<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Intrusion Detection in IoT Using Ensemble Approach</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Elijah M. Maseno</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Zenghui Wang</string-name>
          <email>wangzengh@mail.com</email>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Department of Computer Science, University of South Africa</institution>
          ,
          <addr-line>Florida 1709</addr-line>
          ,
          <country country="ZA">South Africa</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Department of Electrical Engineering, University of South Africa</institution>
          ,
          <addr-line>Florida 1709</addr-line>
          ,
          <country country="ZA">South Africa</country>
        </aff>
      </contrib-group>
      <fpage>15</fpage>
      <lpage>24</lpage>
      <abstract>
        <p>Protection of the Internet of Things (IoT) devices is an area of concern, even with the success that has been achieved in this area. IoT involves configuring and deploying smart devices to send and share information. Some IoT devices carry sensitive information, which attracts the attention of cybercriminals. Intrusion detection systems have been widely proposed as one measure of defending networks against any malicious activities. This work proposes a stacked ensemble intrusion detection technique based on extreme learning machine (ELM), support vector machine (SVM), and KNeighbors (KNN) classifiers as base learners, and logistic regression (LR) as the meta-learning algorithm. Firstly, the dataset is cleaned and then grouped using the cross-validation procedure. Secondly, hyperparameter tuning of the algorithms is done using the grid search technique. Finally, with the tuned parameters, the classification job is done. The evaluation of the model is performed using the IoT_ToN network dataset. The performance of the proposed stacked ensemble method is compared with that of single algorithms. The obtained results clearly show the outstanding performance of the proposed stacked ensemble approach with respect to accuracy, precision, recall, and f1-score. The proposed model scored 96% across all the measured metrics outperforming the standalone algorithms. This study concludes that the stacked ensemble approach can potentially improve the performance of intrusion detection systems.</p>
      </abstract>
      <kwd-group>
        <kwd>eol&gt;Intrusion detection system</kwd>
        <kwd>stacked</kwd>
        <kwd>genetic algorithm</kwd>
        <kwd>IoT_ToN network data set</kwd>
        <kwd>ensemble learning</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1. Introduction</title>
      <p>
        Over the last decade, we have seen rapid growth in IoT devices [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ][
        <xref ref-type="bibr" rid="ref2">2</xref>
        ]. These devices can send and
receive information from people and things without human control. IoT technology is the reason behind
the explosion of smart devices, which have been adopted in the health sector, industries, and farming,
among other fields. According to [
        <xref ref-type="bibr" rid="ref3">3</xref>
        ] the number of interconnected devices in the IoT environment is
expected to increase to around 41.6 billion by the year 2025. The exponential increase in integrated
devices brings with it cyber security challenges. According to [
        <xref ref-type="bibr" rid="ref4">4</xref>
        ], IoT architecture has three layers:
perception, network, and application. The researchers went a step further to outline the security issues
affecting these layers.
      </p>
      <p>
        An IoT innovation report by Deloitte [
        <xref ref-type="bibr" rid="ref4">4</xref>
        ] reported that hackers in 2013 took advantage of
IoTintegrated devices, such as smart heating controls, ventilation systems, and air-conditioning systems in
specific stores, and exposed 40 million credit card numbers from the U.S. retailer. In addition, the
researchers reported an IoT attack, the 2016 Mirai attack, which brought the internet down in Europe
and North America. According to the research, this caused the US to suffer almost USD 110 million in
loss.
0000-0001-5684-5043 (E. M. Maseno); 0000-0003-3025-336X (Z. Wang)
© 2023 Copyright for this paper by its authors.
      </p>
      <p>Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
CEUR Workshop Proceedings (CEUR-WS.org)</p>
      <p>
        The integration of these devices into the wider internet has attracted the attention of cybercriminals
[
        <xref ref-type="bibr" rid="ref1">1</xref>
        ][
        <xref ref-type="bibr" rid="ref6">6</xref>
        ]. Cybercriminals have shifted their focus to IoT devices as they offer easy entry to the larger
network for exploitation. The diversity of integrated devices makes IoT devices more vulnerable to
attacks and makes it hard to develop a single protection solution. Research done by [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ], broadly
classified IoT attacks into, physical attacks, network attacks, software attacks, and encryption attacks.
The researchers admitted that, due to the unique nature of IoT, researchers should focus on developing
security solutions that can be used to mitigate most security issues on IoT platforms. In addition, due to
this peculiarity, traditional intrusion detection systems cannot effectively and efficiently be used to
defend IoT devices against malicious activities.
      </p>
      <p>
        According to researchers, most traditional intrusion detection approaches lack the ability to protect
IoT devices [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ][
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. The traditional approaches can be broadly classified as anomaly and signature based.
The mentioned approaches have the problem of high false alarm rates (FARs) and inadequate detection
of zero-day attacks respectively [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. To make the IoT environment more secure, there is a need for the
development of more advanced intrusion detection systems with learning capabilities. To achieve this
aim, researchers have proposed the adoption of machine learning algorithms to improve the security of
IoT devices [
        <xref ref-type="bibr" rid="ref9">9</xref>
        ]. The use of single-machine algorithms in model development is becoming limited in
solving evolving problems [
        <xref ref-type="bibr" rid="ref10">10</xref>
        ][
        <xref ref-type="bibr" rid="ref11">11</xref>
        ]. The researchers have proposed integrating different machine
algorithms to develop more powerful models capable of dealing with emerging issues effectively.
      </p>
      <p>
        The ensemble method is one of the most recommended methods for integrating machine learning
algorithms [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ] [
        <xref ref-type="bibr" rid="ref13">13</xref>
        ] [
        <xref ref-type="bibr" rid="ref14">14</xref>
        ]. Ensemble learning is a technique for combining several machine learning
algorithms together to solve a given task. One of the early research projects in this area was published
in the early 1990s by Hansen and Salamon [
        <xref ref-type="bibr" rid="ref15">15</xref>
        ], the researchers observed that the combination of several
classifiers had the potential to perform better than a single classifier. This technique has been applied
to solve problems in different fields such as, but not limited to, biometrics [
        <xref ref-type="bibr" rid="ref16">16</xref>
        ], power systems [
        <xref ref-type="bibr" rid="ref17">17</xref>
        ][
        <xref ref-type="bibr" rid="ref18">18</xref>
        ],
seizure detection [
        <xref ref-type="bibr" rid="ref19">19</xref>
        ], and intrusion detection systems [
        <xref ref-type="bibr" rid="ref20">20</xref>
        ][
        <xref ref-type="bibr" rid="ref21">21</xref>
        ]. In this study, an ensemble approach is
proposed for intrusion detection in the IoT environment.
