Isolation Forest-Based Anomaly Detection in IoT Smart Home Network Traffic


Ahmad Luthfi(1*); Emigawaty Emigawaty(2);

(1) Universitas Islam Indonesia
(2) Universitas Amikom Yogyakarta
(*) Corresponding Author

  

Abstract


The convergence of the Internet of Things (IoT) and Society 5.0 has successfully led to a human-centered and data-driven life ecosystem. IoT has become the backbone for infrastructure implemented in various domains, ranging from smart homes and smart farming to smart industrial environments. Nevertheless, as IoT devices become more connected and integrated into the ecosystem, the attack surface expands and network security becomes more challenging. The massive convergence and connectivity of IoT devices have a high potential for attacks on network infrastructure, such as Denial of Service (DoS), port scanning, exfiltration, brute force, and man-in-the-middle attacks. This study aims to detect anomalies in IoT network traffic by applying the Isolation Forest (IF) algorithm. The dataset was obtained from an IoT gateway connected to smart home devices and includes features such as data packet size, connection duration, source and destination capacity, attack protocols used, and the connection status of each device. The experimental results of this study indicate that the IF method can identify smart home device attacks with a competitive level of accuracy. The results of the anomaly analysis are then presented through a confusion matrix, classification report, and analytical visualizations such as 2D PCA, t-SNE, heatmap, and temporal distribution of anomalies. This study declares that the IF method contributes effectively to the analysis of Intrusion Detection Systems (IDS) in IoT environments such as smart homes that are heterogeneous and dynamic

Keywords


Isolation Forest; Anomaly; Internet of Things; Intrusion Detection System; Smart Home

  
  

Full Text:

PDF
  

Article Metrics

Abstract view: 132 times
PDF view: 73 times 		     

Digital Object Identifier

doi  https://doi.org/10.33096/ilkom.v18i1.3156.43-57 		  

Cite

How to cite item

References


A. E. Omolara et al., “The internet of things security: A survey encompassing unexplored areas and new insights,” Comput. Secur., vol. 112, p. 102494, Jan. 2022, doi: 10.1016/j.cose.2021.102494.

K. Gulati, R. S. Kumar Boddu, D. Kapila, S. L. Bangare, N. Chandnani, and G. Saravanan, “A review paper on wireless sensor network techniques in Internet of Things (IoT),” Mater. Today Proc., vol. 51, pp. 161–165, 2022, doi: 10.1016/j.matpr.2021.05.067.

X. Cao, Y. Xiong, J. Sun, X. Xie, Q. Sun, and Z. L. Wang, “Multidiscipline Applications of Triboelectric Nanogenerators for the Intelligent Era of Internet of Things,” Nanomicro Lett., vol. 15, no. 1, p. 14, Dec. 2023, doi: 10.1007/s40820-022-00981-8.

A. M. Rahmani, S. Bayramov, and B. Kiani Kalejahi, “Internet of Things Applications: Opportunities and Threats,” Wirel. Pers. Commun., vol. 122, no. 1, pp. 451–476, Jan. 2022, doi: 10.1007/s11277-021-08907-0.

M. Abdullahi et al., “Detecting Cybersecurity Attacks in Internet of Things Using Artificial Intelligence Methods: A Systematic Literature Review,” Electronics (Basel)., vol. 11, no. 2, p. 198, Jan. 2022, doi: 10.3390/electronics11020198.

M. Pouresmaieli, M. Ataei, and A. Taran, “Future mining based on internet of things (IoT) and sustainability challenges,” International Journal of Sustainable Development & World Ecology, vol. 30, no. 2, pp. 211–228, Feb. 2023, doi: 10.1080/13504509.2022.2137261.

N. I. Ganaou and A. I. Salaou, “Communication Technologies and Protocols in IoT Systems,” 1st ed., vol. 5, IGI Pubsliher, 2025, ch. 2, pp. 323–390. doi: 10.4018/979-8-3693-5448-3.ch010.

V. Tyagi, A. Saraswat, A. Kumar, and S. Gambhir, “Securing IoT Devices Against MITM and DoS Attacks,” in Reshaping Intelligent Business and Industry, Wiley, 2024, pp. 237–249. doi: 10.1002/9781119905202.ch15.

