ALMANET: A hybrid online learning IDS for real-time IoT security

Publication Type

Journal Article

Name of Author

• Promise Ricardo Agbedanu, African Center of Excellence for Internet of Things, University of Rwanda, RwandaFollow
• Shanchieh (Jay) Yang, Institute for Informatics and Applied Technology, Gonzaga University, USA
• Richard Musabe, College of Science and Technology, University of Rwanda, Rwanda
• Ignace Gatare, College of Science and Technology, University of Rwanda, Rwanda
• James Rwigema, African Center of Excellence for Internet of Things, University of Rwanda, Rwanda

Publication Date (Issue Year)

2025

Journal Name

Egyptian Informatics Journal

Abstract

Although some modern Intrusion Detection Systems (IDSs) for Internet of Things (IoT) have explored online machine learning (ML) approaches to build these IDSs, most IoT-based IDSs are designed using offline ML techniques. IDSs built with offline ML approaches cannot adapt to rapidly changing IoT network conditions. They need continuous retraining and require a lot of computational power. To address these limitations, we propose ALMANET (ALMA+NET), a hybrid intrusion detection approach combining Approximate Large Margin Algorithm (ALMA) with Stochastic Weight Averaging (SWA) and an online neural network (NET). ALMANET leverages the power of online learning, which updates models incrementally and allows real-time adaptation to evolving network traffic, making it suitable for IoT environments. We validated ALMANET on four benchmark datasets, namely, NF BoT IoT, NF ToN IoT, NF UNSW, and NF CSE 2018 datasets. We demonstrated the proposed technique’s performance in terms of accuracy, recall, ROCAUC, and robustness against adversarial attacks. We compared the performance of ALMANET against RF, SVM, LR, and ALMA. ALMANET records up to 98.58% ROCAUC and demonstrates high throughput, low false positive rates, and efficient memory usage of 14.64 KB across all datasets, making it feasible for deployment on edge devices.

Keywords

Appropriate large margin algorithm, Incremental neural network, Stochastic Weight Averaging, Online machine learning, Internet of Things, Network intrusion detection

Rsif Scholar Name

Promise Ricardo Agbedanu

Rsif Scholar Nationality

Ghana

Cohort

Cohort 3

Thematic Area

ICTs Including Big Data and Artificial Intelligence

Africa Host University (AHU)

University of Rwanda (UR), Rwanda

Funding Statement

This work was funded by the Partnership for Applied Skills in Sciences, Engineering and Technology-Regional Scholarship and Innovation Fund (PASET-Rsif), Google PhD Fellowship, and Carnegie Corporation of New York.

Recommended Citation

Agbedanu, P. R., Yang, S. (., Musabe, R., Gatare, I., & Rwigema, J. (2025). ALMANET: A hybrid online learning IDS for real-time IoT security. Egyptian Informatics Journal https://doi.org/doi.org/10.1016/j.eij.2025.100764