A HYBRID DEEP LEARNING AND BLOCKCHAIN FRAMEWORK FOR PROACTIVE SECURITY IN IOT NETWORKS: ATTACK DETECTION, PERFORMANCE EVALUATION, AND COMPARATIVE ANALYSIS
DOI:
https://doi.org/10.70917/ijcisim-2026-2196Keywords:
IoT Security, Deep Learning, Blockchain, Anomaly Detection, Hybrid Framework, Cyberattack ClassificationAbstract
The consequences of widespread adoption of Internet of Things (IoT) technology across several industries, healthcare, and smart home solutions are improving operational efficiencies but creating significantly greater attack surfaces, which challenge and/or circumvent existing security methodologies. IoT systems have diverse and resource-constrained components, use a variety of communication protocols and systems (e.g. MQTT, CoAP, Zigbee, and BLE), involve devices that are accessible and physically located in areas that are not monitored, and include a systemic lack of a centralized trust infrastructure. IoT systems, as currently conceived, are technologically incapable of addressing the complexities of existing intrusion detection systems, and are therefore incapable of addressing the rapidly evolving threat in large-scale IoT environments. This paper attempts to establish the foundation of a comprehensive assessment of the attack surfaces and methodologies that encompass the current attack vectors within a heterogeneous, federated, IoT ecosystem and the resource-constrained devices that inhabit it. This assessment includes an analysis of the available approaches for the identification of attacks that fall within six broad categories of IoT attacks (e.g., Distributed denial of service attack (DDoS), Replay, Man-in-the-Middle (MITM), Sybil, Botnet, and Eavesdropping) across five categories of heterogeneous IoT devices). The proposed methodology includes a multi-granular, multi-layer statistical analysis of varying degrees of granularity (e.g. CPU, packet, time of packet, duplicate, and failed attempts to authenticate) to identify the presence of anomalous patterns and the construction of a trust ledger based on blockchain technology and reinforced by the SHA-256 encryption algorithm and a smart contract actuator to manage access control. The LSTM model uses mini-batch stochastic gradient descent and was trained over three epochs on a self-created synthetic IoT traffic dataset with 3000 labeled instances across seven classes. Each class has a different type of traffic to simulate consistency. The blockchain module has and immutable record of device reputation and guarantees proactive access denial of devices with trust scores lower than a configurable threshold. Experimental evaluation shows a 100% recall. This guarantees no attack goes undetected and achieves and F1-score of 62.64% on the held-out test partition. The hybrid model is evaluated against four baseline models: Rule-Based IDS, Naive Bayes, K-Nearest Neighbours and Random Forest. The hybrid model is more superior than all the other models in regards to recall and proactive defense. All attack categories have the parameters of performance on: latency, energy consumption, throughput, scalability, and packet loss. In the scalability simulation, the latency consistently grows sub linearly, 311.8ms with 100 devices and 415.7ms with 10,000 devices. This is the first step to implement intelligent, decentralized, and adaptive security in frameworks for the IoT infrastructures.