# Optimized ensemble machine learning model for cyberattack classification in industrial IoT

**Authors:** Batool Alabdullah, Suresh Sankaranarayanan

PMC · DOI: 10.3389/frai.2025.1685376 · Frontiers in Artificial Intelligence · 2026-01-12

## TL;DR

This paper introduces an optimized machine learning model for detecting cyberattacks in industrial IoT systems, achieving high accuracy and efficiency.

## Contribution

The novel contribution is the development of Stacked Ensemble_2, an optimized ensemble model combining multiple classifiers for improved cyberattack detection.

## Key findings

- Stacked Ensemble_2 achieved 97% accuracy with a 54-minute computation time.
- The model reached 100% accuracy on the CICIDS 2017 dataset with a 99% AUROC.

## Abstract

The increasing cyber threats targeting industrial control systems (ICS) and the Internet of Things (IoT) pose significant risks, especially in critical infrastructures like the oil and gas sector. Existing machine learning (ML) approaches for cyberattack detection often rely on binary classification and lack computational efficiency.

This study proposes two optimized stacked ensemble models to enhance attack detection accuracy while reducing computational overhead. The main contribution lies in the strategic selection and integration of diverse base models, such as Logistic Regression, Extra Tree Classifier, XGBoost, and LGBM, with RFC as the final estimator. These models are chosen to address unique characteristics of security datasets, such as class imbalance, noise, and complex attack patterns. This combination aims to leverage different decision boundaries and learning mechanisms.

Evaluations show that the Stacked Ensemble_2 model achieves 97% accuracy with a training and testing computation time of 54 minutes. Stacked Ensemble_2, which excelled over the traditional Stacked Ensemble_1, was also evaluated on the CICIDS 2017 dataset, achieving an impressive 100% accuracy with an AUROC of 99%.

The results indicate that the proposed Stacked Ensemble_2 model provides a scalable, real-time detection mechanism for securing ICS and IoT environments. By proving its effectiveness on unseen data, this model demonstrates a significant advancement over traditional methods, offering enhanced accuracy and efficiency in detecting sophisticated cyber threats in critical infrastructure sectors.

## Full-text entities

- **Chemicals:** oil (MESH:D009821)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12832753/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12832753/full.md

## References

57 references — full list in the complete paper: https://tomesphere.com/paper/PMC12832753/full.md

---
Source: https://tomesphere.com/paper/PMC12832753