively .
, .
LITERATURE REVIEW
The research community is striving hard to explore the areas of the IoT and intrusion detection systems (IDS) to develop new ways to improve security.
This section focuses on some of the latest IDS ideas that have been suggested.
A key resource in this area is the Edge-IIoTset dataset .
, which is a detailed collection of data about cybersecurity for IoT that can be used by machine learning (ML) algorithms.
Experts have experimented with different techniques that fuse various algorithms to detect network intrusions effectively and improve how well they work.
One of these techniques uses a combination of a neutrosophic logic classifier .
more advanced version of fuzzy logi.
and a genetic algorithm to create rules.
This method has been successful in lowering the rate of false alarms to just 3.
19%, which is better than many other methods .
In a study by Prazeres N.
Costa R.
Santos L, and their team, they proposed a distributed IDS with a strong and dependable design for fog computing.
They used two datasets.
IoT-23 and MQTT-IoT-IDS2020, to create IDS models.
For the IoT-23 dataset, they used random forest (RF) and naive Bayes (NB) models, and for the MQTT-IoT-IDS2020 dataset, they used logistic regression (LR) and decision tree (DT) models.
These models were then compared to three other IDS architectures designed for IoT traffic.
The comparison was based on performance metrics like accuracy, precision, recall, and F1-score .
Researchers utilized the UNSW-NB15 network traffic dataset to evaluate ML models for IDS enhancement in More et al.
Specifically, they employed logistic regression (LR), support vector machines (SVM), decision trees (DT), and random forest (RF).
To optimize the performance of LR.
DT, and linear SVM, the study conducted hyperparameter tuning that led to a good performance .
In a study published in .
, researchers evaluated the effectiveness of eight different tree-based classification algorithms for predicting network events using the NSL-KDD dataset.
Amongst these algorithms, the decision tree algorithm was employed for feature selection, while a random forest algorithm was utilized as the primary Aamir and Zaidi .
proposed an intrusion detection model that used principal component analysis (PCA) and a subset of the benchmark dataset containing novel attack vectors.
They used clustering to label the data and identify attacker classes based on normal traffic patterns.
After labeling, they employed three machine learning algorithms (SVM, k-nearest neighbor (K-NN), and RF) to achieve detection accuracy levels of 92%, 95%, and 96.
66%, respectively.
Alqahtani and his team .
used popular machine learning methods like Bayesian network, naive Bayes, decision trees, random decision forest, random tree, decision table, and artificial neural network to detect network intrusions.
They tested these methods using the KDD cup 99 dataset.
In another study .
, researchers looked into detecting network intrusions using the UNSW-NB15 and CICIDS 2017 datasets.
They incorporated gradient boosting tree for binary classification and deep neural network for multiclass Del-IoT .
, an ensemble learning model for anomaly detection using software defined networks (SDN) was proposed to identify the attack scenarios on the dynamic cyber threat landscape.
Deep feature extraction was used to input the features to a probabilistic neural network (PNN) in order to optimize the Table 1 provides a summary of datasets with and without IOT traces available for network intrusion In the proposed study.
CICIoT 2023 dataset has been used to for experimentation.
The CICIoT 2023 dataset is primarily used for testing IoT systems because it simulates real-world IoT environments with a wide range of devices.
These devices can behave as both targets of attacks or sources of attacks.
With the growing prevalence of the IoT, it has essayed a critical role in our daily lives.
As a result, ensuring its security has become paramount to facilitate its seamless, secure, and reliable operation.
Exploring the effectiveness of multiclass decision jungle for internet of things security (Smitha Rajagopa.
A ISSN: 2088-8708 Table 1.
Summary of relevant network intrusion detection datasets Sl.
Dataset Description No of Features EdgeIIOT .
N-BaIOT
Yes
BoT-IoT
Yes
MQTTIoT-IDS
Yes
UNSW
NB-15
CICIDS
Researchers proposed the edge-industrial internet of things (IIoT), a comprehensive dataset to enhance intrusion detection systems for IoT and IIoT It enables machine learning-based detection in two modes:
centralized and federated learning.
The researchers generated an Edge-IIoT set using a custom IoT/IIoT testbed, incorporating a wide range of devices, sensors, protocols, and cloud/edge configurations to provide a realistic representation of these systems.
Researchers developed a new dataset for detecting abnormal activities in IoT networks called network based internet of things (BaIoT).
"Snapshots" of the network's behavior were extracted and advanced algorithms called deep autoencoders were employed.
