Design and Evaluation of an Adaptive Intrusion Detection Framework for IoT Edge Networks Using Hybrid Machine Learning and Deep Reinforcement Learning Techniques

Authors

  • Victor Marudut Mulia Siregar Politeknik Bisnis Indonesia
  • Munji Hanafi Institut Teknologi dan Bisnis Semarang

Keywords:

Intrusion Detection, IoT networks, Machine Learning, Real-Time Adaptation, Reinforcement Learning

Abstract

The rapid proliferation of Internet of Things (IoT) devices across diverse industries has significantly increased the vulnerability of IoT edge networks to sophisticated cyber threats. Traditional intrusion detection systems (IDS), such as signature-based and anomaly-based approaches, are often insufficient in addressing the dynamic and evolving nature of these threats. This study proposes a hybrid intrusion detection system (IDS) framework that combines supervised machine learning (ML) techniques with deep reinforcement learning (DRL) to enhance detection performance in real-time, resource-constrained IoT environments. The proposed framework utilizes supervised learning for initial traffic classification and DRL for adaptive decision-making, enabling the system to continuously learn and optimize its detection policies based on new attack patterns. The hybrid approach significantly improves detection accuracy and reduces false positives when compared to conventional signature-based and single-model ML systems. In addition to improved detection capabilities, the framework's computational efficiency allows it to operate effectively within the constraints of IoT devices, ensuring that it is suitable for large-scale deployments. Benchmark evaluations using publicly available datasets, such as NSL-KDD, IoT-23, and BoT-IoT, show that the hybrid IDS framework outperforms traditional methods, providing a more robust and adaptive solution to cybersecurity challenges in IoT edge networks. The findings of this study suggest that combining machine learning with deep reinforcement learning offers a promising approach to secure IoT environments and address the limitations of existing IDS techniques. Future work will explore enhancing real-time adaptability, scalability, and the detection of zero-day attacks in evolving IoT ecosystems.

References

[1] B. Rathi et al., “Realizing the potential of Internet of Things (IoT) in Industrial applications,” Discov. Internet Things, vol. 5, no. 1, 2025, doi: 10.1007/s43926-025-00141-5.

[2] Y. Zhai, M. Mudassar, and L. Zhu, “Edge Computing Resilience: Overcoming Resource Constraints in Unstable Computing Environments,” SpringerBriefs Comput. Sci., vol. Part F3510, pp. 1 – 123, 2024, doi: 10.1007/978-981-97-6998-8.

[3] B. Mataloto, J. C. Ferreira, and R. P. Resende, Sensors and networks for savings and comfort of cities’ inhabitants. 2025.

[4] B. Gușiță, A. A. Anton, C. S. Stângaciu, D. Stănescu, L. I. Găină, and M. V Micea, “Securing IoT edge: a survey on lightweight cryptography, anonymous routing and communication protocol enhancements,” Int. J. Inf. Secur., vol. 24, no. 3, 2025, doi: 10.1007/s10207-025-01071-7.

[5] F. Keti and O. M. Ghazal, “A Review of the Security Challenges Mitigation in IoT Systems Via the Utilization of SDN Technology,” in International Conference on Engineering, Science and Advanced Technology, ICESAT 2023, 2023, pp. 1 – 6. doi: 10.1109/ICESAT58213.2023.10347320.

[6] P. Phalaagae, A. M. Zungeru, B. Sigweni, J. M. Chuma, and T. Semong, Applications and communication technologies in IoT sensor networks. 2020. doi: 10.1007/978-3-030-54983-1_2.

[7] P. Gkonis, A. Giannopoulos, P. Trakadas, X. Masip-Bruin, and F. D’Andria, “A Survey on IoT-Edge-Cloud Continuum Systems: Status, Challenges, Use Cases, and Open Issues,” Futur. Internet, vol. 15, no. 12, 2023, doi: 10.3390/fi15120383.

[8] S. Bagchi et al., “New Frontiers in IoT: Networking, Systems, Reliability, and Security Challenges,” IEEE Internet Things J., vol. 7, no. 12, pp. 11330 – 11346, 2020, doi: 10.1109/JIOT.2020.3007690.

[9] S. Das and S. Namasudra, “Introducing the Internet of Things: Fundamentals, challenges, and applications,” Adv. Comput., vol. 137, pp. 1 – 36, 2025, doi: 10.1016/bs.adcom.2024.06.004.

[10] S. Shapsough, F. Aloul, and I. A. Zualkernan, “Securing Low-Resource Edge Devices for IoT Systems,” in 2018 International Symposium in Sensing and Instrumentation in IoT Era, ISSI 2018, 2018. doi: 10.1109/ISSI.2018.8538135.

[11] S. K. R. Mallidi and R. R. Ramisetty, “Advancements in training and deployment strategies for AI-based intrusion detection systems in IoT: a systematic literature review,” Discov. Internet Things, vol. 5, no. 1, 2025, doi: 10.1007/s43926-025-00099-4.