      </p>
      <p>
        The development of the ensemble model consists of two major components, namely, base learners
and ensemble integration [
        <xref ref-type="bibr" rid="ref22">22</xref>
        ][
        <xref ref-type="bibr" rid="ref23">23</xref>
        ][
        <xref ref-type="bibr" rid="ref24">24</xref>
        ]. The first phase involves the combination of several learning
algorithms. This can be achieved either by using different learning algorithms to form ‘heterogeneous’
base learners or by using the same learning algorithm to form ‘homogeneous’ base learners. The second
phase is ensemble integration, which involves integrating the base learner’s output to generate the final
output.
      </p>
      <p>
        The ensemble's performance is as good as the base learners, [
        <xref ref-type="bibr" rid="ref23">23</xref>
        ], which suggests that the base
learners should be as correct and diverse as possible. Diversity becomes a major issue when a single
learning algorithm is applied as a base learner, this can be attributed to the similarity of the learning
algorithm. Several techniques have been proposed to achieve diversity in the homogenous ensemble;
these include, but are not limited to, input data manipulation, feature subsets, and hyperparameter
tuning. On the other hand, diversity is not a major issue in the heterogeneous ensemble due to the
different structures of the base learners, which inform their learning process. Due to this advantage, this
research focused on the development of heterogeneous ensemble models. A systematic review study
done by [
        <xref ref-type="bibr" rid="ref24">24</xref>
        ] pointed out a great interest among researchers in the heterogeneous ensemble.
      </p>
      <p>
        The two major techniques used for the creation of heterogeneous ensembles are stacking and voting
[
        <xref ref-type="bibr" rid="ref10">10</xref>
        ][
        <xref ref-type="bibr" rid="ref24">24</xref>
        ]. This study focused on the development of a stacked ensemble due to its promising potential
for improving the efficiency and effectiveness of intrusion detection systems [
        <xref ref-type="bibr" rid="ref25">25</xref>
        ]. This paper integrated
extreme learning machine (ELM), support vector machine (SVM), and KNeighbors classifiers as base
learners and logistic regression as the meta-learning algorithm. Research shows that traditional machine
learning algorithms can achieve strong results. This research proves that classical machine learning
algorithms achieve high performance.
      </p>
      <p>The rest of the paper is organized as follows: Section 2 of the paper explains earlier works related
to the current research. Section 3 gives the proposed work, Section 4 describes the experiments, and
Section 5 gives the result discussions. Lastly, Section 6 concludes the paper with a discussion of the
contributions and prospects for future work.</p>
    </sec>
    <sec id="sec-2">
      <title>2. Related work</title>
      <p>
        According to [
        <xref ref-type="bibr" rid="ref26">26</xref>
        ], the construction of good ensemble classifiers is an area of interest to many
researchers. Several studies have been done on the integration of machine learning algorithms to
improve accuracy and reduce the false alarm rate of intrusion detection systems. This section focuses
on some of the existing works on this matter.
      </p>
      <p>
        The study by [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ], compared two hybrid ensemble techniques, namely, weighted voting-based
AdaBoost ensemble and stacking-based ensemble. The researchers adopted Random Forest as the base
learner in the weighted voting based AdaBoost ensemble, and the aggregation of the base learners was
done through the weight voting method. On the other hand, different learning algorithms were adopted
to develop the stacking-based ensemble. Evaluation of the model was done using the NSL-KDD and
UNSW-NB15 datasets. According to this study, both techniques had a better detection rate and accuracy
rate, with a low false alarm rate. In the future, the researcher proposed the development of a model for
big data. In a smiler approach [
        <xref ref-type="bibr" rid="ref25">25</xref>
        ], developed and analyzed the performance of different ensemble
techniques such as stacking, XGBoost, CatBoost, RF, and deep feature extraction techniques in the
detection of DDoS (distributed denial of service) attacks. The researchers concluded that stacking was
among the top-performing ensemble methods. The study proposed the inclusion of other deep learning
techniques in the future. In [
        <xref ref-type="bibr" rid="ref27">27</xref>
        ], researchers investigated the effectiveness of various anomaly intrusion
detection techniques in imbalanced datasets. One of the techniques applied in this study is the stacked
ensemble approach. On the stacked ensemble, the researchers used naïve bayes and OneR classifiers.
The models were evaluated using an up-to-date dataset known as the CIDDS-001 dataset. This
technique recorded an accuracy of 99.80%. The researchers strongly believe that the results of this study
cannot be generalized, and that further research can be done on different problems.
      </p>
      <p>
        Rajadurai and Gandhi [
        <xref ref-type="bibr" rid="ref11">11</xref>
        ] proposed the use of gradient boosting machine (GBM) and random forest
(RF) algorithms as the base classifiers in the development of a stacked ensemble intrusion detection
system for the wireless network. The motivation is that the existing individual classifiers are insufficient
for network protection. The model is evaluated using a publicly available dataset known as NSL-KDD.
The model had better performance compared to other models such as ANN (Artificial Neural Network),
CART, random forest, and SVM. The model can be evaluated using another form of the dataset to
verify its performance. In [
        <xref ref-type="bibr" rid="ref28">28</xref>
        ], several classification algorithms are stacked with support vector
machine (SVM) for the intrusion detection system. In many studies, SVM has been categorized as one
of the best classification algorithms. Despite these findings, the researchers conducted this study with
the aim of increasing its effectiveness. SVM is combined with different algorithms, such as BayesNet,
AdaBoost, Logistic, IBK, J48, RandomForest, JRip, OneR, and SimpleCart. to form the base learners.
When tested using the NSL-KDD_99 dataset, SVM and RF recorded the best accuracy of 97.50%,
which is above all other combinations, as well as individual SVM, which has an accuracy of 91.81%.
The study focused only on anomaly detection.
