Anomaly Detection in IoT Using Machine Learning Techniques: A Comparative Study and Voting-Ensemble Approach

Abstract

The widespread adoption of Internet of Things systems has connected large numbers of devices through shared networks and cloud services, which has improved automation, monitoring, and operational efficiency. However, this growing connectivity also enlarges the security boundary and creates more opportunities for attackers to inject harmful or abnormal traffic. As a result, it becomes increasingly important to detect malicious behavior early and reliably so that IoT-oriented networks can remain stable, trustworthy, and resilient. In this study, machine learning is used to identify malicious activity from network traffic data. Five supervised learning models are examined, including k nearest neighbor, decision tree, naive Bayes, multilayer perceptron, and support vector machine. Since each classifier has different strengths and weaknesses, an additional voting-based ensemble model is developed to combine their predictions into a single decision. The evaluation is carried out on the KDD Cup 1999 benchmark dataset using a conventional training and testing procedure. To ensure a fair comparison, performance is assessed through accuracy, precision, recall, and F score, which together provide a balanced view of detection quality. The experimental findings show that the voting ensemble model produces the most reliable performance among the tested approaches. In the full label evaluation setting, the ensemble achieves 98.87 percent accuracy, exceeding the best single classifier performance. In a filtered class setting that removes rare classes to reduce extreme imbalance, the ensemble accuracy increases to 99.87 percent. These findings indicate that combining diverse learners improves robustness and reduces the risk of relying on a single model under varying traffic patterns, providing a strong baseline for intrusion detection in IoT network environments.