[12] B. Hafid, A. Ezzouhairi, and K. Haddouch, “Strengthening Security in the Internet of Things (IoT): Integrated Approach of Intrusion Detection Systems (IDS) and Edge Computing,” in 2024 3rd International Conference on Embedded Systems and Artificial Intelligence, ESAI 2024, 2024. doi: 10.1109/ESAI62891.2024.10913549.

[13] B. Isong, O. Kgote, and A. Abu-Mahfouz, “Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems,” Electron., vol. 13, no. 12, 2024, doi: 10.3390/electronics13122370.

[14] R. Vadisetty, “Adaptive Machine Learning-Based Intrusion Detection Systems for IoT Era,” Lect. Notes Networks Syst., vol. 1148, pp. 251 – 273, 2025, doi: 10.1007/978-981-97-8457-8_17.

[15] M. Ishaque, M. G. M. Johar, A. Khatibi, and M. Yamin, “Dynamic Adaptive Intrusion Detection System Using Hybrid Reinforcement Learning,” Lect. Notes Networks Syst., vol. 923 LNNS, pp. 245 – 253, 2024, doi: 10.1007/978-3-031-55911-2_23.

[16] A. M. Alashjaee and F. Alqahtani, “Enhanced intrusion detection system IoT network security model by feed forward neural network and machine learning,” Sci. Rep., vol. 15, no. 1, 2025, doi: 10.1038/s41598-025-20047-0.

[17] R.-A. Craciun, S. I. Caramihai, Ștefan Mocanu, R. N. Pietraru, and M. A. Moisescu, “Hybrid Machine Learning for IoT-Enabled Smart Buildings,” Informatics, vol. 12, no. 1, 2025, doi: 10.3390/informatics12010017.

[18] R. Baby, Z. Pooranian, M. Shojafar, and R. Tafazolli, “A Heterogenous IoT Attack Detection Through Deep Reinforcement Learning: A Dynamic ML Approach,” in IEEE International Conference on Communications, 2023, pp. 479 – 484. doi: 10.1109/ICC45041.2023.10278685.

[19] E. Hesham, A. Hamdy, and K. Nagaty, “A Federated Learning Framework with Self-Attention and Deep Reinforcement Learning for IoT Intrusion Detection,” in ICSIE 2024 - 2024 13th International Conference on Software and Information Engineering, 2025, pp. 88 – 94. doi: 10.1145/3708635.3708649.

[20] D. Danang, M. U. Dewi, and G. Widhiati, “Federated Hybrid CNN GRU and COBCO Optimized Elman Neural Network for Real Time DDoS Detection in Cloud Edge Environments,” Int. J. Electr. Eng. Math. Comput. Sci., vol. 2, no. 2, pp. 28–35, 2025.

[21] D. Danang, S. Siswanto, W. Aryani, and P. Wibowo, “Hybrid Federated Ensemble Learning Approach for Real-Time Distributed DDoS Detection in IIoT Edge Computing Environment,” J. Eng. Electr. Informatics, vol. 5, no. 1, pp. 9–17, 2025.

[22] D. Danang, I. A. Dianta, A. B. Santoso, and S. Kholifah, “Hybrid CNN GRU Framework for Early Detection and Adaptive Mitigation of DDoS Attacks in SDN using Image Based Traffic Analysis,” Int. J. Inf. Eng. Sci., vol. 2, no. 2, pp. 66–78, 2025.

[23] G. Cirillo and R. Passerone, “Packet Length Spectral Analysis for IoT Flow Classification Using Ensemble Learning,” IEEE Access, vol. 8, pp. 138616 – 138641, 2020, doi: 10.1109/ACCESS.2020.3012203.

[24] M. Severt, R. Casado-Vara, A. M. del Rey, N. Basurto, D. Urda, and Á. Herrero, “Benchmarking Classifiers for DDoS Attack Detection in Industrial IoT Networks,” Lect. Notes Networks Syst., vol. 748 LNNS, pp. 167 – 176, 2023, doi: 10.1007/978-3-031-42519-6_16.

[25] H. Hayouni and L. Nasraoui, “NAIDS4IoT: A Novel Artificial Intelligence-Based Intrusion Detection Architecture for the Internet of Things,” Intel. Artif., vol. 28, no. 76, pp. 253 – 282, 2025, doi: 10.4114/intartif.vol28iss76pp253-282.

[26] A. Sousa, L. Correia, and M. J. C. S. Reis, “Edge-Based AI for Real-Time Threat Detection in 5G-IoT Networks: A Comparative and Architectural Review,” in 2025 5th Intelligent Cybersecurity Conference, ICSC 2025, 2025, pp. 359 – 363. doi: 10.1109/ICSC65596.2025.11140446.

