The rapid rise of Internet of Things (IoT) devices has made cybersecurity much more dangerous and vulnerable, emphasizing the critical necessity for adaptive intrusion detection systems (IDS) to safeguard IoT networks. This study presents a Cyber Threat Intelligence (CTI) model that works in real time and adapts to IoT contexts. The suggested model uses density-based clustering (DBSCAN), deep learning (CNN-LSTM), and reinforcement learning (LDQN) to find, sort, and respond to threats that change over time. A generative model (GAN) is added to make detection better by adding fake data. The model works in three main steps: detection, mitigation and response, and ongoing improvement which is adaptively. During the detecting phase, DBSCAN identifies anomalies by grouping network IoT traffic and separating outliers. A hybrid CNN-LSTM architecture processes anomalies by finding patterns of threats over time, while a Random Forest algorithm classifies typical traffic. During the mitigation and response phase, a Lightweight Deep Q-Network (LDQN) dynamically assigns the actions BLOCK, DROP, INVESTIGATE, or ALLOW based on how serious each threat is. A Generative Adversarial Network (GAN) produces fake data to fix class imbalance and make it easier to find classes that aren't well represented. After being improved, the unified model was able to find IoT intrusions with an accuracy of 92.86%, a precision of 95.16%, and a recall of 95.93%. The system learns about new attack patterns in real time and responds to threats automatically, making it useful for protecting big and changing IoT deployments. This research links classic IDS solutions with cutting-edge AI-driven threat intelligence systems to create an approach for IoT cybersecurity that can grow, is resilient, and improves itself.
| Published in | Internet of Things and Cloud Computing (Volume 13, Issue 3) |
| DOI | 10.11648/j.iotcc.20251303.11 |
| Page(s) | 52-61 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2025. Published by Science Publishing Group |
Cyber Threat Intelligence, IoT Security, Deep Learning, Random Forest, CNN-LSTM, GAN Augmentation
| [1] | Awajan, A. (2023). A novel deep learning-based intrusion detection system for IoT networks. Computers, 12(2), 34. |
| [2] | Subramanian, S., & Karthik, S. Signature-based and anomaly-based intrusion detection: A comparative analysis. International Journal of Network Security & Its Applications, 2020, 12(3), 13-25. |
| [3] | Bendiab, G., Lafifi, Y., & Hamou, R. M. Hybrid IDS for IoT networks using LSTM and CNN. Computer Networks. 2022, 215, 109132. |
| [4] | Binbusayyis, A., & Vaiyapuri, T. A hybrid deep learning approach for rare class detection in IoT security datasets. Sensors. 2021, 21(5), 1820. |
| [5] | Xu, Z., Wu, Y., Wang, S., Gao, J., Qiu, T., Wang, Z., Wan, H., & Zhao, X. (2025). Deep learning-based intrusion detection systems: A survey. arXiv preprint arXiv:2504.07839. |
| [6] | Gueriani, D., Rodriguez, A., & Suárez, D. Hybrid CNN-LSTM architecture for intrusion detection using CI-CIoT2023 dataset. IEEE Transactions on Industrial Informatics. 2024, 20(1), 190-201. |
| [7] | Al-Hayali, A., Al-Rimy, B. A. S., & Maarof, M. A. Anomaly-based intrusion detection system using deep autoencoders in smart environments. IEEE Access. 2023, 11, 22876-22890. |
| [8] | Li, J., & Yu, S. Generative Adversarial Networks for class imbalance correction in cybersecurity. Journal of Machine Learning in Cybersecurity. 2022, 5(1), 1-12. |
| [9] | Sharma, N., & Girdhar, A. Reinforcement learning approaches for automated cyber response in IoT. ACM Computing Surveys. 2023, 55(3), 1-30. |
| [10] | Yu, Y., Fu, Y., Liu, T., Wang, K., & An, Y. (2025). An attack detection method based on deep learning for Internet of Things. Scientific Reports, 15, 28812. |
| [11] | Ding, Z., Zhang, H., Xu, P., & Wang, J. (2024). MF-Net: Multi-frequency intrusion detection network for internet traffic data. Pattern Recognition, 146, 109999. |
| [12] | Song, J., Wang, L., Chen, Q., & Li, H. (2023). CSK-CNN: Network intrusion detection model based on two-layer convolutional neural network for handling imbalanced datasets. Information, 14(2), 130. |
| [13] | Jony, A. I., & Arnob, A. K. B. (2024). A long short-term memory-based approach... Journal of Edge Computing, 3(1), 28-42. |
| [14] | Yang, Y., Liu, X., Wang, D., et al. (2025). A CE-GAN based approach to address data imbalance in network intrusion detection systems. Scientific Reports, 15, Article 7916. |
| [15] | Sorour, S. E., Aljaafari, M., Shaker, A. M., & Amin, A. E. (2025). LSTM-JSO framework for privacy-preserving adaptive intrusion detection in federated IoT networks. Scientific Reports, 15, Article 11321. |
| [16] | Alsoufi, M. A., Siraj, M. M., Ghaleb, F. A., Al-Razgan, M., Al-Asaly, M. S., Alfakih, T., & Saeed, F. Anomaly-Based Intrusion Detection Model Using Deep Learning for IoT Networks. Computer Modeling in Engineering & Sciences. 2024, 141(1), 824-845. |
| [17] | Gupta, A., Dhiman, G., Nour, R., & Rodrigues, J. J. P. C. An Ensemble Learning-Based Intrusion Detection Model for Industrial IoT Security. Journal of Ambient Intelligence and Humanized Computing. 2025. |
| [18] | Gueriani, A., Kheddar, H., & Mazari, A. C. Adaptive Cyber-Attack Detection in IIoT Using Attention-Based LSTM-CNN Models. arXiv preprint arXiv: 2501.13962. 2025. |
APA Style
