# (H-DIR)2: A Scalable Entropy-Based Framework for Anomaly Detection and Cybersecurity in Cloud IoT Data Centers

**Authors:** Davide Tosi, Roberto Pazzi

PMC · DOI: 10.3390/s25154841 · Sensors (Basel, Switzerland) · 2025-08-06

## TL;DR

(H-DIR)2 is a new cybersecurity framework for cloud IoT data centers that detects and mitigates attacks using entropy analysis and neural networks, offering scalability and transparency.

## Contribution

A novel hybrid entropy-based framework combining ARNNs and semantic reasoning for scalable and explainable anomaly detection in cloud IoT.

## Key findings

- The system achieves a mean detection latency of 247 ms and an AUC of 0.978 for SYN flood attacks.
- For DAO-DIO manipulations, it increases the packet delivery ratio from 81.2% to 96.4%.
- The framework scales vertically across millions of endpoints and horizontally on datasets exceeding 10 TB.

## Abstract

Modern cloud-based Internet of Things (IoT) infrastructures face increasingly sophisticated and diverse cyber threats that challenge traditional detection systems in terms of scalability, adaptability, and explainability. In this paper, we present (H-DIR)2, a hybrid entropy-based framework designed to detect and mitigate anomalies in large-scale heterogeneous networks. The framework combines Shannon entropy analysis with Associated Random Neural Networks (ARNNs) and integrates semantic reasoning through RDF/SPARQL, all embedded within a distributed Apache Spark 3.5.0 pipeline. We validate (H-DIR)2 across three critical attack scenarios—SYN Flood (TCP), DAO-DIO (RPL), and NTP amplification (UDP)—using real-world datasets. The system achieves a mean detection latency of 247 ms and an AUC of 0.978 for SYN floods. For DAO-DIO manipulations, it increases the packet delivery ratio from 81.2% to 96.4% (p < 0.01), and for NTP amplification, it reduces the peak load by 88%. The framework achieves vertical scalability across millions of endpoints and horizontal scalability on datasets exceeding 10 TB. All code, datasets, and Docker images are provided to ensure full reproducibility. By coupling adaptive neural inference with semantic explainability, (H-DIR)2 offers a transparent and scalable solution for cloud–IoT cybersecurity, establishing a robust baseline for future developments in edge-aware and zero-day threat detection.

## Full-text entities

- **Chemicals:** DAO (MESH:C030358), SYN (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12349297/full.md

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12349297/full.md

## References

27 references — full list in the complete paper: https://tomesphere.com/paper/PMC12349297/full.md

---
Source: https://tomesphere.com/paper/PMC12349297