      </p>
      <p>
        Research done by [
        <xref ref-type="bibr" rid="ref29">29</xref>
        ] proposed adaBoost, bagging, and stacking ensemble techniques with different
feature selection techniques for intrusion detection. In the first phase of this work, the research applies
different feature extraction techniques such as Cfs, Chi-square, SU, Gain Ratio, Info Gain, and OneR
to reduce the number of features. The obtained optimal feature subset is used as input to the
abovementioned ensemble techniques. The results show that AdaBoost improves classification accuracy. In
the future, other classifiers can be adopted as base learners. The researchers [
        <xref ref-type="bibr" rid="ref30">30</xref>
        ], combined Ordering
Points to Identify the Clustering Structure (OPTICS) and ensemble learning for database intrusion
detection. All the database transactions are passed through OPTICS for clustering. The generated
outliers are passed through the ensemble models. The three ensemble methods applied in this study are
bagging, boosting, and stacking. The researchers adopted Naïve Bayes, Decision Tree (DT), Rule
Induction (RI), k-Nearest Neighbor (k-NN), and Radial Basis Function Network (RBFN) as base
classifiers. These classifiers were tested in different combinations as both base classifiers and meta
classifiers. According to the researchers, the adoption of RBFN as a meta-classifier and the rest as the
base classifiers in the staking ensemble had a better performance compared to all other ensembles. The
authors [
        <xref ref-type="bibr" rid="ref31">31</xref>
        ] compared the performance of boosting, bagging, and stacking. J48 and instance-based
knowledge (IBk) classifiers are used as the base learners, while the logistic regression algorithm is used
as a meta classifier. With J48 as the base classifier in the boosting ensemble, it proved to be the best
classification technique.
      </p>
      <p>
        The authors in [
        <xref ref-type="bibr" rid="ref32">32</xref>
        ] proposed the use of ensemble learners to be adopted as the base learners in the
development of a stacked ensemble for anomaly intrusion detection in a web environment. Some of the
proposed base learners are random forest, gradient boosting machines, and XGBoost. The model was
evaluated using different datasets, namely CSIC-2010v2, CICIDS-2017, NSL-KDD, and UNSWNB15.
According to the researchers, the model scored a good accuracy and false positive rate (FPR). The
researchers proposed the inclusion of more intrusion datasets and the adoption of multi-class
classification. Research by [
        <xref ref-type="bibr" rid="ref33">33</xref>
        ] proposed a semi supervised hierarchical stacking temporal
convolutional network (HS-TCN) for anomaly detection in an IoT environment. The researchers saw
that the hierarchical temporal convolutional network (H-TCN) had a weakness of poor labeling, which
affected the performance of the classifier. To solve this issue, the researchers proposed the integration
of H-TCN with the stacked ensemble. The main aim of the stacked ensemble is twofold: first, to assess
the unlabeled dataset, and second, to remove any outliers. The researchers reported that the model was
effective and efficient in anomaly detection in an IoT environment. In the future, the researchers
recommended an improved version of the model. In this study, the researchers proposed anomaly
intrusion detection in software-defined networks based on the stacked ensemble. In this study, NetFlow
was used for data collection in real time. On the other hand [
        <xref ref-type="bibr" rid="ref34">34</xref>
        ], the researchers applied IGR for feature
reduction. To develop the base learners, the researchers combined NB (Naive Bayes), GBT, random
forest, W-BayesNet, W-DecisionStump, and LG classifiers and adopted the W-BayesNet learner as the
meta classifier. According to the authors, the model had better performance compared to other existing
methods. The authors in [
        <xref ref-type="bibr" rid="ref35">35</xref>
        ] applied the principle of evolution for the selection of best base classifiers
in a stacked ensemble model for an intrusion detection system. In this work, the researchers applied a
different type of stacked ensemble referred to as StackingC which applies probability in the choice of
classifiers. Non-dominated Sorting Genetic Algorithm II (NSGA-II) was used in this study as the
evolutionary algorithm. The model was evaluated using a modern dataset known as the ISCX2012
dataset. The evolved ensemble performed better than individual classifiers, but the choice of best base
learners was dependent on the dataset. The researchers proposed further investigation on the idea of
base learners selection on the bases of the dataset.
      </p>
    </sec>
    <sec id="sec-3">
      <title>3. Proposed work</title>
      <p>With the existing hostile digital environment, single intrusion detection systems are not effective for
intrusion detection in IoT environments. To solve this problem, this work integrates several machine
algorithms using a stacked ensemble approach. The aim is to develop a superior intrusion detection
system by using the strength of single-machine algorithms.
3.1.</p>
    </sec>
    <sec id="sec-4">
      <title>Data Pre-Processing</title>
      <p>
        The TON_IoT network dataset, which holds 461,043 records, is used for the evaluation of the model
[
        <xref ref-type="bibr" rid="ref36">36</xref>
        ]. The dataset was adopted because it addresses the problems found in traditional intrusion detection
datasets such as KDD-99 and NSL-KDD, which are outdated. In addition, they don’t possess IoT sensor
data, hence making them ineffective for the evaluation of modern intrusion detection systems. The
researchers performed data cleaning by replacing missing values. Secondly, all categorical data was
converted into a numerical format. Finally, IP (Internet Protocol) addresses and ports were dropped as
per the suggestion made by [
        <xref ref-type="bibr" rid="ref37">37</xref>
        ].
3.2.
      </p>
    </sec>
    <sec id="sec-5">
      <title>Stacked ensemble technique</title>
      <p>
        Stacking ensemble is a machine learning technique that aims to combine different machine
algorithms to boost their performance. This approach combines different machine learning algorithms
as base learners, which improves generalization. The meta-learner finds the best way of dealing with
the predictions from the base learners. The base learners are trained using the original training dataset.
In this study, extreme learning machine (ELM), support vector machine (SVM), and K-neighbor
classifiers will be used as the base learners, while logistic regression (LR) will be the meta-learner for
classification using the predictions of the base learners, as shown in figure 1. The aim of the base
learners is to perform the first predictions and produce a new set of data from the dataset. The goal of
the meta-learner is to perform the final prediction using the output from the base learners. Algorithm 1
presents the pseudocode for the stacked ensemble with K-cross validation. The performance-stacked
ensemble algorithm is as good as its individual algorithms. ELM was selected due to its proven
classification performance. ELM is a single feed-forward neural network that was first proposed by
Huang et al. in 2004 [
        <xref ref-type="bibr" rid="ref38">38</xref>
        ]. ELM has a fast-learning ability compared to other gradient-based algorithms.
In addition, ELM has better generalization ability compared to other neural network algorithms [
        <xref ref-type="bibr" rid="ref39">39</xref>
        ].
