Sustainable IoT Security in Entrepreneurship: Leveraging Univariate Feature Selection and Deep CNN Model for Innovation and Knowledge

Abstract

Due to the rapid increase in Internet of Things (IoT) devices in entrepreneurial environments, innovative cybersecurity advancements are needed to defend against escalating cyber threats. The present paper proposes an approach involving univariate feature selection leading to Sustainable IoT security. This method aims at increasing the efficiency and accuracy of the deep Convolutional Neural Network (CNN) model concerning botnet attack detection and mitigation. The approach to obtaining Sustainable IoT Security goes beyond the focus on technical aspects by proving that increased cybersecurity in IoT environments also fosters entrepreneurship in terms of stimulation, knowledge increase, and innovation. This approach is a major step towards providing entrepreneurs with the necessary tools to protect them in this digital era, which will enable and support the defense against cyber threats. A secure, innovative, and knowledgeable entrepreneurial environment is the result of Sustainable IoT security.

1. Introduction

The emergence of the Internet of Things (IoT) has significantly impacted the entrepreneurial ecosystem, leading to a transformation in the way businesses operate and innovate. Extensive research has highlighted the crucial role of the entrepreneurial ecosystem in the growth and development of the economy [1]. Entrepreneurial ecosystems have been found to bolster regional competitive advantages through knowledge and innovation, thereby increasing value creation through local commercial activities [2]. Moreover, the entrepreneurial ecosystem has been identified as having a positive influence on business growth and the creation of new businesses, attracting attention from both academics and policymakers [3]. Additionally, the entrepreneurial ecosystem has been linked to improving resource allocation processes and incentivizing entrepreneurs to create knowledge-intensive businesses in settings where demand for such services is high [4]. Furthermore, the political environment has been identified as a crucial factor impacting the entrepreneurial ecosystem performance of Internet cultural industries, emphasizing the multifaceted nature of the ecosystem [5]. The relevance of entrepreneurial universities has been found to increase in more fragile entrepreneurial ecosystems, providing support over multiple dimensions [6].

The impact of IoT on the entrepreneurial ecosystem has been observed in various domains, from conventional businesses to digital businesses, highlighting the widespread influence of IoT on business existence and operations [7]. The adoption of IoT technology has been found to have a dramatic impact on customer relationship management (CRM), providing potential benefits to individual organizations throughout the customer journey [8]. Moreover, the IoT is essential for the success and adoption of digital entrepreneurship in universities, emphasizing its role in shaping entrepreneurial endeavors [9]. The impact of a digital transformation through the adoption of IoT and big data on business performance has been reviewed, covering several essential elements that contribute to business success [10]. The higher the impact of IoT on research domains, the greater the need to classify the research challenges to endorse the Internet of Things as a well-engineered, commercially and technologically viable paradigm, highlighting the complexity of integrating IoT into various business domains [11]. The importance of digital platform innovation, skill, knowledge, and entrepreneurship in policymaking has been manifested through government initiatives, emphasizing the role of IoT in shaping policy and governance [12]. The paper contributes to interdisciplinary research relating to a business and management perspective on IoT by providing a holistic overview of predominant research themes and an integrative research framework, highlighting the need for a comprehensive understanding of IoT’s impact on business and management [13]. The results of the analysis highlighted that both the IoT and the economy are shaped by innovation, opportunities, and development, emphasizing the interconnected nature of IoT and economic progress [14]. The research results show that college teachers and students have a disjointed cognition of food security as an important aspect of innovation and entrepreneurship, shedding light on the role of IoT in shaping entrepreneurial mindsets and strategies [15]. The rise of smart cities, enabled by community, technology, and policy to deliver productivity, innovation, livability, sustainability, and good governance, has increased the demand for AI-enabled innovations, emphasizing the interconnected nature of IoT and AI in shaping urban environments and entrepreneurial opportunities [16].

The rest of the paper is organized as follows: Section 2 defines the related work, and Section 3 presents the proposed approach. Section 4 presents the results, and finally, Section 5 concludes the paper.