These algorithms analyse the snapshots and identify unusual traffic patterns that may indicate compromised or malicious IoT devices within the network.
BoT-IoT dataset, termed as a big data dataset by the authors, consists of 73 million instances.
As discussed .
, the usage of this dataset is recommended after a thorough data cleaning procedure followed by the usage of valid features.
The MQTT-IoT-IDS2020 dataset comprises data generated by a simulated MQTT network.
It consists of unprocessed pcap files, along with unidirectional and bidirectional flow features.
The prospective architectures, when proposed using this dataset may allow for effective feature engineering to produce better The UNSW-NB15 dataset aims to create realistic network environments by including common low-profile cyberattacks.
It features ten attack types.
The article .
provides a detailed breakdown of the number of records per attack type and their distribution in the training and testing sets.
The dataset includes modern attacks that accurately resemble actual real-world It also includes the findings of network traffic analysis conducted by the CIC-Flow Meter, which labels data flows based on factors like timestamp, source and destination IP addresses, source and destination ports, protocols, and types of attacks stored in CSV files.
Whether an IOT dataset Yes/No Yes The CICIoT 2023 dataset was created using 105 devices and 33 real-world attacks.
These attacks cover seven categories, such as DDoS.
DoS.
Recon, web-based attacks, brute force, spoofing, and Mirai.
all cases, harmful IoT devices attack other IoT devices.
This dataset includes new types of attacks that aren't found in other IoT datasets.
It helps IoT experts build new security tools by providing data in different The CICIoT2023 dataset advances the field of IoT security by introducing a comprehensive network topology featuring diverse IoT devices.
It incorporates multiple cyberattacks not previously included in a single IoT security dataset.
Assessing the performance of popular machine learning methods against different attack types present in the CICIoT 2023 dataset provides a significant advantage compared to other studies.
METHODOLOGY
This section provides a summary of the experimental findings.
It proposes a method for carrying out classification and detection tasks using multiclass decision jungle.
The classification framework of the proposed work is depicted in Figure 2.
Decision jungles are an improved algorithm in the field of machine learning that build on decision trees and decision forests.
Instead of having a strict branching structure like trees, decision jungles use directed acyclic graphs (DAG.
This allows decision points .
epresented by node.
to be used in multiple branches.
By doing this, decision jungles can be more efficient and accurate for making predictions.
The number of instances considered for training and testing in the ratio 80:20 is enumerated in Table 2.
In the proposed work, we have used Azure machine learning as a platform to create the machinelearning pipeline.
Azure machine learning, a machine-learning platform hosted on the cloud, allows users to create machine-learning models that can be adjusted to various workloads, shared across multiple devices, and deployed directly onto the cloud .
Azure machine learning platform .
was used to compare the performance of various classifiers.
The study uses multiclass decision jungle, an algorithm suitable for tasks involving classifying data into multiple attack categories.
This is particularly appropriate for the task of identifying different types of attacks, as there are 34 distinct attack types to distinguish between in this case.
Decision jungles have a structured hierarchy, providing better overall performance and stability.
On the other hand, decision forests prioritize variety by using bagging and selecting features randomly.
The decision jungle model has a more Int J Elec & Comp Eng.
Vol.
No.
June 2025: 3095-3106
Int J Elec & Comp Eng
ISSN: 2088-8708
intricate structure organized in a hierarchical manner.
This design allows for enhanced identification of patterns and potentially improves the model's precision and resilience.
Figure 2.
Methodology of the proposed work Table 2.
Training and testing samples considered for experimentation Sl.
Attack Category Backdoor_Malware BenignTraffic BrowserHijacking CommandInjection DDoS-ACK_Fragmentation DDoS-HTTP_Flood DDoS-ICMP_Flood DDoS-ICMP_Fragmentation DDoS-PSHACK_Flood DDoS-RSTFINFlood DDoS-SlowLoris DDoS-SYN_Flood DDoS-SynonymousIP_Flood DDoS-TCP_Flood DDoS-UDP_Flood DDoS-UDP_Fragmentation DictionaryBruteForce DNS_Spoofing DoS-HTTP_Flood DoS-SYN_Flood DoS-TCP_Flood DoS-UDP_Flood Mirai-greeth_flood Mirai-greip_flood Mirai-udpplain MITM-ArpSpoofing Recon-HostDiscovery Recon-OSScan Recon-PingSweep Recon-PortScan SqlInjection Uploading_Attack VulnerabilityScan XSS Training set Testing set DAGs typically produce decisions that lead to relatively minimum data storage, resulting in excellent overall performance.