SVM is a supervised classification algorithm widely used to solve problems in different fields, including
intrusion detection. The major advantage of SVM is its generalization capability, even in
highdimensional datasets. In addition, SVM possesses the ability to handle high-dimensional datasets with
low computational requirements [
        <xref ref-type="bibr" rid="ref40">40</xref>
        ]. Stacked ensemble methods are known to have high
computational requirements if not professionally managed. KNN is regarded as one of the simplest
supervised machine learning algorithms. The idea behind KNN is the assumption that similar things are
found near each other. Training samples that are closely related are grouped together and marked as
nearest neighbors." The new points are compared to the marked labels of K neighbors to be classified
using majority voting. LR, on the other hand, is a machine-learning algorithm extensively used in binary
classification [
        <xref ref-type="bibr" rid="ref41">41</xref>
        ]. This study applied LR to classify the dataset as either normal or malicious.
Algorithm 1. Stacked Ensemble with K-cross validation.
1: Inputs: Training Dataset D:(x1,y1), (x2,y2),…… (xk,yk) with Features f1,f2,……fk
2: Perform dataset preprocessing
3: Perform cross-validation on the training Dataset D: {D1, D2, D3…. …Dk}
4: Set the stacked ensemble
5: Base learners
6: Meta-learner
      </p>
      <sec id="sec-5-1">
        <title>8: For each base learner get the prediction to form the new dataset:  ̂</title>
      </sec>
      <sec id="sec-5-2">
        <title>9: Apply the new Dataset  ̂ into the meta-learner for classification</title>
        <p>10: Output: normal or attack
11: End procedure</p>
      </sec>
    </sec>
    <sec id="sec-6">
      <title>4. Experiments 4.1.</title>
    </sec>
    <sec id="sec-7">
      <title>Experimental Setup</title>
      <p>This section presents the experimental implementation and significant results evaluations.</p>
      <p>After data preprocessing, the training dataset was divided into 10-fold cross-validation to train the
base learners. This is done to avoid overfitting the model. This procedure involves splitting the training
dataset into 10 equal groups. One-fold can be used for validation, and the model is fit on the remaining
k-1 folds.</p>
      <p>In this study, we adopted a grid search approach for hyperparameter tuning. Grid search is a
technique that tries to find the best values of machine learning algorithms. It applies an exhaustive
search to specific values of the algorithm. In this study, the goal was to get the best values of the
parameters for each of the algorithms, as shown in Table 1.</p>
      <p>Table. 1
hyperparameter tuning.</p>
      <p>Algorithm Parameter
KNN n_neighbors
SVM max_iter
ELM n_hidden
LR C</p>
      <p>
        To achieve the above, we used the following code:
params = {'knn__n_neighbors': [
        <xref ref-type="bibr" rid="ref11 ref19 ref25 ref3 ref5">3,5,11,19,25</xref>
        ],
'svm__max_iter': list(range(10, 100,1000)),
'elm__n_hidden': list(range(100,200,300)),
      </p>
      <p>'final_estimator__C': [0.1, 10.0]}
The results were as follows for each parameter:
{'final_estimator__C': 0.1, 'knn__n_neighbors': 3, 'elm__n_hidden': 100, 'svm__max_iter': 10}
4.2.</p>
    </sec>
    <sec id="sec-8">
      <title>Performance Measure Indices</title>
      <p>The metrics used to test the performance of the classifier were accuracy, precision, and recall. These
four metrics are derived from five parameters: the true positive (TP), false positive (FP), false negative
(FN), and true negative (TN) rates:



 1 =
( 2
=
=
=
( 
( 
(2
+ 
(
+ 
( 
( )</p>
      <p>+  )
( )
+   )
)
+  )
+  )
+</p>
      <p>+  )
(2)
(3)
(4)</p>
    </sec>
    <sec id="sec-9">
      <title>5. Results and Discussion</title>
      <p>The researchers evaluated the performance of a stacked ensemble without hyperparameter tuning. The
model had a constant performance of 94% across all the measured metrics, namely: accuracy, precision,
recall, and F1-score, as shown in Fig 2.</p>
      <p>The model had better performance with hyperparameter tuning compared to the single algorithms and
the stacked ensemble without hyperparameter tuning. The tuned stacked ensemble scored 96% across
all the measured metrics, as shown in Fig 3.</p>
      <p>Accuracy</p>
      <p>Precision</p>
      <p>Recall</p>
      <p>F1- score</p>
    </sec>
    <sec id="sec-10">
      <title>6. Conclusion</title>
      <p>This study has explored the use of a stacked ensemble approach to combine multiple classifiers, i.e.,
extreme learning machine (ELM), support vector machine (SVM), K-neighbors, and logistic regression
(LR), for intrusion detection in IoT devices. To prove the effectiveness and efficiency of the proposed
model, we tested it using up-to-date IDS datasets, namely the TON_IoT network dataset. Unlike the
traditional stacking technique that usually considers weak individual classification algorithms, our
proposed model is built based on a combination of strong classifier ensembles that work as base
learners. To build the best machine learning algorithms, each learner undergoes hyperparameter tuning
using the grid search approach. Our proposed approach yields better detection performance in terms of
accuracy, precision, recall, and the F1- score measure. This study has several limitations, such as the
use of one evaluation dataset, and focus on only one hyperparameter tuning. In the future, these areas
can be further investigated for further improvement of the IDS.</p>
    </sec>
    <sec id="sec-11">
      <title>Acknowledgements</title>
      <p>This research is partially supported by the South African National Research Foundation (Grant Nos.
132797 and 137951), the South African National Research Foundation incentive grant (No. 114911),
and the South African Eskom Tertiary Education Support Programme.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [1]
          <string-name>
            <given-names>A.</given-names>
            <surname>Abbas</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.A.</given-names>
            <surname>Khan</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Latif</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Ajaz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.A.</given-names>
            <surname>Shah</surname>
          </string-name>
          , &amp; J.
          <string-name>
            <surname>Ahmad</surname>
          </string-name>
          ,
          <article-title>A New Ensemble-Based Intrusion Detection System for Internet of Things</article-title>
          .
          <source>Arabian Journal for Science and Engineering</source>
          ,
          <volume>47</volume>
          (
          <issue>2</issue>
          ) (
          <year>2022</year>
          )
          <fpage>1805</fpage>
          -
          <lpage>1819</lpage>
          . doi:
          <volume>10</volume>
          .1007/s13369-021-06086-5.