Mwende, E., Mukudi, F., Mile, A. (2025). A Unified Adaptive Cyber Threat Intelligence Model for Real-Time IoT Security Using Machine Learning and GAN-Based Augmentation. Internet of Things and Cloud Computing, 13(3), 52-61. https://doi.org/10.11648/j.iotcc.20251303.11
ACS Style
Mwende, E.; Mukudi, F.; Mile, A. A Unified Adaptive Cyber Threat Intelligence Model for Real-Time IoT Security Using Machine Learning and GAN-Based Augmentation. Internet Things Cloud Comput. 2025, 13(3), 52-61. doi: 10.11648/j.iotcc.20251303.11
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.iotcc.20251303.11,
author = {Elizabeth Mwende and Fidelis Mukudi and Anthony Mile},
title = {A Unified Adaptive Cyber Threat Intelligence Model for Real-Time IoT Security Using Machine Learning and GAN-Based Augmentation
},
journal = {Internet of Things and Cloud Computing},
volume = {13},
number = {3},
pages = {52-61},
doi = {10.11648/j.iotcc.20251303.11},
url = {https://doi.org/10.11648/j.iotcc.20251303.11},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.iotcc.20251303.11},
abstract = {The rapid rise of Internet of Things (IoT) devices has made cybersecurity much more dangerous and vulnerable, emphasizing the critical necessity for adaptive intrusion detection systems (IDS) to safeguard IoT networks. This study presents a Cyber Threat Intelligence (CTI) model that works in real time and adapts to IoT contexts. The suggested model uses density-based clustering (DBSCAN), deep learning (CNN-LSTM), and reinforcement learning (LDQN) to find, sort, and respond to threats that change over time. A generative model (GAN) is added to make detection better by adding fake data. The model works in three main steps: detection, mitigation and response, and ongoing improvement which is adaptively. During the detecting phase, DBSCAN identifies anomalies by grouping network IoT traffic and separating outliers. A hybrid CNN-LSTM architecture processes anomalies by finding patterns of threats over time, while a Random Forest algorithm classifies typical traffic. During the mitigation and response phase, a Lightweight Deep Q-Network (LDQN) dynamically assigns the actions BLOCK, DROP, INVESTIGATE, or ALLOW based on how serious each threat is. A Generative Adversarial Network (GAN) produces fake data to fix class imbalance and make it easier to find classes that aren't well represented. After being improved, the unified model was able to find IoT intrusions with an accuracy of 92.86%, a precision of 95.16%, and a recall of 95.93%. The system learns about new attack patterns in real time and responds to threats automatically, making it useful for protecting big and changing IoT deployments. This research links classic IDS solutions with cutting-edge AI-driven threat intelligence systems to create an approach for IoT cybersecurity that can grow, is resilient, and improves itself.
},
year = {2025}
}
TY - JOUR T1 - A Unified Adaptive Cyber Threat Intelligence Model for Real-Time IoT Security Using Machine Learning and GAN-Based Augmentation AU - Elizabeth Mwende AU - Fidelis Mukudi AU - Anthony Mile Y1 - 2025/09/13 PY - 2025 N1 - https://doi.org/10.11648/j.iotcc.20251303.11 DO - 10.11648/j.iotcc.20251303.11 T2 - Internet of Things and Cloud Computing JF - Internet of Things and Cloud Computing JO - Internet of Things and Cloud Computing SP - 52 EP - 61 PB - Science Publishing Group SN - 2376-7731 UR - https://doi.org/10.11648/j.iotcc.20251303.11 AB - The rapid rise of Internet of Things (IoT) devices has made cybersecurity much more dangerous and vulnerable, emphasizing the critical necessity for adaptive intrusion detection systems (IDS) to safeguard IoT networks. This study presents a Cyber Threat Intelligence (CTI) model that works in real time and adapts to IoT contexts. The suggested model uses density-based clustering (DBSCAN), deep learning (CNN-LSTM), and reinforcement learning (LDQN) to find, sort, and respond to threats that change over time. A generative model (GAN) is added to make detection better by adding fake data. The model works in three main steps: detection, mitigation and response, and ongoing improvement which is adaptively. During the detecting phase, DBSCAN identifies anomalies by grouping network IoT traffic and separating outliers. A hybrid CNN-LSTM architecture processes anomalies by finding patterns of threats over time, while a Random Forest algorithm classifies typical traffic. During the mitigation and response phase, a Lightweight Deep Q-Network (LDQN) dynamically assigns the actions BLOCK, DROP, INVESTIGATE, or ALLOW based on how serious each threat is. A Generative Adversarial Network (GAN) produces fake data to fix class imbalance and make it easier to find classes that aren't well represented. After being improved, the unified model was able to find IoT intrusions with an accuracy of 92.86%, a precision of 95.16%, and a recall of 95.93%. The system learns about new attack patterns in real time and responds to threats automatically, making it useful for protecting big and changing IoT deployments. This research links classic IDS solutions with cutting-edge AI-driven threat intelligence systems to create an approach for IoT cybersecurity that can grow, is resilient, and improves itself. VL - 13 IS - 3 ER -
Department of Computer Science and Information Technology, Co-operative University of Kenya, Nairobi, Kenya
Department of Mathematical Sciences, Co-operative University of Kenya, Nairobi, Kenya
Department of Computer Science and Information Technology, Co-operative University of Kenya, Nairobi, Kenya
Information