The multiclass aspect of decision jungle does not rely on specific distribution assumptions, enabling it to capture nonlinear boundaries between classes effectively.
Decision Jungle can also identify relevant features and classify data while being resistant to noisy features during training, making it robust.
As compared to the traditional trees, each node in the decision jungle can have multiple paths leading to the reduction in the number of nodes.
The decision jungle model enhances the random forest model by structuring trees in distinct layers, akin to a layered forest.
Each layer is treated as an individual forest, and the predictions from one layer become the inputs for the subsequent layer, enabling a hierarchical decision-making process.
Exploring the effectiveness of multiclass decision jungle for internet of things security (Smitha Rajagopa.
A ISSN: 2088-8708 Mathematically, within the expanse of the decision jungle, there exist numerous decision trees, each denoted as T1.
T2 ,.
,AT yco where AoycoAo represents the total number of trees present.
The final prediction is determined by combining the predictions made by each individual decision tree in the ensemble.
yc = arg max Ocyco yc=1 ya.
cNyc.
cU) = yc The indicator function .
enoted as "I") assigns a value of 1 to elements that satisfy the specified condition and 0 to elements that do not.
In a multiclass classification task, the objective is to determine whether an instance from the provided data collection belongs to a particular predefined group or not.
Pre-processing Data cleansing is a essential step in the machine learning domain.
It involves handling incomplete or wrong records, as well as doing away with outliers and duplicates.
The dataset used in this research included 33 specific types of IoT attack patterns and 46 numerical features.
characteristic scaling is significant for algorithms that depend on distance-based calculations.
If the records is on diverse scales, some statistics factors might affect on the modelAos performance.
This pre-processing step allows algorithm work better and more reliably.
A module known as Auconfigure normalize dataAy from Azure service was used to normalize the Feature selection In order to select the most relevant features from the dataset, the component considered from Azure Machine Learning Studio is permutation feature importance (PFI), a filter-based feature selection method.
This component evaluates the importance of features in a machine-learning model.
It shuffles feature values randomly for each column, then compares the model's performance before and after each shuffle.
Higher performance changes indicate more important features, as these are more affected by the shuffling.
The twelve features that were considered for further processing are as follows.
Header_length, rate, drate, syn_count, totsum.
IAT, magnitude.
Avg, std, covariance and radius.
It is noteworthy that the above mentioned twelve features contributed towards the prediction outcome.
Decision Jungle as the classifier The number of optimization steps configured for each layer in the decision DAG specifies how many steps the system should take to optimize that particular layer.
2048 was assigned the value for the number of optimization steps.
Eight decision DAGs were configured in order to perform the classification The maximum depth of the decision DAGs was considered as 32.
A value of 32 was assigned as the width of the DAG.
RESULTS AND DISCUSSION
Given 1,048,575 instances, 838,860 .
%) were used for model training, while the remaining 209,715 .
%) were utilized for testing.
To ensure the reliability of the model, a rigorous technique called ten-fold cross-validation was carried out.
Typically, cross-validation is often applied to validate the effectiveness of the proposed model thereby avoid overfitting .
This process divides the data into ten equal parts and trains the model on nine of the parts while evaluating it on the remaining part.
By repeating this process for all ten combinations, the algorithm is subjected to a variety of data subsets, providing a more accurate assessment of its overall performance.
Table 3 summarizes the performance metrics of the decision jungle classifier, showcasing its effectiveness.
The performance metrics, normally Table used for a predictive study in machine learning pertaining to multiclass classification are precision, recall and F1-score as shown in the .
ycEycyceycaycnycycnycuycu = ycIyceycaycaycoyco = ycNycycyce ycEycuycycnycycnycyce .
cNycE) ycNycycyce ycEycuycycnycycnycyce .
cNycE) yaycaycoycyce ycEycuycycnycycnycyce .
aycE) ycNycycyce ycEycuycycnycycnycyce .
cNycE) ycNycycyce ycEycuycycnycycnycyce .
cNycE) yaycaycoycyce ycAyceyciycaycycnycyce .
aycA) ya1 Oe ycycaycuycyce = 2 O ycEycyceycaycnycycnycuycuO ycIyceycaycaycoyco ycEycyceycaycnycycnycuycu ycIyceycaycaycoyco The proposed model could successfully identify benign patterns.
