Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things
With the widespread deployment of Internet of Things (IoT) devices, their complex network environments and open communication modes have made them prime targets for cyberattacks. Traditional Intrusion Detection Systems (IDS) face challenges in handling complex attack types, data imbalance, and featu...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-04-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/25/9/2725 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850155340004327424 |
|---|---|
| author | Chunhui Zhang Jian Li Naile Wang Dejun Zhang |
| author_facet | Chunhui Zhang Jian Li Naile Wang Dejun Zhang |
| author_sort | Chunhui Zhang |
| collection | DOAJ |
| description | With the widespread deployment of Internet of Things (IoT) devices, their complex network environments and open communication modes have made them prime targets for cyberattacks. Traditional Intrusion Detection Systems (IDS) face challenges in handling complex attack types, data imbalance, and feature extraction difficulties in IoT environments. Accurately detecting abnormal traffic in IoT has become increasingly critical. To address the limitation of single models in comprehensively capturing the diverse features of IoT traffic, this paper proposes a hybrid model based on CNN-BiLSTM-Transformer, which better handles complex features and long-sequence dependencies in intrusion detection. To address the issue of data class imbalance, the Borderline-SMOTE method is introduced to enhance the model’s ability to recognize minority class attack samples. To tackle the problem of redundant features in the original dataset, a comprehensive feature selection strategy combining XGBoost, Chi-square (Chi2), and Mutual Information is adopted to ensure the model focuses on the most discriminative features. Experimental validation demonstrates that the proposed method achieves 99.80% accuracy on the CIC-IDS 2017 dataset and 97.95% accuracy on the BoT-IoT dataset, significantly outperforming traditional intrusion detection methods, proving its efficiency and accuracy in detecting abnormal traffic in IoT environments. |
| format | Article |
| id | doaj-art-3c2c4fefc1624811b7343a792d20ab2c |
| institution | OA Journals |
| issn | 1424-8220 |
| language | English |
| publishDate | 2025-04-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj-art-3c2c4fefc1624811b7343a792d20ab2c2025-08-20T02:24:58ZengMDPI AGSensors1424-82202025-04-01259272510.3390/s25092725Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of ThingsChunhui Zhang0Jian Li1Naile Wang2Dejun Zhang3School of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Post and Telecommunications, Beijing 100876, ChinaWith the widespread deployment of Internet of Things (IoT) devices, their complex network environments and open communication modes have made them prime targets for cyberattacks. Traditional Intrusion Detection Systems (IDS) face challenges in handling complex attack types, data imbalance, and feature extraction difficulties in IoT environments. Accurately detecting abnormal traffic in IoT has become increasingly critical. To address the limitation of single models in comprehensively capturing the diverse features of IoT traffic, this paper proposes a hybrid model based on CNN-BiLSTM-Transformer, which better handles complex features and long-sequence dependencies in intrusion detection. To address the issue of data class imbalance, the Borderline-SMOTE method is introduced to enhance the model’s ability to recognize minority class attack samples. To tackle the problem of redundant features in the original dataset, a comprehensive feature selection strategy combining XGBoost, Chi-square (Chi2), and Mutual Information is adopted to ensure the model focuses on the most discriminative features. Experimental validation demonstrates that the proposed method achieves 99.80% accuracy on the CIC-IDS 2017 dataset and 97.95% accuracy on the BoT-IoT dataset, significantly outperforming traditional intrusion detection methods, proving its efficiency and accuracy in detecting abnormal traffic in IoT environments.https://www.mdpi.com/1424-8220/25/9/2725IoT securityintrusion detectiondeep learningdata imbalancefeature selection |
| spellingShingle | Chunhui Zhang Jian Li Naile Wang Dejun Zhang Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things Sensors IoT security intrusion detection deep learning data imbalance feature selection |
| title | Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things |
| title_full | Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things |
| title_fullStr | Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things |
| title_full_unstemmed | Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things |
| title_short | Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things |
| title_sort | research on intrusion detection method based on transformer and cnn bilstm in internet of things |
| topic | IoT security intrusion detection deep learning data imbalance feature selection |
| url | https://www.mdpi.com/1424-8220/25/9/2725 |
| work_keys_str_mv | AT chunhuizhang researchonintrusiondetectionmethodbasedontransformerandcnnbilstmininternetofthings AT jianli researchonintrusiondetectionmethodbasedontransformerandcnnbilstmininternetofthings AT nailewang researchonintrusiondetectionmethodbasedontransformerandcnnbilstmininternetofthings AT dejunzhang researchonintrusiondetectionmethodbasedontransformerandcnnbilstmininternetofthings |