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>O. I.</given-names>
            <surname>Abiodun</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E.O.</given-names>
            <surname>Abiodun</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Alawida</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R. S.</given-names>
            <surname>Alkhawaldeh</surname>
          </string-name>
          , &amp; H.
          <string-name>
            <surname>Arshad</surname>
            ,
            <given-names>A</given-names>
          </string-name>
          <article-title>Review on the Security of the Internet of Things: Challenges and Solutions</article-title>
          . In Wireless Personal Communications Vol.
          <volume>119</volume>
          ,
          <issue>Issue 3</issue>
          (
          <year>2021</year>
          ).
          <source>doi:10.1007/s11277-021-08348-9.</source>
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          [3]
          <string-name>
            <surname>International</surname>
            <given-names>Data Corporation.</given-names>
          </string-name>
          (
          <year>2019</year>
          ).
          <article-title>The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast</article-title>
          .
          <source>Retrieved October 06</source>
          ,
          <year>2020</year>
          , from https ://www.idc.com/getdo c.
          <source>jsp?conta inerI d=prUS4 52132 19.</source>
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [4]
          <string-name>
            <given-names>M.</given-names>
            <surname>El-Hajj</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Fadlallah</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Chamoun</surname>
          </string-name>
          , &amp; A.
          <string-name>
            <surname>Serhrouchni</surname>
          </string-name>
          ,
          <article-title>A survey of internet of things (IoT) authentication schemes</article-title>
          ,
          <source>Sensors (Switzerland)</source>
          ,
          <volume>19</volume>
          (
          <issue>5</issue>
          ), (
          <year>2019</year>
          ). doi:
          <volume>10</volume>
          .3390/S19051141.
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          <article-title>[5] IoT innovative report</article-title>
          .
          <source>Deloitte</source>
          ,
          <year>2018</year>
          . URL: https:// www2. deloi tte. com/ conte nt/ dam/ Deloi tte/ de/ Docum ents/Innov ation/ Internet- of- Things- Innov
          <string-name>
            <surname>ation- Report-</surname>
          </string-name>
          2018- Deloi tte.pdf.
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [6]
          <string-name>
            <given-names>S.</given-names>
            <surname>Zafar</surname>
          </string-name>
          ,
          <string-name>
            <surname>K. M. Bhatti</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          <string-name>
            <surname>Shabbir</surname>
            ,
            <given-names>F.</given-names>
          </string-name>
          <string-name>
            <surname>Hashmat</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>A. H. Akbar</surname>
          </string-name>
          ,
          <article-title>Integration of blockchain and Internet of Things: challenges and solutions</article-title>
          ,
          <source>Annales Des Telecommunications/Annals of Telecommunications</source>
          ,
          <volume>77</volume>
          (
          <issue>1-2</issue>
          ) (
          <year>2022</year>
          )
          <fpage>13</fpage>
          -
          <lpage>32</lpage>
          . doi:
          <volume>10</volume>
          .1007/s12243-021-00858-8.
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [7]
          <string-name>
            <given-names>J.</given-names>
            <surname>Deogirikar</surname>
          </string-name>
          &amp;
          <string-name>
            <surname>A. Vidhate</surname>
          </string-name>
          ,
          <article-title>Security attacks in IoT: A survey, In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC</article-title>
          ),
          <year>2017</year>
          , pp.
          <fpage>32</fpage>
          -
          <lpage>37</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [8]
          <string-name>
            <given-names>B.</given-names>
            <surname>Gopalakrishnan</surname>
          </string-name>
          , &amp; P.
          <string-name>
            <surname>Purusothaman</surname>
          </string-name>
          ,
          <article-title>A new design of intrusion detection in IoT sector using optimal feature selection and high ranking-based ensemble learning model</article-title>
          , Peer-to-
          <source>Peer Networking and Applications</source>
          ,
          <volume>15</volume>
          (
          <issue>5</issue>
          ), (
          <year>2022</year>
          ),
          <fpage>2199</fpage>
          -
          <lpage>2226</lpage>
          . doi:
          <volume>10</volume>
          .1007/s12083-022-01336-1.
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [9]
          <string-name>
            <given-names>R.</given-names>
            <surname>Malik</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Singh</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z. A.</given-names>
            <surname>Sheikh</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Anand</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P. K.</given-names>
            <surname>Singh</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>T. C. Workneh</surname>
          </string-name>
          ,
          <article-title>An Improved Deep Belief Network IDS on IoT-Based Network for Traffic Systems</article-title>
          ,
          <source>Journal of Advanced Transportation</source>
          (
          <year>2022</year>
          )
          <article-title>17</article-title>
          . doi:
          <volume>10</volume>
          .1155/
          <year>2022</year>
          /7892130.
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [10]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Shen</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Zheng</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Wu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Zhang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>X.</given-names>
            <surname>Niu</surname>
          </string-name>
          , &amp; Y.
          <string-name>
            <surname>Yang</surname>
          </string-name>
          ,
          <article-title>An Ensemble Method based on Selection Using Bat Algorithm for Intrusion Detection</article-title>
          ,
          <source>Computer Journal</source>
          ,
          <volume>61</volume>
          (
          <issue>4</issue>
          ) (
          <year>2018</year>
          )
          <fpage>526</fpage>
          -
          <lpage>538</lpage>
          . doi:
          <volume>10</volume>
          .1093/comjnl/bxx101.
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          [11]
          <string-name>
            <given-names>H.</given-names>
            <surname>Rajadurai</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>U. D. Gandhi</surname>
          </string-name>
          ,
          <article-title>A stacked ensemble learning model for intrusion detection in wireless network</article-title>
          ,
          <source>Neural Computing and Applications</source>
          ,
          <volume>34</volume>
          (
          <issue>18</issue>
          ) (
          <year>2022</year>
          )
          <fpage>15387</fpage>
          -
          <lpage>15395</lpage>
          .doi:
          <volume>10</volume>
          .1007/s00521-020-04986-5.
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          [12]
          <string-name>
            <given-names>G.</given-names>
            <surname>Kaur</surname>
          </string-name>
          ,
          <article-title>A comparison of two hybrid ensemble techniques for network anomaly detection in spark distributed environment</article-title>
          ,
          <source>Journal of Information Security and Applications</source>
          ,
          <volume>55</volume>
          (September) (
          <year>2020</year>
          )
          <article-title>102601</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.jisa.
          <year>2020</year>
          .
          <volume>102601</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          [13]
          <string-name>
            <given-names>O.</given-names>
            <surname>Sagi</surname>
          </string-name>
          , &amp; L.
