This project presents a Machine Learning-based Ensemble Intrusion Detection System (IDS) designed to enhance security in IoT networks through intelligent threat detection and real-time monitoring. With the rapid growth of IoT devices, networks have become increasingly vulnerable to various cyberattacks, making efficient intrusion detection mechanisms essential. The proposed system utilizes a labelled network traffic dataset, where the data is pre-processed and used to train machine learning model capable of identifying different types of malicious activities. To improve detection performance, the system employs an ensemble learning approach that combines Bagging (Random Forest) and Boosting (XGBoost) algorithms. For real-time evaluation, the dataset records are replayed in a time-based manner to simulate continuous traffic flow. The data is streamed through Apache Kafka, enabling real-time data ingestion and processing. The incoming traffic is analyzed by the trained model, and the system determines whether the traffic is normal or malicious. A real-time monitoring dashboard displays detection results and generates alerts for suspicious activities, allowing administrators to monitor network behaviour effectively. By integrating time-based dataset streaming, Kafka-based real-time processing, and ensemble machine learning techniques, the proposed IDS improves detection accuracy, reduces false positives, and provides a scalable and reliable solution for securing modern IoT networks.

This paper presented a lightweight, real-time ensemble machine learning–based intrusion detection system designed for practical deployment in IoT networks. Rather than proposing new classification algorithms, the work focused on improving operational efficiency by integrating mature ensemble models with embedded feature selection and real- time data streaming. The combination of Random Forest and XGBoost enabled robust intrusion detection while maintaining low computational overhead, making the system suitable for resource-constrained IoT environments. The proposed gateway-centric architecture allows continuous monitoring of network traffic without imposing additional burden on individual IoT devices. The integration of Apache Kafka enables scalable and low-latency processing of streaming network data, while embedded feature selection reduces feature dimensionality during training and improves inference efficiency. Experimental results demonstrate that the system achieves reliable detection performance with reduced false alarms and acceptable detection latency, validating its applicability for real-world IoT security monitoring. In future work, the system will be evaluated across multiple IoT intrusion datasets and extended to support distributed and multi-gateway environments. Additional enhancements may include adaptive model updating to handle evolving attack patterns, incorporation of unsupervised or semi-supervised learning for unknown threat detection, and tighter integration with automated network-level mitigation mechanisms. These extensions aim to further enhance the robustness and scalability of the proposed intrusion detection framework

1.R. Varaprasad, A. P. Chakkaravarthy, and M. Veeresha, “A comprehensive analysis of intrusion detection system using machine learning and deep learning algorithms” Proc. Int. Conf. Intelligent Algorithms for Computational Intelligence Systems (IACIS), IEEE, 2024. 2.M. Ramaiah, A. Padma, R. Vishnukumar, M. Y. Rahamathulla, and V. Chithanuru, “A hybrid wrapper technique enabled network intrusion detection system for software-defined networking based IoT networks” Proc. IEEE Int. Conf. Artificial Intelligence for Internet of Things (AIIoT), IEEE, 2024. 3.S. K. Kodali and C. H. Muntean, “An investigation into deep learning-based network intrusion detection system for IoT systems” Proc. IEEE Int. Conf. Data Science and Computer Application (ICDSCA), pp. 374–379, 2021. 4.Z. Liu, K. Roy, N. Thapa, X. Yuan, A. Shaver, and S. Khorsandroo, “Anomaly detection on IoT network intrusion using machine learning,” IEEE, 2020. 5.N. Mahamud, M. J. Uddin, and U. Sumaiya, “Enhancing network security using machine learning for automated anomaly-based intrusion detection systems for IoT environment” Proc. Int. Research Conf. Smart Computing and Systems Engineering (SCSE), IEEE, 2025. 6.K. Abinaya, T. Lohith, and S. Jayanth Kumar, “Enhancing network security with intrusion detection systems in IoT devices” Proc. Int. Conf. Expert Clouds and Applications (ICOECA), IEEE, 2025. 7.S. S. S. Sugi and S. Raja Ratna, “Investigation of machine learning techniques in intrusion detection system for IoT network” Proc. Int. Conf. Intelligent Sustainable Systems (ICISS), IEEE, 2020. 8.Z. Alomari, Z. Li, and A. Makanju, “Lightweight machine learning- based IDS for IoT environments” Proc. IEEE Cyber Security in Networking Conf. (CSNet), IEEE, 2024. 9.B. Peng, J. Zhao, Y. Sun, and Y. Liu, “Research and discussion on comparative prediction models based on XGBoost and random forest and clustering analysis” in Proc. 2024 IEEE 2nd Int. Conf. on Control, Electronics and Computer Technology (ICCECT), 2024. 10.V. Jyothsna, E. Sandhya, R. Roopa, B. Deena Divya Nayomi, D. K. Shareef, and P. Bhasha, “Intrusion Detection System for IoT networks” in Proc. 2023 1st Int. Conf. on Optimization Techniques for Learning (ICOTL), 2023. 11. M. Patidar, A. Dave, D. Vekariya, B. Udumula, K. K. Porla, and B. Nidimandi, “Network Intrusion Detection System using random forest” in Proc. 2025 12th Int. Conf. on Computing for Sustainable Global Development (INDIACom), 2025. 12.K. M. Kiran Kumar, M. V. Srikar Reddy, K. Ullas, and S. M., “Distributed Intrusion Detection System using Kafka and Spark streaming” in Proc. 2025 Int. Conf. on Visual Analytics and Data Visualization (ICVADV), 2025.

© 2025 International Journal of Engineering and Techniques (IJET).

Digital Object Identifier (DOI)

IJET assigns a unique DOI to every accepted article via Zenodo for persistent linking and citation. Your article’s DOI: https://doi.org/{{doi}}

Open DOI About Zenodo DOI

Close