2. Related Work

The development of frameworks for attack detection in IoT has been the subject of extensive research, with various proposals aiming to enhance the security of IoT devices and networks. Sudhakaran and Malathy [17] proposed an authorization, attack detection, and avoidance framework for IoT devices, emphasizing the need for comprehensive security measures. Similarly, Khedr et al. [18] introduced the FMDADM framework, which focuses on multi-layer Distributed Denial of Service (DDoS) attack detection and mitigation using machine learning for stateful SDN-based IoT networks, presented an unsupervised ensemble-based deep learning approach for attack detection in IoT networks, highlighting the significance of leveraging advanced technologies for security enhancement [19]. Additionally, Eboya and Juremi [20] introduced the iDRP framework, an intelligent malware exploration framework for big data and IoT ecosystems, emphasizing the importance of intelligent detection methods for IoT security. Furthermore, Rathore and Park [21] proposed a semi-supervised learning-based distributed attack detection framework for IoT, underscoring the need for distributed and adaptive security measures. Moreover, Hussain et al. [22] developed a framework for malicious traffic detection in IoT healthcare environments, addressing the specific security challenges in healthcare-related IoT systems. Aslam et al. [23] introduced an adaptive machine learning-based distributed denial-of-service attacks detection and mitigation system for SDN-enabled IoT, highlighting the importance of adaptive security measures for evolving threats. Syed et al. [24] focused on denial of service attack detection through machine learning for the IoT, emphasizing the role of machine learning in addressing sophisticated attacks targeting IoT devices and networks. Additionally, a framework for early detection of attacks on IoT resources, known as EADA, was proposed by Karande and Joshi [25], highlighting the importance of proactive security measures for IoT systems. Furthermore, Arshad et al. [26] presented a framework for digital forensics analysis of IoT nodes using machine learning, emphasizing the significance of forensic analysis in identifying and mitigating attacks on IoT devices. These frameworks collectively contribute to the advancement of IoT security, addressing various types of attacks and vulnerabilities to ensure the integrity and resilience of IoT ecosystems.

3. Proposed Approach

The model we propose integrates univariate feature selection with a deep Convolutional Neural Network (CNN) to enhance cybersecurity in smart entrepreneurial factories. As represented in the model framework shown in Figure 1, the proposed approach takes advantage of cloud computing to analyze data traversing in the IoT devices located on the factory floor. Moreover, as a preprocessing algorithm, the univariate feature selection is essentially utilized to detect cyber-attack data. The most appropriate features of attack detection are then transferred to the deep CNN model to facilitate real-time attack detection and prevention in the cloud environment. The interplay of the feature selection and the deep CNN cloud model in detecting and preventing possible botnet future attacks in the factory’s smart machines enriched the factory’s smart machines to work in completely secure cyber-physical spaces.

3.1. Data Preprocessing and Feature Selection

Data normalization is the first process that is involved in the preprocessing stage. The process involved in preparing the dataset to feed into the model training is shown in Algorithm 1, which uses the approach of MinMax Scaler. Data preprocessing is a method used in transforming features by scaling each of them within the specified range; this is, by and large, the most used approach in the standardization process. For instance, for a given dataset X with each feature $x_i$ the normalization process can be performed using Equation (1):

$$x_{i_{\mathrm{norm}}}={\displaystyle \frac{x_i-min\left(x_i\right)}{max\left(x_i\right)-min\left(x_i\right)}}$$

(1)

The processed data are then scaled. Scaling is used so that all developmental data are represented in the variable range with a mean of zero and a standard deviation of one. These data are used in most of the model development stages, so it will be referred to as $X_{\mathrm{norm}}$. The only exception is the last model, where the fitted MinMaxScaler was used to normalize the X_train and X_test data. The pseudocode of the feature selection process is provided below as Algorithm 1.