[27] A. A. M. De Resende, P. H. A. D. De Melo, J. R. Souza, R. G. Cattelan, and R. S. Miani, “Traffic Classification of Home Network Devices using Supervised Learning,” in International Conference on Agents and Artificial Intelligence, 2022, pp. 114–120. doi: 10.5220/0010785500003116.

[28] K. Abinaya, T. Lohith, and S. Jayanth Kumar, “Enhancing Network Security with Intrusion Detection Systems in IoT Devices,” in Proceedings - 2025 5th International Conference on Expert Clouds and Applications, ICOECA 2025, 2025, pp. 320–325. doi: 10.1109/ICOECA66273.2025.00062.

[29] R. Aldawod, N. Alsaleh, N. Aldalbahi, R. Alqahtani, and S. Sakri, “Smart Prediction System for Classifying Mirai and Gafgyt Attacks on IoT Devices,” in Proceedings - 2022 International Conference on Computational Science and Computational Intelligence, CSCI 2022, 2022, pp. 1216 – 1222. doi: 10.1109/CSCI58124.2022.00218.

[30] Y. Jin, J. Zhou, and Y. Gao, “HSGAN-IoT: A hierarchical semi-supervised generative adversarial networks for IoT device classification,” Comput. Networks, vol. 243, 2024, doi: 10.1016/j.comnet.2024.110299.

[31] V. A. Ferman and M. Ali Tawfeeq, “Machine Learning Challenges for IoT Device Fingerprints Identification,” in Journal of Physics: Conference Series, 2021. doi: 10.1088/1742-6596/1963/1/012046.

[32] R. Tarafdar, H. Singh, V. Pahuja, G. Garg, R. Sivaraman, and B. Jegajothi, “Deep Reinforcement Learning for Intelligent Cybersecurity in Smart City IoT Infrastructures,” in Proceedings of the 6th International Conference on Inventive Research in Computing Applications, ICIRCA 2025, 2025, pp. 383–389. doi: 10.1109/ICIRCA65293.2025.11089735.

[33] S. Kim et al., “DIVERGENCE: Deep Reinforcement Learning-Based Adaptive Traffic Inspection and Moving Target Defense Countermeasure Framework,” IEEE Trans. Netw. Serv. Manag., vol. 19, no. 4, pp. 4834 – 4846, 2022, doi: 10.1109/TNSM.2021.3139928.

[34] J. Simon, N. Kapileswar, S. Diyananthan, M. Ajay Jadeja, and A. Hariprasath, “Deep Reinforcement Learning-Enhanced Intrusion Detection System for Cyber Threat Mitigation,” in Proceedings of the 7th International Conference on Intelligent Sustainable Systems, ICISS 2025, 2025, pp. 384–390. doi: 10.1109/ICISS63372.2025.11076108.

[35] Y. Yu, “Application and Effectiveness Analysis of Deep Reinforcement Learning in Computer Network Traffic Management,” Front. Artif. Intell. Appl., vol. 405, pp. 620 – 627, 2025, doi: 10.3233/FAIA250314.

[36] S. M. M. Ahmed, S. K. M. S. Islam, and M. S. Ullah, “Hybrid Machine Learning and Deep Learning Approaches for Anomaly Detection Using KD99 and TON-IoT Datasets,” in 2025 International Conference on Electrical, Computer and Communication Engineering, ECCE 2025, 2025. doi: 10.1109/ECCE64574.2025.11013812.

[37] Y. Celik, E. Basaran, and S. Goel, “Deep Learning Methods for Intrusion Detection Systems on the CSE-CIC-IDS2018 Dataset: A Review,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng. LNICST, vol. 613 LNICST, pp. 38 – 65, 2025, doi: 10.1007/978-3-031-89363-6_3.

[38] S. Derbali, K. Jouini, F. Jemili, and O. Korbaa, “A HYBRID APPROACH INTEGRATING REINFORCEMENT AND SUPERVISED LEARNING FOR INTRUSION DETECTION,” in Proceedings of the International Conferences IADIS Information Systems 2025 and e-Society 2025, 2025, pp. 219 – 228.

[39] M. Rele and D. Patil, “Intrusive Detection Techniques Utilizing Machine Learning, Deep Learning, and Anomaly-based Approaches,” in Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023, 2023, pp. 88 – 93. doi: 10.1109/ICoCICs58778.2023.10276955.

[40] R. S. Valasev, A. R. Priambodo, and R. N. Esti Anggraini, “Evaluating Contemporary Machine Learning and Deep Learning Strategies for Intrusion Detection,” in International Conference on Control and Automation, Electronics, Robotics, Internet of Things, and Artificial Intelligence, CERIA 2024, 2024. doi: 10.1109/CERIA64726.2024.10915015.

Downloads

Published

2026-01-19

Issue

Vol. 1 No. 1 (2026): February: Cyber Security and Network Management

Section

Articles

License

Copyright (c) 2025 Cyber Security and Network Management

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.