However, there have been a few misclassifications wherein benign patterns have been incorrectly classified to be DNS_spoofing and Int J Elec & Comp Eng.
Vol.
No.
June 2025: 3095-3106
Int J Elec & Comp Eng
ISSN: 2088-8708
MITM_Arpspoofing.
The proposed version successfully discovered instances of browser hijacking, detecting 99% of these attacks.
It additionally detected many different sorts of attack vectors, including specific forms of DDoS attacks .
ike ACK fragmentation.
HTTP flood.
ICMP flood.
ICMP fragmentation.
PSHACK Flood.
RSTFIN Floo.
DoS assaults .
ike HTTP Flood.
SYN Flood.
TCP Flood.
UDP Floo.
Mirai botnet assaults .
uch as greeth flood, greip flood, udpplain floo.
, and vulnerability scans.
The number of samples found in datasets pertaining to different categories may not be the same.
This is a common issue that people working with machine learning face, typically known as having an imbalanced dataset .
, .
When testing for backdoor malware and command injection, decision jungle classifier was able to correctly identify 62.
5% of the cases it was supposed to classify.
The proposed version successfully observed cases of browser hijacking, detecting 99% of these assaults.
It also did fairly in detecting many other forms of attacks, such as different kinds of DDoS attacks .
ike ACK fragmentation.
HTTP flood.
ICMP flood.
ICMP fragmentation.
PSHACK flood.
RSTFIN floo.
DoS assaults .
ike HTTP Flood.
SYN Flood.
TCP Flood.
UDP Floo.
Mirai botnet attacks .
uch as greeth flood, greip flood, udpplain floo.
, and vulnerability scans.
Table 3.
Precision, recall and F1-scores of 34 attack types Sl.
Attack category Backdoor_Malware BenignTraffic BrowserHijacking CommandInjection DDoS-ACK_Fragmentation DDoS-HTTP_Flood DDoS-ICMP_Flood DDoS-ICMP_Fragmentation DDoS-PSHACK_Flood DDoS-RSTFINFlood DDoS-SlowLoris DDoS-SYN_Flood DDoS-SynonymousIP_Flood DDoS-TCP_Flood DDoS-UDP_Flood DDoS-UDP_Fragmentation DictionaryBruteForce DNS_Spoofing DoS-HTTP_Flood DoS-SYN_Flood DoS-TCP_Flood DoS-UDP_Flood Mirai-greeth_flood Mirai-greip_flood Mirai-udpplain MITM-ArpSpoofing Recon-HostDiscovery Recon-OSScan Recon-PingSweep Recon-PortScan SqlInjection Uploading_Attack VulnerabilityScan XSS Precision Recall F1-score It is noteworthy that 20 attack types considered in the dataset have been detected with a precision score of 90% and above, a feat quite vital in any multiclass classification task.
Figure 3 demonstrates clearly the performance exhibited by decision jungle.
Figure 4 depicts the precision score pertaining to the 34 attack Figure 5 represents the recall score pertaining to the 34 attack vectors.
The decision jungle algorithm marks a significant step forward in the field of machine learning, especially when it comes to handling multiclass classification tasks.
Precision is based on the proportion of accurate predictions made for a specific class out of all the instances predicted as that class.
Sensitivity or true positive rate .
lso known as recal.
is used to measure the proportion of actual instances of a given class that were accurately predicted.
The decision jungle model proposed in this research work has reported a promising precision score for three attack types namely Browser-hijacking.
Recon-Pingsweep and Uploading-attack.
Hijacked browsers have the capability to acquire sensitive information, including login credentials, financial data, or private Exploring the effectiveness of multiclass decision jungle for internet of things security (Smitha Rajagopa.
A ISSN: 2088-8708 communications and thus can be a potential risk to the privacy and security of both individuals and Recon-Pingsweep is more often the initial step for a wide scale cyber attack.
Cybercriminals can make a focused attack, if they find the active devices and their IP addresses.
IoT devices normally support file uploads for both firmware updates and configurations.
An uploading attack which is successful can affect these devices and attackers can assume the control of them.
Therefore, the intrusion detection model should possess the capability to correctly identify these attacks.
A few attack types namely Recon-Osscan, sqlinjections and XSS were not correctly identified by the proposed model and initiatives are taken in this regard to address the issues of scalability and computational challenges.
