Open Access

ARTICLE

ERBM: A Machine Learning-Driven Rule-Based Model for Intrusion Detection in IoT Environments

Arshad Mehmmod^1,#, Komal Batool^1,#, Ahthsham Sajid^2,3, Muhammad Mansoor Alam^2,3, Mazliham MohD Su’ud^3,*, Inam Ullah Khan³

1 Department of Information Security and Data Science, Riphah Institute of Systems Engineering, Riphah International University, Islamabad, 46000, Pakistan
2 Faculty of Computing, Riphah International University, Islamabad, 46000, Pakistan
3 Faculty of Computing and Informatics, Multimedia University, Cyberjaya, 63100, Malaysia

* Corresponding Author: Mazliham MohD Su’ud. Email:
# These authors contributed equally to this work

(This article belongs to the Special Issue: Advances in IoT Security: Challenges, Solutions, and Future Applications)

Computers, Materials & Continua 2025, 83(3), 5155-5179. https://doi.org/10.32604/cmc.2025.062971

Received 31 December 2024; Accepted 04 March 2025; Issue published 19 May 2025

Abstract

Traditional rule-based Intrusion Detection Systems (IDS) are commonly employed owing to their simple design and ability to detect known threats. Nevertheless, as dynamic network traffic and a new degree of threats exist in IoT environments, these systems do not perform well and have elevated false positive rates—consequently decreasing detection accuracy. In this study, we try to overcome these restrictions by employing fuzzy logic and machine learning to develop an Enhanced Rule-Based Model (ERBM) to classify the packets better and identify intrusions. The ERBM developed for this approach improves data preprocessing and feature selections by utilizing fuzzy logic, where three membership functions are created to classify all the network traffic features as low, medium, or high to remain situationally aware of the environment. Such fuzzy logic sets produce adaptive detection rules by reducing data uncertainty. Also, for further classification, machine learning classifiers such as Decision Tree (DT), Random Forest (RF), and Neural Networks (NN) learn complex ways of attacks and make the detection process more precise. A thorough performance evaluation using different metrics, including accuracy, precision, recall, F1 Score, detection rate, and false-positive rate, verifies the supremacy of ERBM over classical IDS. Under extensive experiments, the ERBM enables a remarkable detection rate of 99% with considerably fewer false positives than the conventional models. Integrating the ability for uncertain reasoning with fuzzy logic and an adaptable component via machine learning solutions, the ERBM system provides a unique, scalable, data-driven approach to IoT intrusion detection. This research presents a major enhancement initiative in the context of rule-based IDS, introducing improvements in accuracy to evolving IoT threats.

---

Keywords

---