A novel IoT threat detection using GWO feature selection and CNN-enhanced LightGBM

The rush to deploy IoT devices has greatly increased the threat of cyberattacks. Although prevention methods enhance security, they remain insufficient. Intrusion Detection Systems (IDS) represent a crucial complementary line of defense for IoT networks. In this paper, we propose a novel IDS for the Internet of Things (IoT) that combines the Grey Wolf Optimization (GWO) meta-heuristic, the Light Gradient Boosting Machine (LightGBM) model, and Convolutional Neural Networks (CNN). On the one hand, GWO reduces the number of selected features to the most relevant ones, which positively impacts the computation time in IoT. On the other hand, LightGBM presents the advantage of fast training with low memory usage and performs low latency, whereas CNN performs as a second deep feature extractor of LightGBM outputs and acts as the final classifier. The experimental evaluation of our new model, conducted on the CICIoT2023 and CICIoMT2024 datasets, demonstrated its high performance. For the CICIoT2023 dataset, our model achieved notable performance improvements, with an accuracy of 95.24%, a precision of 95.22%, and a very high true positive rate for several attack classes, such as Distributed Denial of Service, reaching 99.85%. Similarly, for the CICIoMT2024 dataset, our model achieved even higher results, with an Accuracy of 99.50%, a Precision of 99.52%, an F1-Score of 99.51%, an Average Accuracy of 93.22%, and an Average Detection Rate (DR) of 92.36%. Moreover, our model provides a very low false alarm rate with 1.30% and 2.45% for CICIoT2023 and CICIoMT2024, respectively. Therefore, it outperforms well-known machine learning techniques (RF, SVM) and deep learning models, namely DNN, CNN, LSTM, and Multi-head Attention.