Backdoor_Malware BenignTraffic BrowserHijacking CommandInjection DDoS-ACK_Fragmentation DDoS-HTTP_Flood DDoS-ICMP_Flood DDoS-ICMP_Fragmentation DDoS-PSHACK_Flood DDoS-RSTFINFlood DDoS-SlowLoris DDoS-SYN_Flood DDoS-SynonymousIP_Flood DDoS-TCP_Flood DDoS-UDP_Flood DDoS-UDP_Fragmentation DictionaryBruteForce DNS_Spoofing DoS-HTTP_Flood DoS-SYN_Flood DoS-TCP_Flood DoS-UDP_Flood Mirai-greeth_flood Mirai-greip_flood Mirai-udpplain MITM-ArpSpoofing Recon-HostDiscovery Recon-OSScan Recon-PingSweep Recon-PortScan SqlInjection Uploading_Attack VulnerabilityScan XSS Performance Evaluation Metrics 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 Precision Recall F1-score Figure 3.
Performance of the model concerning precision, recall and F1-score Precision Performance of the decision jungle model wrt precision for 20 attack types with 90% score and above Attack types Figure 4.
Precision score of 90% and above for 20 attack types Int J Elec & Comp Eng.
Vol.
No.
June 2025: 3095-3106
Int J Elec & Comp Eng
ISSN: 2088-8708
Performance of the decision jungle model wrt recall for 20 attack types with 90% score and above Recall Attack types Figure 5.
Recall score of 90% and above for 20 attack types The F1-score evaluates performance for each category separately and combine these into a single metric to ensure that minority classes are not overshadowed by majority classes.
Therefore.
F1-score is a critical evaluation parameter.
In the context of multiclass classification, the F1-score gives a balanced way to validate the effectiveness of the model.
This is especially useful in real-time situations where it is hard to have both high precision and high recall at the same time .
, .
As discussed in .
F1-score balances recall and precision scores using the harmonic mean.
The proposed decision jungle model has displayed an F1-score of 0.
9 and above for 20 attack types as presented in Figure 6.
F1-score Performance of the decision jungle model wrt F1-score for 20 attack types with 90% score and above Attack types Figure 6.
F1-score of 90% and above for 20 attack types Exploring the effectiveness of multiclass decision jungle for internet of things security (Smitha Rajagopa.
A ISSN: 2088-8708
CONCLUSION
The goal of this study was to establish the importance of multiclass classification for network intrusion detection from the perspective of decision jungle.
The proposed work affirms that decision jungle is indeed a sophisticated algorithm to detect various attack patterns that belong to different attack categories.
establish that our method works well, we used the CICIOT 2023 dataset, which comprises IOT intrusion When we tested it on Azure cloud, we found that the decision jungle algorithm works well for detecting network intrusions, especially for classifying different types of attacks.
Instead of using single systems, in our work, we mainly focused on how fast the system runs and performed the tests using Microsoft Azure machine learning studio (MAMLS).
The multiclass decision jungle predictor took one minute and fifty seconds to execute successfully.
The decision jungle algorithm possesses immense capabilities to delineate and counter an expansive array of security risks.
It also exhibits a good performance while doing classification tasks that are so technically challenging, per se.
The proposed model developed using decision jungle algorithm perfomed at low computing costs hence establishing its viability in real-time protection of IoT applications.
The proposed study also suggests that the decision jungle algorithm enhances the appropriate detection of attacks, but even more important, it decreases the number of false positives primarily needed in critical applications such as network intrusion detection.
ACKNOWLEDGMENTS
We thank Alliance University for all the resources provided to us for the successful execution of this research work.
FUNDING INFORMATION
Authors state no funding involved.
AUTHOR CONTRIBUTIONS STATEMENT
This journal uses the Contributor Roles Taxonomy (CRediT) to recognize individual author contributions, reduce authorship disputes, and facilitate collaboration.
Name of Author Smitha Rajagopal Abhik Sarkar Venkat Narayanan Manjunath C : Conceptualization M : Methodology So : Software Va : Validation Fo : Formal analysis ue ue ue ue ue ue ue ue ue ue ue ue ue ue I : Investigation R : Resources D : Data Curation O : Writing - Original Draft E : Writing - Review & Editing ue ue ue ue ue ue ue ue ue ue ue ue Vi : Visualization Su : Supervision P : Project administration Fu : Funding acquisition CONFLICT OF INTEREST STATEMENT Authors state no conflict of interest.
DATA AVAILABILITY
The data that support the findings of this study are openly available in UNB at https://w.
ca/cic/datasets/iotdataset-2023.
REFERENCES