M.S. Applied Data Science - Capstone Chronicles 2025

6

with a F1-Score of 0.71 in the 34 class categorization experiment. The Deep Neural Networks benchmarked had comparable, but slightly worse results during the binary classification. However, when the experiments subsequently increased in the number of categories and specific attack types, the results fell off substantially while the Random Forest model held strong in its classification, while minimizing the False Positives as indicated by the precision scores. These results benchmark the Random Forest model as being superior in the identification of malicious attack patterns and the model’s ability to generalize to IoT intrusion detection tasks. Nero et al. (2023) not only developed a novel, realistic dataset for the classification of malicious network traffic, but identified the robustness of the Random Forest model within the realm of binary, 8-category classification, and 34-class classification models within the realm of securing network traffic in IoT environments. 3.2 A Long Short-Term Memory Based Approach for Detecting Cyber Attacks in IoT Using CICIoT2023 Dataset Jony and Arnob (2024) applied a Long Short-Term Memory (LSTM) deep learning model under the hypothesis, applying temporal dependencies within network traffic data would enhance the detection capabilities within IoT network traffic, which previous studies had failed to evaluate. By applying this deep learning model, the authors had hoped to capture evolving and subtle attack patterns within the dataset. The authors leveraged the same CIC-IoT2023 dataset and applied their model to the identification of the 34-class classification framework used by Neto et al. (2023). Jony and Arnob (2024) implemented preprocessing methods to include normalization and label encoding then proceeded to train the model via a ReLU activation function within the hidden layers

of the deep learning model and a Softmax activation function for the output layer and trained models with batch sizes of 1000 observations across 50 training epochs. Jony and Arnob (2024) reported strong performance metrics with their proposed LSTM structure achieving a 98.75% accuracy, 98.66% precision and an impressive F1-Score of 98.59% across the 34-class classification experiment, which greatly enhanced the models ability to minimize false positives when compared to the previous benchmark models which saw decreases in false positive detection rates during the enhanced 34-class experiment. Jony and Arnob (2024) concluded an LSTM model provided reliable, scalable and adaptive frameworks for intrusion detection within IoT environments but highlighted the need for improvements in model interpretability and computational efficiency to support real world, large-scale IoT networks. 3.3 Real Time Large Scale intrusion Detection and Prevention System (IDPS) CICIoT Dataset Traffic Assessment Based on Deep Learning Erksine (2025) focused their research on the development of a unique intrusion detection specific hybrid deep learning model entitled ‘ Deep Learning Multilayer Perceptron Intrusion Detection and Prevention System Model (DLMIDPSM) , ’ which incorporated Artificial Neural Networks (ANN), Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN) along with the Multilayer Perceptron (MLP) model. The goal of this research was to develop a model which could be integrated into SIEM tools, addressing the need for real-time intrusion detection capability. Through the combination of deep learning and machine learning methods, the research goal was to enhance detection and mitigate performance

244