Algorithm 1 Data Normalization using MinMax Scaler

1: Input: Data frame X 2: Output: Normalized Data frame $X_{\mathrm{norm}}$ 3: for each feature $x_i$ in X do 4:    $x_{i_{\mathrm{norm}}}\leftarrow {\displaystyle \frac{x_i-min\left(x_i\right)}{max\left(x_i\right)-min\left(x_i\right)}}$ 5: end for 6: return $X_{\mathrm{norm}}$

The procedure described in Algorithm 2 is the process of label encoding. It is a necessary part of the data preparation process as it involves changing the format of labels as the categorical types. The reason the label encoding is used is to interpret different types of network traffic. These data are used to detect possible threats to security in IoT. For the set of labels $Y:Y=y_1,y_2,\dots ,y_n$, it is possible to develop the process of label encoding that is a function $f:Y⟶\mathbb{Z}$. Along with it, each $y_i$ may be correlated with its corresponding value within the sequence of integers, i.e., $z_i$. However, the initial step in label encoding is finding $unique\_labels$.

$$unique\_labels=\mathrm{unique}\left(Y\right)$$

(2)

The output of this process is a transformed label set. After this process, each original categorical label is replaced by its corresponding integer representation. This transformation is fundamental for the subsequent machine learning stages, as it allows for the efficient processing and analysis of the categorical data by algorithms that require numerical input.

Algorithm 2 Label Encoding

1: Input: Labels Y 2: Output: Encoded Labels 3: $unique\_labels\leftarrow \mathrm{unique}\left(Y\right)$ 4: Print $unique\_labels$

The third crucial phase of the data preprocessing is shown in Algorithm 3. In our case, it is the univariate feature selection that is fundamental to the performance of the deep learning model. It uses the ${\chi }^2$ test to determine how crucial every feature in the database is.

Algorithm 3 Univariate Feature Selection using Chi-Squared Test

1: Input: Normalized Data frame $X_{\mathrm{norm}}$, Labels Y 2: Output: Selected Features 3: Initialize SelectKBest with chi-squared and $k=20$ 4: for each feature $x_j$ in $X_{\mathrm{norm}}$ do 5:    Compute $ch{i}^2(x_j,Y)$ 6: end for 7: Select top k features based on highest $ch{i}^2$ scores 8: return Selected features

Given the normalized dataset $X_{\mathrm{norm}}$ and the encoded labels Y, the feature selection process starts by applying the Chi-squared test to each feature. The ${\chi }^2$ statistic for a feature $x_j$ is calculated using Equation (3):

$${\chi }^2(x_j,Y)=\sum {\displaystyle \frac{{(O_{ij}-E_{ij})}^2}{E_{ij}}}$$

(3)

In Equation (3), $O_{ij}$ is the frequency of observation where $x_j$ and Y occur, $E_{ij}$ is the frequency of the occurrence of $x_j$ and Y. This test is carried out for each and every feature in the dataset, and they tell us the extent to which each feature is independent of the label. After that, the k features with the highest ${\chi }^2$ scores are selected. As a result, only the meaningful features in predicting the label are retained for the training of the model. We selected k = 20, so the 20 features identified with the target train samples are the ones used.

3.2. Deep CNN Model

In the development of our deep learning model, outlined in Algorithm 4, we adopt a structured approach to define the model architecture and data processing. The model is developed using a generic framework that allows for flexibility in terms of input and output sizes, kernel sizes, and other hyperparameters.

Algorithm 4 Data Loading and Model Architecture

1: Data Loading:   2: Set BATCH_SIZE to a specific value   3: Initialize train_dataloader and test_dataloader with BATCH_SIZE and appropriate shuffling   4: Model Architecture:   5: Define DeepLearning model with the following layers:   6: Convolutional layer $conv1$ with x input channels, y output channels, kernel size a, and padding b   7: ReLU activation layer $relu1$   8: MaxPooling layer $maxpool1$ with kernel size c   9: Convolutional layer $conv2$ with y input channels, z output channels, kernel size d, and padding e 10: ReLU activation layer $relu2$ 11: MaxPooling layer $maxpool2$ with kernel size f 12: Flatten layer 13: Fully connected layer $fc1$ with input size z and output size g 14: ReLU activation layer $relu3$ 15: Dropout layer with dropout rate h 16: Fully connected layer $fc2$ with input size g and output size representing the number of classes

