Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index Optimizing Autoencoder-Based Feature Selection for Attack Detection in IoT Networks via Machine Learning Approaches Eko Arip Winanto1,*.
Kurniabudi1.
Sharipuddin2, 1 Faculty of Computer Science .
Computer Enginerring.
Dinamika Bangsa University.
Jambi.
Indonesia Faculty of Computer Science.
Informatics.
Dinamika Bangsa University.
Jambi.
Indonesia Email: 1,*ekoaripwinanto@gmail.
com, 2 kbudiz@yahoo.
com, 3sharifbuhaira@gmail.
Correspondence Author Email: ekoaripwinanto@gmail.
Abstract The Internet of Things (IoT) presents significant security challenges as the number of connected devices continues to grow.
One critical approach in developing efficient attack detection systems is the selection of relevant features to reduce model complexity wi thout compromising accuracy.
This study evaluates the effectiveness of Autoencoders as a feature reduction method for IoT network intrusion detection systems.
Three machine learning algorithms are employed for comparative analysis: K-Nearest Neighbors (KNN).
Naive Bayes (NB), and Support Vector Machine (SVM).
The dataset is evaluated both before and after feature reduction using an Autoencoder, with performance assessed based on accuracy, precision, recall.
F1-score, training time, and the number of features.
Experimental results demonstrate that the Autoencoder can reduce the number of features by up to 30% without significantly degrading In fact, the NB and SVM models exhibit improvements in both accuracy and training efficiency.
The KNN model shows a minimal performance decline, which remains within acceptable limits.
Overall, the Autoencoder proves to be an effective method for feature reduction, maintaining or even enhancing detection efficiency and performance.
These findings support the use of Autoencoders as an efficient feature selection technique in IoT-based attack detection systems.
Keywords: Autoencoder.
Feature Selection.
IoT.
KNN.
Naive Bayes.
SVM.
Attack Detection INTRODUCTION The Internet of Things (IoT) has experienced rapid development in recent years and is now utilized across various critical sectors, including industry, healthcare, and transportation.
However, the increasing number of interconnected IoT devices has also expanded the attack surface, exposing systems to greater cybersecurity risks .
, .
The vast amount of heterogeneous data generated by IoT devices poses a significant challenge to intrusion detection systems (IDS), which must operate efficiently and accurately under these conditions .
, .
Intrusion detection in IoT networks is commonly performed using machine learning algorithms, which require clean and relevant feature data to achieve optimal classification performance .
, .
However, not all available features contribute meaningfully to the classification process.
Irrelevant or redundant features can degrade model accuracy and increase computational costs .
Various feature selection and dimensionality reduction techniques have been explored in recent literature to address this issue.
Traditional filter-based methods, such as Information Gain (IG).
Chi-Square, and Gain Ratio, assess the statistical relevance of each feature independently, offering simplicity and low computational cost.
However, these methods often fail to capture feature interactions, which can be crucial in complex domains like IoT intrusion detection .
On the other hand, wrapper-based techniques, including Recursive Feature Elimination (RFE), use machine learning models to iteratively select optimal subsets of features based on classification performance.
While more accurate, these approaches are computationally intensive and less scalable .
Principal Component Analysis (PCA), a popular unsupervised dimensionality reduction technique, projects highdimensional data into a lower-dimensional space by identifying directions .
rincipal component.
of maximum variance.
Although PCA is effective for noise reduction and compact feature representation, its linear nature may fail to capture nonlinear relationships present in real-world IoT traffic.
Moreover.
PCA-transformed features are typically abstract and may reduce interpretability or discard critical class-specific information in highly imbalanced datasets .
To overcome these limitations, recent studies have shifted towards deep learning-based approaches, particularly Autoencoders, which offer more flexible and powerful nonlinear transformations.
Autoencoders are neural network architectures designed to encode input data into a compressed representation and reconstruct it back with minimal loss, thereby retaining essential information.
Their ability to learn complex feature interactions in an unsupervised manner makes them especially suitable for high-dimensional and heterogeneous IoT datasets.
Moreover, variations such as sparse, denoising, and variational Autoencoders can be adapted for specific challenges, including noise reduction, anomaly detection, and representation learning .
Autoencoders, a form of unsupervised learning, have been widely applied for dimensionality reduction and feature extraction in the context of big data .
With their deep neural network architecture.
Autoencoders are capable of learning compressed representations of input data while preserving essential informatio .
For instance, study .
, .
employed Autoencoders on the NSL-KDD dataset and reported improved detection performance in several classification scenarios.
Similarly, .
, .
integrated Deep Autoencoders with Random Forests for anomaly detection in IDS data, successfully reducing noise and enhancing accuracy.
