This repository includes code for the paper "Toward Autonomous and Efficient Cybersecurity: A Multi Objective AutoML based Intrusion Detection System" published in IEEE Transactions on Machine Learning in Communications and Networking (TMLCN). In this work, we propose a novel and comprehensive Multi-Objective optimization (MOO) and Automated Machine Learning (AutoML) framework that enables efficient and autonomous intrusion detection, especially for IoT systems that need to balance model effectiveness and efficiency/complexity, holding the potential to achieve fully autonomous cybersecurity in resource-constrained systems like IoT. To achieve autonomous and efficient intrusion detection, the proposed MOO-AutoML framework automates all critical procedures of the data analytics pipeline, including data pre-processing, feature engineering, model selection, and hyperparameter tuning.
Authors: Li Yang ([email protected]) and Abdallah Shami
Organizations:
- The Advanced Networking Technology and Security (ANTS) Lab, Faculty of Business and IT, Ontario Tech University
- The Optimized Computing and Communications (OC2) Lab, ECE Department, Western University
The paper is publicly available on IEEE Explore and arXiv
If you are interested in AutoML and autonomous intrusion detection, below are other comprehensive GitHub repositories:
- AutoML-Implementation-for-Static-and-Dynamic-Data-Analytics
- AutoML-and-Adversarial-Attack-Defense-for-Zero-Touch-Network-Security
- AutonomousCyber-AutoML-based-Autonomous-Intrusion-Detection-System
With increasingly sophisticated cybersecurity threats and rising demand for network automation, autonomous cybersecurity mechanisms are becoming critical for securing modern networks. The rapid expansion of Internet of Things (IoT) systems amplifies these challenges, as resource-constrained IoT devices demand scalable and efficient security solutions. In this work, an innovative Intrusion Detection System (IDS) utilizing Automated Machine Learning (AutoML) and Multi-Objective Optimization (MOO) is proposed for autonomous and optimized cyber-attack detection in modern networking environments. The proposed IDS framework integrates two primary innovative techniques: Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS) and Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH). These components optimize feature selection and model learning processes to strike a balance between intrusion detection effectiveness and computational efficiency. This work presents the first IDS framework that integrates all four AutoML stages and employs multi-objective optimization to jointly optimize detection effectiveness, efficiency, and confidence for deployment in resource-constrained systems. Experimental evaluations over two benchmark cybersecurity datasets demonstrate that the proposed MOO-AutoML IDS outperforms state-of-the-art IDSs, establishing a new benchmark for autonomous, efficient, and optimized security for networks. Designed to support IoT and edge environments with resource constraints, the proposed framework is applicable to a variety of autonomous cybersecurity applications across diverse networked environments.
- Automated Data Pre-Processing
- Automated Normalization based on Min-Max and Z-Score Normalization
- Automated Hybrid Data Balancing by Combining SMOTE and ADASYN
- Automated Feature Engineering
- Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS)
- Multi-Objective Particle Swarm Optimization (MOPSO)
- Automated Model Selection
- LightGBM
- XGBoost
- Hyper-Parameter Optimization
- Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH)
- CICIDS2017 dataset, a popular network traffic dataset for intrusion detection problems
- Publicly available at: https://www.unb.ca/cic/datasets/ids-2017.html
- IoTID20 dataset, a novel IoT botnet dataset
- Publicly available at: https://sites.google.com/view/iot-network-intrusion-dataset/home
- AutonomousCyber24_Dataset_1.ipynb: code for the sampled CICIDS2017 dataset.
- AutonomousCyber24_Dataset_2.ipynb: code for the sampled IoTID20 dataset.
- Python 3.7+
- scikit-learn
- imblearn
- Xgboost
- lightgbm
Please feel free to contact me for any questions or cooperation opportunities. I'd be happy to help.
- Email: [email protected]
- GitHub: LiYangHart, Western OC2 Lab, and ANTS-OntarioTechU
- LinkedIn: Li Yang
- Google Scholar: Li Yang
If you find this repository useful in your research, please cite this article as:
L. Yang and A. Shami, "Toward Autonomous and Efficient Cybersecurity: A Multi-Objective AutoML-Based Intrusion Detection System," in IEEE Transactions on Machine Learning in Communications and Networking, vol. 3, pp. 1244-1264, 2025, doi: 10.1109/TMLCN.2025.3631379.
@ARTICLE{11240569,
author={Yang, Li and Shami, Abdallah},
journal={IEEE Transactions on Machine Learning in Communications and Networking},
title={Toward Autonomous and Efficient Cybersecurity: A Multi-Objective AutoML-Based Intrusion Detection System},
year={2025},
volume={3},
number={},
pages={1244-1264},
keywords={Computer security;Automated machine learning;Optimization;Internet of Things;Intrusion detection;Feature extraction;Data models;Data analysis;Benchmark testing;Adaptation models;Network automation;AutoML;multi-objective optimization;cybersecurity;intrusion detection system;IoT},
doi={10.1109/TMLCN.2025.3631379}}