3.2.1. Data Loading

The data loading process is a crucial first step involving the initialization of dataloaders for both training and testing datasets. These dataloaders are configured with a batch size (denoted as BATCH_SIZE), which is a critical hyperparameter that determines the number of samples processed before the model’s internal parameters are updated. The training dataloader shuffles the dataset to ensure that the model does not learn the order of the data, a key aspect in preventing overfitting.

3.2.2. Model Architecture

The core of our deep learning model consists of a series of convolutional and pooling layers, followed by fully connected layers. The first convolutional layer, $conv1$, takes an input with x channels and outputs y channels, utilizing a kernel of size a and padding b. This is followed by a ReLU activation layer, $relu1$, and a max pooling layer, $maxpool1$, with a kernel size c. The second convolutional layer, $conv2$, continues this pattern with y input channels, z output channels, a kernel size d, and padding e, followed by another ReLU activation layer, $relu2$, and max pooling layer, $maxpool2$ with a kernel size f.

After the convolutional layers, the data are flattened and passed through two fully connected layers. The first, $fc1$, has an input size of z and an output size of g, followed by a ReLU activation layer $relu3$. A dropout layer with a rate h is employed to reduce overfitting. Finally, the last fully connected layer, $fc2$, maps the g inputs to a size that corresponds to the number of classes in the dataset.

4. Results and Discussion

In this section, we provide details about the simulation results. The first subsection presents the details about the simulation environment and data preprocessing stage. Then, the second subsection gives the details about the model’s performance.

4.1. Simulation Environment

We used pytroch to implement the proposed model. The pytorch is run over Acer desktop of 32 GB RAM and windows 11 operating system.

4.2. Data Preprocessing

For the purposes of our evaluation, we have used a Kaggle dataset [27] having high-quality and detailed information. The feature of the dataset being used is that it contains real traffic data collected from nine commercial IoT devices, each of which was truly infected with Mirai or BASHLITE.

The dataset’s heterogeneous collection with several attack vectors is visualized in Figure 2. It shows the various attack classes present in the dataset. From the figure, the attack dataset has a variety of attacks, with the ‘mirai_upd’ attack class having the highest percentage of 23.34% of the classes observed in the data. Other attacks in the data include the ‘mirai_syn’ and ‘mirai_scan’ classes, which have a percentage rate of 12.04% and 10.57% observed in the data. Additionally, the data have benign traffic, thus ensuring that traffic used to train the model is both normal and malicious to ensure the model is robust. The findings allow botnet detection models in IoT data to be evaluated for optimal botnet detection, thus ensuring the data present the different types of traffic in the real world, hiking its practical utility.

In our study, we addressed the challenge of feature selection within a dataset comprising 115 features by applying a univariate feature selection method to identify the 20 most significant features for our model. The effectiveness of this dimensionality reduction is evident in the correlation matrix presented in Figure 3, which visualizes the correlation coefficients between these selected features and the target classes.

The correlation coefficients range from moderately positive to mildly negative, indicating varying degrees of linear relationship with the target. Notably, features such as ‘MI_dir_L0.01_mean’ and ‘MI_dir_L0.01_variance’ show a strong positive correlation with the target, boasting coefficients of 0.593 and 0.630, respectively. This suggests a substantial linear relationship with the presence of botnet activity within the IoT devices. Conversely, features like ‘HH_jit_L0.1_variance’ exhibit a negative correlation, with a coefficient of approximately −0.155, hinting at an inverse relationship.