D. Swessi and H. Idoudi, “A Survey on Internet-of-Things Security: Threats and Emerging Countermeasures,” Wirel. Pers. Commun., vol. 124, no. 2, pp. 1557–1592, May 2022, doi: 10.1007/s11277-021-09420-0.

M. Faiz and A.K. Daniel, “Threats and Challenges for Security Measures on the Internet of Things,” Law, State and Telecommunications Review, vol. 14, no. 1, pp. 71–97, May 2022, doi: 10.26512/lstr.v14i1.38843.

A. R. Mahlous, “Threat model and risk management for a smart home IoT system,” Informatica, vol. 47, no. 1, Apr. 2023, doi: 10.31449/inf.v47i1.4526.

P. Khanpara, K. Lavingia, R. Trivedi, S. Tanwar, A. Verma, and R. Sharma, “A context‐aware internet of things‐driven security scheme for smart homes,” SECURITY AND PRIVACY, vol. 6, no. 1, Jan. 2023, doi: 10.1002/spy2.269.

T. Magara and Y. Zhou, “Internet of Things (IoT) of Smart Homes: Privacy and Security,” Journal of Electrical and Computer Engineering, vol. 2024, pp. 1–17, Apr. 2024, doi: 10.1155/2024/7716956.

A. Lara, V. Mayor, R. Estepa, A. Estepa, and J. E. Díaz-Verdejo, “Smart home anomaly-based IDS: Architecture proposal and case study,” Internet of Things, vol. 22, p. 100773, Jul. 2023, doi: 10.1016/j.iot.2023.100773.

R. Alasmari and A. A. Alhogail, “Protecting Smart-Home IoT Devices From MQTT Attacks: An Empirical Study of ML-Based IDS,” IEEE Access, vol. 12, pp. 25993–26004, 2024, doi: 10.1109/ACCESS.2024.3367113.

A. Kumari and I. Sharma, “Securing the Internet of Things using AI-Enabled Detection of Attacks via Port Scans in IoT Networks,” in 2023 International Conference on Power Energy, Environment & Intelligent Control (PEEIC), IEEE, Dec. 2023, pp. 348–352. doi: 10.1109/PEEIC59336.2023.10451771.

A. N. Janjua, A. Abdulraheem, and Z. Tariq, “Big Data Analysis Using Unsupervised Machine Learning: K-means Clustering and Isolation Forest Models for Efficient Anomaly Detection and Removal in Complex Lithologies,” in International Petroleum Technology Conference, IPTC, Feb. 2024. doi: 10.2523/IPTC-23580-EA.

J. P. Ntayagabiri, Y. Bentaleb, J. Ndikumagenge, and H. EL Makhtoum, “A Comprehensive Approach to Protocols and Security in Internet of Things Technology,” Journal of Computing Theories and Applications, vol. 2, no. 3, pp. 324–341, Dec. 2024, doi: 10.62411/jcta.11660.

T. Liu, Z. Zhou, and L. Yang, “Layered isolation forest: A multi-level subspace algorithm for improving isolation forest,” Neurocomputing, vol. 581, p. 127525, May 2024, doi: 10.1016/j.neucom.2024.127525.

H. Xu, G. Pang, Y. Wang, and Y. Wang, “Deep Isolation Forest for Anomaly Detection,” IEEE Trans. Knowl. Data Eng., vol. 35, no. 12, pp. 12591–12604, Dec. 2023, doi: 10.1109/TKDE.2023.3270293.

V. Yepmo, G. Smits, M.-J. Lesot, and O. Pivert, “Leveraging an Isolation Forest to Anomaly Detection and Data Clustering,” Data Knowl. Eng., vol. 151, p. 102302, May 2024, doi: 10.1016/j.datak.2024.102302.

M. S. Kareem and L. A. Muhammed, “Anomaly Detection in Streaming Data using Isolation Forest,” in 2024 Seventh International Women in Data Science Conference at Prince Sultan University (WiDS PSU), IEEE, Mar. 2024, pp. 223–228. doi: 10.1109/WiDS-PSU61003.2024.00052.