In a study .
stacked Autoencoder approach was utilized to reduce feature dimensionality in large-scale IoT traffic datasets, resulting in increased classification speed without significant accuracy loss.
Additionally, .
explored the use of denoising Autoencoders to address noisy and Copyright A 2024 Authors.
Page 63 This Journal is licensed under a Creative Commons Attribution 4.
0 International License Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index incomplete IoT sensor data, demonstrating resilience and robustness in real-world smart home environments.
Another relevant work by Li and He .
implemented a hybrid system combining Autoencoders with Support Vector Data Description (SVDD), achieving high detection rates on imbalanced IoT attack data.
Meanwhile, recent research .
evaluated sparse Autoencoders to extract compact features from time-series network traffic, significantly reducing storage and training time.
Furthermore, in .
, the authors proposed a Convolutional Autoencoder architecture tailored to extract spatial-temporal features from IoT-based industrial control system (ICS) networks, showing strong detection capabilities against stealthy intrusions.
Nevertheless, most existing studies have not explicitly evaluated the effectiveness of Autoencoders in IoT contexts, where data tends to be more complex, diverse, and often imbalanced across classes .
Therefore, further investigation is needed to assess the impact of Autoencoder-based feature selection on detection accuracy and overall model efficiency in IoT attack detection systems.
This study contributes by evaluating the effectiveness of Autoencoders as a feature selection and extraction technique in machine learning-based intrusion detection systems for IoT networks.
Specifically, the performance of three classification algorithms KNN.
NB, and SVM is compared before and after the application of Autoencoder-based feature In addition to accuracy and standard evaluation metrics precision, recall, and F1-score, this study also considers efficiency aspects such as the reduction in the number of features and model computation time.
The remainder of this paper is structured as follows: Section I presents the introduction.
Section II describes the Section i discusses the results and analysis.
and Section IV concludes the study and outlines directions for future research.
RESEARCH METHODOLOGY
1 Experiment Setup Experiments were conducted to evaluate the effectiveness of Autoencoders in feature reduction and their impact on attack detection performance in IoT networks show in Figure 1.
The experimental procedure consisted of three main stages:
Figure 1.
Experiment Setup .
Dataset Preparation: The dataset, formatted as a CSV file, contains numerical features and attack labels.
The data were cleaned, the labels were encoded using LabelEncoder, and the dataset was split into training and testing subsets in a 70:30 stratified ratio to preserve class distribution.
Copyright A 2024 Authors.
Page 64 This Journal is licensed under a Creative Commons Attribution 4.
0 International License Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index .
Dimensionality Reduction with Autoencoder: An Autoencoder was employed to reduce the number of features to 70% of the original set.
The architecture consists of a symmetric encoder and decoder.
The output from the bottleneck layer was used as a new, more compact yet informative feature representation.
Classification with KNN.
Naive Bayes, and SVM: Three classification algorithms KNN.
NB, and SVM were applied under two conditions: before and after feature reduction.
The models were evaluated using accuracy, precision, recall.
F1-score, training time, and number of features, in order to assess the impact of the Autoencoder on detection performance and computational efficiency.
2 Dataset The dataset used in this study uses the IoT dataset from research .
consisting of Ie 802.
11 traffic types.
Zigbeebased, and Z-Wave.
The purpose of this dataset is to provide a dataset for profiling, behavioral analysis, and vulnerability testing of various IoT devices.
Where in the IoT dataset built by the University of New Brunswick, namely the CIC IoT Dataset 2023 which consists of Ie 802.
Zigbee-based and Z-Wave protocols.
This dataset consists of DDoS.
DoS.
Recon.
Web-based.
Brute Force.
Spoofing, and Mirai attacks.
3 Autoencoder for Reduction Feature The Autoencoder is constructed as a neural network model comprising two primary components: an encoder and a decoder .
The encoder projects the input data into a lower-dimensional space known as the bottleneck layer, while the decoder attempts to reconstruct the original input from this compressed representation .
, .
In this study, the Autoencoder architecture employs an encoding dimension equal to 70% of the original number of features, serving as a trade-off between dimensionality reduction and information preservation.
The model is trained in an unsupervised manner using only the feature data (X_train_scale.
, with the mean_squared_error loss function and the Adam optimizer.
Upon completion of training, the compressed representations from the bottleneck layer are extracted and used as the new features for the classification models.
4 Classification Algorithm This study employs three commonly used machine learning algorithms for classification tasks to evaluate the performance of IoT network intrusion detection systems.