The selection of these features underpins the model’s ability to discern patterns indicative of botnet attacks. The correlation matrix, as illustrated, provides a clear visual representation of these relationships, underscoring the relevance of each feature to the predictive task at hand. The discernment of such relationships is critical for enhancing the model’s accuracy and ensuring its robustness in detecting a variety of botnet behaviors.

A detailed analysis of the relationships between the selected features and the target classes was conducted to further understand the underlying patterns within the data. Figure 4 presents a series of scatter plots, each corresponding to one of the top 20 features identified through univariate feature selection against the target class labels. These visual representations provide insight into the distribution and variance of each feature when mapped against different types of network traffic, including benign and various classes of malicious activities.

The scatter plots reveal distinct clusters and patterns that are indicative of the feature behaviors across the different classes. For instance, some features exhibit a wide dispersion across certain attack types, suggesting a higher degree of variability within those classes, while others show a more concentrated distribution, which may indicate a stronger association with specific attack signatures. Notably, certain features, such as ‘MI_dir_L0.1_variance’ and ‘H_L0.01_variance’, display a significant spread when plotted against the target classes, highlighting their potential as discriminative indicators for the detection of anomalous traffic.

Through the scatter plot matrix, we can observe the presence of outliers and the general tendency of each feature to either cluster or spread out across the range of class types. This visualization assists in validating the relevance of the selected features for the classification task and offers a foundation for interpreting the model’s decision-making process, enabling a better understanding of the model’s performance and the characteristics of the IoT dataset.

4.3. Model Performance

The training and validation of our proposed model were systematically recorded over a series of epochs to monitor the convergence behavior in terms of loss and accuracy. The results, as depicted in Figure 5, provide a dual perspective on the model’s learning trajectory. Initially, at epoch 0, the model exhibited a high training loss of 1.943 with a corresponding accuracy of 30.42% and a testing loss of 1.383 with an accuracy of 42.36%. As the epochs progressed, there was a consistent decrease in loss alongside an improvement in accuracy for both the training and testing sets, indicating effective learning.

By epoch 9, the training loss had decreased substantially to 0.734, with an observed accuracy of 64.71%, while the testing loss reduced to 0.641, with an accuracy of 69.18%. This pattern of decreasing loss and increasing accuracy is a strong indicator of the model’s ability to generalize from the training data to unseen data, which is crucial for robust performance in practical applications. The loss curves suggest that the model is not overfitting, as the test loss decreases alongside the training loss. Similarly, the accuracy curves converge in a manner that suggests the model is learning generalizable patterns rather than memorizing the training data.

The performance of our proposed model was rigorously evaluated across various attack types present within the IoT dataset. The classification report, summarized in Figure 6, elucidates the model’s predictive precision, recall, f1-score, and support for each class alongside aggregate metrics. Remarkably, the model achieved perfect precision and recall for the benign class and the ‘mirai_scan’ and ‘mirai_udpplain’ attacks, with f1-scores of 0.99 and 1.00, respectively, indicative of its robustness in detecting these categories.

However, the model’s ability to identify ‘gafgyt_combo’, ‘gafgyt_scan’, and ‘mirai_ack’ was notably deficient, with zero scores across precision, recall, and f1-score, which suggests a potential area for model refinement. Additionally, ‘gafgyt_tcp’ and ‘mirai_syn’ showed high recall but moderate f1-scores, reflecting an imbalance that may be attributed to the class distribution within the dataset. The overall accuracy of the model stood at 0.69, with a macro-average f1-score of 0.59 and a weighted average of 0.61, over a total support of 305,490 instances.

These metrics provide critical insights into the model’s strengths and weaknesses, with high precision indicating a low false positive rate and high recall suggesting few false negatives. The f1-score serves as a harmonic mean of precision and recall, offering a single metric for evaluating the model’s overall performance. The support for each class highlights the number of instances correctly classified, which is particularly useful for understanding the model’s performance in relation to the prevalence of each class.