          <string-name>
            <surname>Rokach</surname>
          </string-name>
          ,
          <article-title>Ensemble learning: A survey</article-title>
          .
          <source>Wiley Interdisciplinary Reviews, Data Mining and Knowledge Discovery</source>
          ,
          <volume>8</volume>
          (
          <issue>4</issue>
          ) (
          <year>2018</year>
          )
          <fpage>1</fpage>
          -
          <lpage>19</lpage>
          . doi:
          <volume>10</volume>
          .1002/widm.1249.
        </mixed-citation>
      </ref>
      <ref id="ref14">
        <mixed-citation>
          [14]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Zhou</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T. A.</given-names>
            <surname>Mazzuchi</surname>
          </string-name>
          &amp; S. Sarkani,
          <article-title>M-AdaBoost-A based ensemble system for network intrusion detection</article-title>
          ,
          <source>Expert Systems with Applications</source>
          ,
          <volume>162</volume>
          (
          <year>August</year>
          ) (
          <year>2020</year>
          )
          <article-title>113864</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.eswa.
          <year>2020</year>
          .
          <volume>113864</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref15">
        <mixed-citation>
          [15]
          <string-name>
            <given-names>L. K.</given-names>
            <surname>Hansen</surname>
          </string-name>
          and
          <string-name>
            <given-names>P.</given-names>
            <surname>Salamon</surname>
          </string-name>
          ,
          <article-title>"Neural network ensembles,"</article-title>
          <source>in IEEE Transactions on Pattern Analysis and Machine Intelligence</source>
          , vol.
          <volume>12</volume>
          , no.
          <issue>10</issue>
          , (Oct.
          <year>1990</year>
          ) pp.
          <fpage>993</fpage>
          -
          <lpage>1001</lpage>
          . doi:
          <volume>10</volume>
          .1109/34.58871.
        </mixed-citation>
      </ref>
      <ref id="ref16">
        <mixed-citation>
          [16]
          <string-name>
            <given-names>M.</given-names>
            <surname>Choras</surname>
          </string-name>
          , Ear Biometrics. In: Li,
          <string-name>
            <given-names>S.Z.</given-names>
            ,
            <surname>Jain</surname>
          </string-name>
          , A.K. (eds) Encyclopedia of Biometrics, Springer, Boston, MA (
          <year>2015</year>
          ). doi:
          <volume>10</volume>
          .1007/978-1-
          <fpage>4899</fpage>
          -7488-4_
          <fpage>173</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref17">
        <mixed-citation>
          [17]
          <string-name>
            <given-names>M.</given-names>
            <surname>Singh</surname>
          </string-name>
          , &amp;
          <string-name>
            <given-names>S.</given-names>
            <surname>Chauhan</surname>
          </string-name>
          ,
          <article-title>A hybrid-extreme learning machine-based ensemble method for online dynamic security assessment of power systems</article-title>
          ,
          <source>Electric Power Systems Research</source>
          ,
          <volume>214</volume>
          (PB) (
          <year>2023</year>
          )
          <article-title>108923</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.epsr.
          <year>2022</year>
          .
          <volume>108923</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref18">
        <mixed-citation>
          [18]
          <string-name>
            <given-names>M.</given-names>
            <surname>Panthi</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>T. Kanti Das</surname>
          </string-name>
          ,
          <article-title>Intelligent Intrusion Detection Scheme for Smart Power-Grid Using Optimized Ensemble Learning on Selected Features</article-title>
          ,
          <source>International Journal of Critical Infrastructure Protection</source>
          ,
          <volume>39</volume>
          (
          <year>2022</year>
          )
          <article-title>100567</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.ijcip.
          <year>2022</year>
          .
          <volume>100567</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref19">
        <mixed-citation>
          [19]
          <string-name>
            <given-names>S.</given-names>
            <surname>Panda</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Mishra</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M. N.</given-names>
            <surname>Mohanty</surname>
          </string-name>
          , &amp; S. Satapathy,
          <article-title>Seizure detection using integrated metaheuristic algorithm based ensemble extreme learning machine</article-title>
          ,
          <source>Measurement: Sensors</source>
          <volume>25</volume>
          (
          <year>2023</year>
          )
          <fpage>100617</fpage>
          . Doi:
          <volume>10</volume>
          .1016/j.measen.
          <year>2022</year>
          .
          <volume>100617</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref20">
        <mixed-citation>
          [20]
          <string-name>
            <given-names>O.</given-names>
            <surname>Bukhari</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Agarwal</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Koundal</surname>
          </string-name>
          , &amp; S. Zafar,
          <article-title>Anomaly detection using ensemble techniques for boosting the security of intrusion detection system</article-title>
          ,
          <source>Procedia Computer Science</source>
          ,
          <volume>218</volume>
          (
          <year>2023</year>
          )
          <fpage>1003</fpage>
          -
          <lpage>1013</lpage>
          . doi:
          <volume>10</volume>
          .1016/j.procs.
          <year>2023</year>
          .
          <volume>01</volume>
          .080.
        </mixed-citation>
      </ref>
      <ref id="ref21">
        <mixed-citation>
          [21]
          <string-name>
            <surname>C. A. de Souza</surname>
          </string-name>
          , C. B.
          <string-name>
            <surname>Westphall</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>R. B. Machado</surname>
          </string-name>
          ,
          <article-title>Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments</article-title>
          ,
          <source>Computers and Electrical Engineering</source>
          ,
          <volume>98</volume>
          (
          <year>2022</year>
          )
          <article-title>107694</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.compeleceng.
          <year>2022</year>
          .
          <volume>107694</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref22">
        <mixed-citation>
          [22]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Yang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Lv</surname>
          </string-name>
          , &amp; N.
          <string-name>
            <surname>Chen</surname>
            ,
            <given-names>A</given-names>
          </string-name>
          <article-title>Survey on ensemble learning under the era of deep learning</article-title>
          .
          <source>Artificial Intelligence Review</source>
          (
          <year>2022</year>
          ).
          <source>doi:10.1007/s10462-022-10283-5.</source>
        </mixed-citation>
      </ref>
      <ref id="ref23">
        <mixed-citation>
          [23]
          <string-name>
            <surname>Z-H. Zhou</surname>
          </string-name>
          , Ensemble Learning.
