Abstract
The Internet of Things network is a prime target for attackers due to its vulnerabilities and the sensitive data it handles. Protecting these devices is critical, and an Intrusion Detection System serves as the first defence against breaches. While many intrusion classification methods exist, building low-complexity systems for IoT remains challenging. This paper introduces a novel method combining active feature selection and ensemble machine learning to address complexity issues for IDS in IoT. Specifically, a novel Cauchy-Gaussian genetic-arithmetic optimiser-driven variance-based active feature selection method is proposed. The proposed algorithm operates in two phases: in the first phase, the model learns active samples by representing them as a KD-tree based on feature variance; in the second phase, the Cauchy-Gaussian genetic-arithmetic optimiser uses the active samples to select relevant features. Cauchy and Gaussian distributions ensure diversity in population initialisation and prevent early convergence, enhancing population diversity in the initial phase. The proposed genetic arithmetic optimizer combines genetic and arithmetic operators; the optimizer balances exploration and exploitation, accelerating convergence while avoiding local minima. The proposed method is evaluated and validated on the CICIDS 2017 and IoTID20 datasets, demonstrating superior performance to conventional AOA and GA approaches. Moreover, active feature selection reduces the complexity of running wrapper methods by using active samples for feature selection. The proposed method achieved an accuracy of 99.88% and 99.72% with the Bagging algorithm, along with a low false positive rate of 0.000801 and 0.000165 with the CICIDS2017 and IoTID20 datasets.