A Scalable Approach to Internet of Things and Industrial Internet of Things Security: Evaluating Adaptive Self-Adjusting Memory K-Nearest Neighbor for Zero-Day Attack Detection

Publication Type

Journal Article

Name of Author

• Promise Ricardo Agbedanu, African Centre of Excellence for Internet of Things, University of Rwanda, Kigali , RwandaFollow
• Shanchieh Jay Yang, Institute for Informatics and Applied Technology, Gonzaga University, Spokane, USA
• Richard Musabe, College of Science and Technology, University of Rwanda, Kigali
• Ignace Gatare, College of Science and Technology, University of Rwanda, Kigali
• James Rwigema, African Centre of Excellence for Internet of Things, University of Rwanda, Kigali

Publication Date (Issue Year)

2025

Journal Name

MDPI-Sensors

Abstract

The Internet of Things (IoT) and Industrial Internet of Things (IIoT) have drastically transformed industries by enhancing efficiency and flexibility but have also introduced substantial cybersecurity risks. The rise of zero-day attacks, which exploit unknown vulnerabilities, poses significant threats to these interconnected systems. Traditional signaturebased intrusion detection systems (IDSs) are insufficient for detecting such attacks due to their reliance on pre-defined attack signatures. This study investigates the effectiveness of Adaptive SAMKNN, an adaptive k-nearest neighbor with self-adjusting memory (SAM), in detecting and responding to various attack types in Internet of Things (IoT) environments. Through extensive testing, our proposed method demonstrates superior memory efficiency, with a memory footprint as low as 0.05 MB, while maintaining high accuracy and F1 scores across all datasets. The proposed method also recorded a detection rate of 1.00 across all simulated zero-day attacks. In scalability tests, the proposed technique sustains its performance even as data volume scales up to 500,000 samples, maintaining low CPU and memory consumption. However, while it excels under gradual, recurring, and incremental drift, its sensitivity to sudden drift highlights an area for further improvement. This study confirms the feasibility of Adaptive SAMKNN as a real-time, scalable, and memory-efficient solution for IoT and IIoT security, providing reliable anomaly detection without overwhelming computational resources. Our proposed method has the potential to significantly increase the security of IoT and IIoT environments by enabling the real-time, scalable, and efficient detection of sophisticated cyber threats, thereby safeguarding critical interconnected systems against emerging vulnerabilities

Keywords

iInternet of Things, Industrial Internet of Things, cybersecurity, online machine learning, zero-day attacks, intrusion detection system

Rsif Scholar Name

Promise Ricardo Agbedanu

Rsif Scholar Nationality

Ghana

Cohort

Cohort 3

Thematic Area

ICTs Including Big Data and Artificial Intelligence

Africa Host University (AHU)

University of Rwanda (UR), Rwanda

Funding Statement

This work was funded by the Partnership for Applied Skills in Sciences, Engineering and Technology-Regional Scholarship and Innovation Fund (PASET-Rsif), Google PhD Fellowship Programme and Carnegie Corporation of New York

Recommended Citation

Agbedanu, P. R., Yang, S. J., Musabe, R., Gatare, I., & Rwigema, J. (2025). A Scalable Approach to Internet of Things and Industrial Internet of Things Security: Evaluating Adaptive Self-Adjusting Memory K-Nearest Neighbor for Zero-Day Attack Detection. MDPI-Sensors https://doi.org/doi.org/10.3390/s25010216