          <source>Encyclopedia of Biometrics</source>
          , (
          <year>2009</year>
          )
          <fpage>270</fpage>
          -
          <lpage>273</lpage>
          . doi:
          <volume>10</volume>
          .1007/978- 0-
          <fpage>387</fpage>
          -73003-5_
          <fpage>293</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref24">
        <mixed-citation>
          [24]
          <string-name>
            <given-names>B. A.</given-names>
            <surname>Tama</surname>
          </string-name>
          , &amp; S. Lim,
          <article-title>Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation</article-title>
          , Computer Science Review,
          <volume>39</volume>
          (
          <year>2021</year>
          )
          <article-title>100357</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.cosrev.
          <year>2020</year>
          .
          <volume>100357</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref25">
        <mixed-citation>
          [25]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Gormez</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Aydin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Karademir</surname>
          </string-name>
          , &amp; V.
          <string-name>
            <surname>C. Gungor</surname>
          </string-name>
          ,
          <article-title>A deep learning approach with Bayesian optimization and ensemble classifiers for detecting denial of service attacks</article-title>
          ,
          <source>International Journal of Communication Systems</source>
          ,
          <volume>33</volume>
          (
          <issue>11</issue>
          ) (
          <year>2020</year>
          )
          <fpage>1</fpage>
          -
          <lpage>16</lpage>
          . doi:
          <volume>10</volume>
          .1002/dac.4401.
        </mixed-citation>
      </ref>
      <ref id="ref26">
        <mixed-citation>
          [26]
          <string-name>
            <given-names>T. G.</given-names>
            <surname>Dietterich</surname>
          </string-name>
          ,
          <article-title>Ensemble Methods in Machine Learning</article-title>
          .
          <source>In: Multiple Classifier Systems. vol 1857 of Lecture Notes in Computer Science</source>
          , Springer, Berlin, Heidelberg,
          <year>2000</year>
          . doi:
          <volume>10</volume>
          .1007/3- 540-45014-
          <issue>9</issue>
          _
          <fpage>1</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref27">
        <mixed-citation>
          [27]
          <string-name>
            <given-names>R.</given-names>
            <surname>Abdulhammed</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Faezipour</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Abuzneid</surname>
          </string-name>
          &amp;
          <string-name>
            <surname>A. Abumallouh</surname>
          </string-name>
          ,
          <article-title>Deep and Machine Learning Approaches for Anomaly-Based Intrusion Detection of Imbalanced Network Traffic</article-title>
          ,
          <source>IEEE Sensors Letters</source>
          ,
          <volume>3</volume>
          (
          <issue>1</issue>
          ) (
          <year>2019</year>
          )
          <fpage>2</fpage>
          -
          <lpage>5</lpage>
          . doi:
          <volume>10</volume>
          .1109/LSENS.
          <year>2018</year>
          .
          <volume>2879990</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref28">
        <mixed-citation>
          [28]
          <string-name>
            <given-names>N.</given-names>
            <surname>Chand</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Mishra</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C. R.</given-names>
            <surname>Krishna</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E. S.</given-names>
            <surname>Pilli</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>M. C. Govil</surname>
          </string-name>
          ,
          <article-title>A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection</article-title>
          ,
          <source>in: Proceedings - 2016 International Conference on Advances in Computing, Communication and Automation</source>
          ,
          <string-name>
            <surname>ICACCA</surname>
          </string-name>
          <year>2016</year>
          . doi:
          <volume>10</volume>
          .1109/ICACCA.
          <year>2016</year>
          .
          <volume>7578859</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref29">
        <mixed-citation>
          [29]
          <string-name>
            <given-names>H. P.</given-names>
            <surname>Vinutha</surname>
          </string-name>
          &amp; B.
          <string-name>
            <surname>Poornima</surname>
          </string-name>
          ,
          <article-title>An ensemble classifier approach on different feature selection methods for intrusion detection</article-title>
          ,
          <source>In Advances in Intelligent Systems and Computing</source>
          Vol.
          <volume>672</volume>
          2018. doi:
          <volume>10</volume>
          .1007/
          <fpage>978</fpage>
          -981-10-7512-4_
          <fpage>44</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref30">
        <mixed-citation>
          [30]
          <string-name>
            <given-names>S.</given-names>
            <surname>Subudhi</surname>
          </string-name>
          , &amp; S. Panigrahi,
          <article-title>Application of OPTICS and ensemble learning for Database Intrusion Detection</article-title>
          .
          <source>Journal of King</source>
          Saud University - Computer and Information Sciences,
          <volume>34</volume>
          (
          <issue>3</issue>
          ) (
          <year>2022</year>
          )
          <fpage>972</fpage>
          -
          <lpage>981</lpage>
          . doi:
          <volume>10</volume>
          .1016/j.jksuci.
          <year>2019</year>
          .
          <volume>05</volume>
          .001.
        </mixed-citation>
      </ref>
      <ref id="ref31">
        <mixed-citation>
          [31]
          <string-name>
            <given-names>S.</given-names>
            <surname>Choudhury</surname>
          </string-name>
          , &amp; A.
          <string-name>
            <surname>Bhowal</surname>
          </string-name>
          ,
          <article-title>Comparative Analysis of Machine Learning Algorithms along with Classifiers for AF Detection using a Scale, 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), Vel Tech Rangarajan Dr</article-title>
          .
          <string-name>
            <surname>Sagunthala R&amp;D Institute</surname>
            of Science and Technology, Chennai,
            <given-names>T.N.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>India</surname>
          </string-name>
          .,
          <year>2015</year>
          , pp.
          <fpage>89</fpage>
          -
          <lpage>95</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref32">
        <mixed-citation>
          [32]
          <string-name>
            <given-names>B. A.</given-names>
            <surname>Tama</surname>
          </string-name>
          ,
          <string-name>
            <given-names>L.</given-names>
            <surname>Nkenyereye</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S. M. R.</given-names>
            <surname>Islam</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>K. S. Kwak</surname>
          </string-name>
          ,
          <article-title>An enhanced anomaly detection in web traffic using a stack of classifier ensemble</article-title>
          .
          <source>IEEE Access</source>
          ,
          <volume>8</volume>
          (
          <year>2020</year>
          )
          <fpage>24120</fpage>
          -
          <lpage>24134</lpage>
          . doi:
          <volume>10</volume>
          .1109/ACCESS.
          <year>2020</year>
          .