To further elucidate the performance of our model, a confusion matrix was generated and is presented in Figure 7. The matrix provides a detailed account of the model’s predictions in comparison with the actual classifications. For the ‘benign’ class, the model demonstrated high precision, correctly identifying 14,714 instances, with only minor confusions, notably 64 instances were misclassified as ‘gafgyt_junk’. The model showed remarkable accuracy for the ‘mirai_udp’ class, with all 17,714 instances correctly classified, underscoring the model’s ability to detect this specific attack vector effectively.

Classes such as ‘gafgyt_combo’ and ‘gafgyt_tcp’ exhibited some misclassifications, with 8660 and 31,710 instances, respectively, being misidentified as ‘benign’. This suggests a potential area for improvement in distinguishing between these attack types and benign traffic. The confusion matrix also reveals that while the model perfectly identified all instances of ‘mirai_scan’ and ‘mirai_udpplain’, it struggled with the ‘gafgyt_udp’ class, with 25,000 instances incorrectly classified as ‘mirai_ack’, indicating a challenge in distinguishing between these particular classes.

Overall, the diagonal of the confusion matrix, representing correct classifications, is predominantly high, which indicates a strong performance across most classes. However, the off-diagonal elements, indicative of misclassifications, provide insight into specific areas where the model may benefit from further training or additional feature engineering. The matrix thus serves as a comprehensive visual tool for evaluating the model’s classification prowess and for identifying classes that may require additional scrutiny.

4.4. Comparative Analysis

In this section, the comparative analysis of our proposed work with the current research work is demonstrated, as represented in

Table 1. Comparative Analysis.

Scheme	Key Features	Advantages	Limitations
Proposed Scheme	Univariate feature selection Deep CNN model Real-time botnet detection Application in entrepreneurial IoT environments	High accuracy and efficiency Enhanced feature extraction Robust against complex patterns Supports innovation and knowledge growth	Initial setup complexity Requires sufficient computational resources
Sudhakaran and Malathy [17]	Authorization Attack detection and avoidance framework	Comprehensive security measures Covers multiple attack types	Less focus on real-time detection Limited feature selection
Khedr et al. [18]	Multi-layer DDoS attack detection Stateful SDN-based IoT networks	Effective against DDoS attacks Utilizes machine learning for enhanced detection	Focused mainly on DDoS Does not address feature selection
Eboya and Juremi [20]	Intelligent malware exploration framework Big data and IoT ecosystems	Advanced malware detection Uses intelligent methods for exploration	Higher computational requirements Limited to malware detection
Rathore and Park [21]	Semi-supervised learning Distributed attack detection framework	Distributed and adaptive security measures Effective for large-scale IoT networks	Complexity in semi-supervised learning Higher dependency on network configuration
Hussain et al. [22]	Malicious traffic detection IoT healthcare environments	Specific to healthcare IoT High accuracy in detecting malicious traffic	Limited to healthcare applications May not generalize well to other IoT domains

. Our proposed approach integrates univariate feature selection with a deep CNN model. The approach achieves the highest accuracy and precision in the detection of botnets. Unlike the other methods, the approach demonstrates the advantages of the advanced feature extraction and the pattern recognition technique setting to support innovation and knowledge growth of entrepreneurial IoT environments.

5. Conclusions

Our research offers a compelling contribution to enhancing IoT security within entrepreneurial ecosystems, employing a sophisticated combination of univariate feature selection and a deep Convolutional Neural Network (CNN) model. This integration not only demonstrates remarkable accuracy in detecting botnet attacks peculiar to IoT environments but also sets a new benchmark in the application of deep learning for cybersecurity. Although the model faces challenges in differentiating specific attack patterns, its overall efficacy highlights the transformative potential of advanced security methodologies for entrepreneurs reliant on IoT technologies. This study goes beyond presenting a state-of-the-art detection mechanism; it emphasizes the imperative for innovative and adaptive security strategies to navigate the rapidly evolving IoT landscape. In doing so, it lays a foundation for future research and development aimed at fortifying IoT infrastructures against cyber threats, thereby supporting the growth and resilience of entrepreneurial ventures in the digital era.