The selection of these algorithms is based on their diverse operational characteristics and computational complexities, thereby providing a comprehensive perspective on the impact of feature reduction across different model types.
K-Nearest Neighbors (KNN):
KNN is an instance-based learning algorithm that classifies new data based on the similarity of distance to training data points .
In this study.
Euclidean distance is used as the similarity metric.
KNN is a relatively simple yet effective algorithm, particularly for low-dimensional data.
Therefore, it is well-suited for observing the direct impact of feature reduction on classification performance.
Naive Bayes (NB):
Naive Bayes is a probabilistic classifier that assumes feature independence .
Despite its simplicity, it often delivers competitive results, especially on text data or datasets with clear probabilistic distributions.
Since NB is sensitive to feature correlations, dimensionality reduction via Autoencoder may significantly influence its performance.
Support Vector Machine (SVM):
SVM is a margin-based classifier that aims to find an optimal hyperplane that separates data points from different classes in the feature space .
, .
In this study, a linear kernel is employed to maintain training efficiency.
SVM
is known for its robustness in handling high-dimensional data but typically involves higher computational costs, making it particularly relevant for evaluating the effect of dimensionality reduction on training efficiency.
Each algorithm is evaluated under two distinct scenarios to measure the impact of Autoencoder-based feature reduction:
Before optimization: The models are trained and tested using the full set of original features from the dataset, without any reduction.
After optimization: The models are trained and tested using the encoded features produced by the Autoencoder, which performs dimensionality reduction.
5 Evaluation To assess the performance and efficiency of the IoT attack detection system, several evaluation metrics are .
, .
employed as follows:
Accuracy: Measures the proportion of correct predictions out of the total number of instances.
Higher accuracy indicates better overall model performance.
Precision: Indicates the proportion of correctly predicted positive instances among all predicted positives, reflecting the modelAos ability to avoid false positives .
Copyright A 2024 Authors.
Page 65 This Journal is licensed under a Creative Commons Attribution 4.
0 International License Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index .
Recall: Measures the proportion of actual positive instances that are correctly identified, reflecting the modelAos sensitivity in detecting true positives.
F1-Score: Represents the harmonic mean of precision and recall, and is used to evaluate the balance between them, especially in cases of class imbalance.
Training Time: Refers to the duration required for the model to learn from the training data.
A shorter training time indicates a more computationally efficient model.
Number of Features: Denotes how many features are used during training.
This metric helps evaluate the effectiveness of the feature reduction process.
RESULT AND DISCUSSION
This section presents the experimental results conducted to evaluate the effectiveness of Autoencoders in feature reduction for IoT data in the context of attack detection.
The evaluation was performed by comparing the performance of three classification algorithma KNN.
NB, and SVM under two scenarios: before and after feature reduction using an Autoencoder.
Following the Autoencoder training process, the high-dimensional features were successfully reduced to a lowerdimensional representation without losing essential data characteristics.
The encoded features were observed to fall within the range of -1 to 1, which was influenced by the use of the ReLU activation function.
In this experiment, the Autoencoder was constructed with two encoding layers, resulting in a final representation of 32 features, reduced from an initial total of 46 in Table 1.
Table 1.
Results of Autoencoder Feature Results from Autoencoder 047080039978027344e 00 8.
325064182281494141e-01 2.
509507656097412109e 00 0.
000000000000000000e 00 0.
520965576171875000e 00 4.
332667827606201172e 00 5.
210734605789184570e 00 0.
000000000000000000e 00 4.
504830837249755859e-01 2.
595007181167602539e 00 2.
153895378112792969e 00 8.
497570753097534180e-01 1.
369014859199523926e-01 0.
000000000000000000e 00 1.
148809790611267090e-01 3.
259394168853759766e-01 1.
376375317573547363e 00 4.
661439061164855957e-01 0.
340605974197387695e-03 5.
231337547302246094e-01 0.
Based on the evaluation results of IoT attack detection using the Autoencoder-based feature selection and machine learning methods, the next step is to calculate the performance of the detection system.
This study employs four evaluation metrics: accuracy, precision, recall, and F1-score.
The performance results of each classification method KNN.
NB, and SVM are presented in Table 2.
The table provides a detailed overview of the performance of each method across the four metrics for the corresponding test datasets.
Table 2.
Results of Detection Attack
Dataset
Acc
KNN
Pre
Rec
F-s
Acc
Pre
Rec
F-s
Acc
Pre
SVM
Rec F-s The experimental results presented in the table above demonstrate the performance of machine learning methods combined with Autoencoder-based feature selection.
The results exhibit variations across accuracy, precision, recall, and F1-score metrics.