M. Agoramoorthy, A. Ali, D. Sujatha, M. Raj. T. F, and G. Ramesh, “An Analysis of Signature-Based Components in Hybrid Intrusion Detection Systems,” in 2023 Intelligent Computing and Control for Engineering and Business Systems (ICCEBS), IEEE, Dec. 2023, pp. 1–5. doi: 10.1109/ICCEBS58601.2023.10449209.

U. Ahmed et al., “Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering,” Sci. Rep., vol. 15, no. 1, p. 1726, Jan. 2025, doi: 10.1038/s41598-025-85866-7.

L. Simon, A. Andreas, L. Leah, R. Ulrich, F. Ian, and S. Matthias, “Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices,” Cryptography and Security, vol. 14, no. 1, pp. 59–70, May 2024.

C. Gan, J. Lin, D.-W. Huang, Q. Zhu, and L. Tian, “Advanced Persistent Threats and Their Defense Methods in Industrial Internet of Things: A Survey,” Mathematics, vol. 11, no. 14, p. 3115, Jul. 2023, doi: 10.3390/math11143115.

L. Zhang and L. Liu, “Data Anomaly Detection Based on Isolation Forest Algorithm,” in 2022 International Conference on Computation, Big-Data and Engineering (ICCBE), IEEE, May 2022, pp. 87–89. doi: 10.1109/ICCBE56101.2022.9888169.

O. AbuAlghanam, H. Alazzam, E. Alhenawi, M. Qatawneh, and O. Adwan, “Fusion-based anomaly detection system using modified isolation forest for internet of things,” J. Ambient Intell. Humaniz. Comput., vol. 14, no. 1, pp. 131–145, Jan. 2023, doi: 10.1007/s12652-022-04393-9.

H. Xiang et al., “Federated Learning-Based Anomaly Detection with Isolation Forest in the IoT-Edge Continuum,” ACM Transactions on Multimedia Computing, Communications, and Applications, Nov. 2024, doi: 10.1145/3702995.

H. Liu, J. Zhou, and H. Li, “Using Rough Sets to Improve the High-dimensional Data Anomaly Detection Method Based on Extended Isolation Forest,” in 2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD), IEEE, May 2023, pp. 231–236. doi: 10.1109/CSCWD57460.2023.10152795.

Z. Azam, Md. M. Islam, and M. N. Huda, “Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree,” IEEE Access, vol. 11, pp. 80348–80391, 2023, doi: 10.1109/ACCESS.2023.3296444.

N. Saran and N. Kesswani, “A comparative study of supervised Machine Learning classifiers for Intrusion Detection in Internet of Things,” Procedia Comput. Sci., vol. 218, pp. 2049–2057, 2023, doi: 10.1016/j.procs.2023.01.181.

S. Qadir Mohammed and M. A. Hussein, “Performance Analysis of different Machine Learning Models for Intrusion Detection Systems,” Journal of Engineering, vol. 28, no. 5, pp. 61–91, May 2022, doi: 10.31026/j.eng.2022.05.05.

N. Alghanmi, R. Alotaibi, and S. M. Buhari, “Machine Learning Approaches for Anomaly Detection in IoT: An Overview and Future Research Directions,” Wirel. Pers. Commun., vol. 122, no. 3, pp. 2309–2324, Feb. 2022, doi: 10.1007/s11277-021-08994-z.

V. M. Prasad and B. Bharathi, “A Survey on Security in Data Transmission Using Wireless Communication Methods for IoT Edge Devices,” in Smart Factories for Industry 5.0 Transformation, Wiley, 2025, pp. 45–69. doi: 10.1002/9781394200467.ch3.

E. Ortega, F. Su, R. Chattopadhyay, and K. Chakrabarty, “Discretized-Isolation Forest: Memory- and Compute-Efficient Unsupervised Anomaly Detection for Resource-Constrained Internet of Things Edge Devices,” IEEE Internet Things J., vol. 12, no. 2, pp. 1699–1717, Jan. 2025, doi: 10.1109/JIOT.2024.3468950.


Refbacks

  • There are currently no refbacks.


Copyright (c) 2026 Ahmad Luthfi, Emigawaty Emigawaty

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.