A Hybrid Deep Learning Model to Detect Advanced Man in the Middle Attacks in the Internet of Things Networks

Abstract

Highly developed Man-in-the-Middle (MITM) attacks in Internet of Things (IoT) networks present a significant security risk because they can avoid protocol violations but introduce a small amount of behavioral deviation such that more traditional intrusion detection systems cannot detect it. This research will solve this issue by suggesting a hybrid neural network that learns spatial, temporal and contextual features of IoT traffic to classify multi-class MITM attacks. The model combines CNN-LSTM, Transformer-BiLSTM, and CNN-Transformer models to collectively model local feature correlations, sequential dynamics, and long-range dependencies. Large-scale experiments show that performance has improved on all models following training, with the CNN-Transformer having the highest overall performance, with Macro F1-score of 97.72, accuracy of 98.00 and AUC of 98.41, and lower inter-class confusion and better stability through repetitions. The findings attest to the idea that hybrid systems that consist of convolutional feature generation and attention-based global modeling offer strong and balanced detection of advanced variants of MITM attacks under heterogeneous IoT conditions, which justifies their appropriateness in the context of implementing effective IoT security in practice