These findings confirm the effectiveness of the Autoencoder in selecting relevant features, as validated through subsequent detection performance.
The highest accuracy was achieved by the KNN method, reaching 93%, while the lowest accuracy was recorded by the Naive Bayes method at 70%.
This variation in performance may be attributed to the diversity and complexity of the attack types within the dataset.
Copyright A 2024 Authors.
Page 66 This Journal is licensed under a Creative Commons Attribution 4.
0 International License Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index Figure 2.
Detection performance test results Figure 2 is the distribution of the performance of the attack detection system that has been carried out.
In the red data distribution is the accuracy performance of the KNN method, then in purple is the result of the SVM method and blue is the performance of the NB method.
1 Discussion The following section discusses the experimental results before and after applying the Autoencoder.
This experiment was conducted to evaluate the effectiveness of the Autoencoder in reducing features in an IoT network attack dataset and to assess its impact on both model performance and computational efficiency.
Three machine learning algorithms KNN.
NB, and SVM were used for comparison.
The evaluation considered several metrics, including accuracy, precision, recall.
F1-score, training time, and the number of features, both before and after dimensionality reduction using the Autoencoder.
Table 3 presents a comparative analysis of the results obtained with and without the use of the Autoencoder for IoT attack detection.
The Autoencoder successfully reduced the number of features from 46 to 32, achieving approximately a 30% reduction.
While there was a slight decrease in accuracy for the KNN model .
47% to 04%), its overall performance remained strong, with only minimal changes across all metrics.
On the other hand, the Naive Bayes model showed an improvement in accuracy .
39% to 72.
04%) and F1-score .
50% to 84%), indicating that the Autoencoder was effective in filtering out irrelevant or noisy features, thereby enhancing the modelAos performance.
For the SVM model, both accuracy and F1-score experienced slight improvements, while the training time was significantly reduced from 575 seconds to 321 seconds demonstrating a substantial gain in computational efficiency.
Overall, the use of the Autoencoder proved to be an effective approach for feature reduction, without causing a significant drop in detection performance.
In some cases, such as with the Naive Bayes and SVM models, it even led to performance improvements.
These findings suggest that the Autoencoder not only simplifies the data by reducing dimensionality but also enhances feature representation, contributing to faster training and better classification outcomes.
As such, the Autoencoder can be considered a promising technique for feature selection in IoT-based intrusion detection Table 3.
Comparison of Results using Autoencoder Time Training .
Number of Features Model
Optimasion Accuracy Precision Recall F1-Score
KNN
KNN
Naive Bayes Naive Bayes SVM
SVM
Before After Before After Before After Copyright A 2024 Authors.
Page 67 This Journal is licensed under a Creative Commons Attribution 4.
0 International License Bulletin of Informatics and Data Science Vol.
3 No.
November 2024.
Page 63Oe69 ISSN 2580-8389 (Media Onlin.
DOI 10.
61944/bids.
https://ejurnal.
id/index.
php/bids/index Figure 3.
Comparison of detection performance Based on Figure 3, it can be seen that the results of the performance evaluation of the three machine learning algorithms before and after the application of Autoencoder show different trends.
In general.
Autoencoder is able to reduce the number of features without sacrificing performance significantly.
KNN shows a very small decrease in performance, but remains within the tolerance limit.
In contrast.
Naive Bayes experienced a significant increase in accuracy and F1-score after feature reduction, indicating that this method benefits from the data simplification process.
SVM also shows improvements in performance metrics and training time efficiency, making it a responsive model to feature optimization.
This graph strengthens the finding that Autoencoder not only functions as a dimensionality reduction tool but can also improve the quality of data representation, which has a positive impact on classification performance in IoT attack detection systems.
CONCLUSION
This study evaluates the effectiveness of Autoencoder as a feature reduction method to detect attacks on IoT networks using KNN.
Naive Bayes, and SVM classification algorithms.
Based on the experimental results.
Autoencoder is able to reduce the number of features without losing important information needed in the classification process.
The test results show that the KNN algorithm provides the best performance, with the highest accuracy reaching 93%.
Meanwhile.
SVM shows stable performance with an accuracy of around 80%, and Naive Bayes has the lowest accuracy of around 70%.
Although there is a slight decrease in performance in some algorithms after feature reduction, the system efficiency increases significantly, especially in terms of training time and the number of features used.
Overall.
Autoencoder is proven to be effective in simplifying complex IoT data, as well as supporting the attack detection process efficiently and These results indicate that this approach has the potential to be applied to real attack detection systems in IoT environments with limited computing resources.
Future research will use Deep Embedded Feature Selection for feature selection and propose using deep learning.
REFERENCES