          <volume>2969428</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref33">
        <mixed-citation>
          [33] Y. Cheng, Y. Xu,
          <string-name>
            <given-names>H.</given-names>
            <surname>Zhong</surname>
          </string-name>
          , &amp; Y. Liu,
          <article-title>Leveraging Semisupervised Hierarchical Stacking Temporal Convolutional Network for Anomaly Detection in IoT Communication</article-title>
          .
          <source>IEEE Internet of Things Journal</source>
          ,
          <volume>8</volume>
          (
          <issue>1</issue>
          ) (
          <year>2021</year>
          )
          <fpage>144</fpage>
          -
          <lpage>155</lpage>
          . doi:
          <volume>10</volume>
          .1109/JIOT.
          <year>2020</year>
          .
          <volume>3000771</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref34">
        <mixed-citation>
          [34]
          <string-name>
            <given-names>T.</given-names>
            <surname>Jafarian</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Masdari</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Ghaffari</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>K. Majidzadeh</surname>
          </string-name>
          ,
          <article-title>Security anomaly detection in softwaredefined networking based on a prediction technique</article-title>
          ,
          <source>International Journal of Communication Systems</source>
          ,
          <volume>33</volume>
          (
          <issue>14</issue>
          ) (
          <year>2020</year>
          )
          <fpage>1</fpage>
          -
          <lpage>23</lpage>
          . doi:
          <volume>10</volume>
          .1002/dac.4524.
        </mixed-citation>
      </ref>
      <ref id="ref35">
        <mixed-citation>
          [35]
          <string-name>
            <given-names>M.</given-names>
            <surname>Milliken</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Bi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>L.</given-names>
            <surname>Galway</surname>
          </string-name>
          , &amp; G.
          <article-title>Hawe, Multi-objective optimization of base classifiers in StackingC by NSGA-II for intrusion detection</article-title>
          ,
          <source>2016 IEEE Symposium Series on Computational Intelligence</source>
          ,
          <string-name>
            <surname>SSCI</surname>
          </string-name>
          <year>2016</year>
          ,
          <year>2017</year>
          , pp.
          <fpage>8</fpage>
          -
          <lpage>15</lpage>
          . doi:
          <volume>10</volume>
          .1109/SSCI.
          <year>2016</year>
          .
          <volume>7849977</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref36">
        <mixed-citation>
          [36]
          <string-name>
            <given-names>N.</given-names>
            <surname>Moustafa</surname>
          </string-name>
          ,
          <source>The TON_IoT Datasets</source>
          ,
          <year>2020</year>
          . URL:https://www.unsw.adfa.edu.au/unsw-canberracyber/cyberse%0Acurity/
          <article-title>ADFA-ton-iot-</article-title>
          <string-name>
            <surname>Datasets</surname>
          </string-name>
          /
        </mixed-citation>
      </ref>
      <ref id="ref37">
        <mixed-citation>
          [37]
          <string-name>
            <given-names>N.</given-names>
            <surname>Moustafa</surname>
          </string-name>
          ,
          <article-title>A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets</article-title>
          .
          <source>Sustainable Cities and Society</source>
          ,
          <volume>72</volume>
          (
          <year>2021</year>
          )
          <article-title>102994</article-title>
          . https://doi.org/10.1016/j.scs.
          <year>2021</year>
          .102994
        </mixed-citation>
      </ref>
      <ref id="ref38">
        <mixed-citation>
          [38]
          <string-name>
            <surname>Huang</surname>
            ,
            <given-names>G.</given-names>
          </string-name>
          <string-name>
            <surname>Bin</surname>
            , Zhu,
            <given-names>Q. Y.</given-names>
          </string-name>
          , &amp;
          <string-name>
            <surname>C. K. Siew</surname>
          </string-name>
          ,
          <article-title>Extreme learning machine: A new learning scheme of feedforward neural networks</article-title>
          .
          <source>IEEE International Conference on Neural Networks - Conference Proceedings, 2</source>
          ,
          <year>2004</year>
          , pp.
          <fpage>985</fpage>
          -
          <lpage>990</lpage>
          . doi:
          <volume>10</volume>
          .1109/IJCNN.
          <year>2004</year>
          .
          <volume>1380068</volume>
          . 38
        </mixed-citation>
      </ref>
      <ref id="ref39">
        <mixed-citation>
          [39]
          <string-name>
            <given-names>A.</given-names>
            <surname>Alharbi</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>M. Alghahtani</surname>
          </string-name>
          ,
          <article-title>Using genetic algorithm and ELM neural networks for feature extraction and classification of type 2-diabetes mellitus</article-title>
          ,
          <source>Applied Artificial Intelligence</source>
          ,
          <volume>33</volume>
          (
          <issue>4</issue>
          ) (
          <year>2019</year>
          )
          <fpage>311</fpage>
          -
          <lpage>328</lpage>
          . doi:
          <volume>10</volume>
          .1080/08839514.
          <year>2018</year>
          .
          <volume>1560545</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref40">
        <mixed-citation>
          [40]
          <string-name>
            <given-names>C. C.</given-names>
            <surname>Chang</surname>
          </string-name>
          , &amp;
          <string-name>
            <surname>C. J. Lin</surname>
          </string-name>
          ,
          <article-title>LIBSVM: A Library for support vector machines</article-title>
          .
          <source>ACM Transactions on Intelligent Systems and Technology</source>
          ,
          <volume>2</volume>
          (
          <issue>3</issue>
          )
          <year>2011</year>
          . doi:
          <volume>10</volume>
          .1145/1961189.1961199.
        </mixed-citation>
      </ref>
      <ref id="ref41">
        <mixed-citation>
          [41]
          <string-name>
            <surname>M. M. S. Raihan</surname>
            ,
            <given-names>A. B.</given-names>
          </string-name>
          <string-name>
            <surname>Shams &amp; R. B. Preo</surname>
          </string-name>
          ,
          <string-name>
            <surname>Multi-Class Electrogastrogram</surname>
          </string-name>
          (
          <article-title>EGG) Signal Classification Using Machine Learning Algorithms</article-title>
          .
          <source>ICCIT 2020 - 23rd International Conference on Computer and Information Technology, Proceedings</source>
          ,
          <year>2020</year>
          , pp.
          <fpage>19</fpage>
          -
          <lpage>21</lpage>
          . doi:
          <volume>10</volume>
          .1109/ICCIT51783.
          <year>2020</year>
          .
          <volume>9392695</volume>
          .
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>