Towards SDN-Enabled, Intelligent Intrusion Detection System for Internet of Things (IoT)

The Internet of Things (IoT) has established itself as a multibillion-dollar business in recent years. Despite its obvious advantages, the widespread nature of IoT renders it insecure and a potential target for cyber-attacks. Furthermore, these devices broad connectivity and dynamic heterogeneous nature can open up a new surface of attack for refined malware attacks. There is a critical need to protect the IoT environment from such attacks and malware. Therefore this research aims to propose an intelligent, SDN-enabled hybrid framework leveraging Cuda Long Short Term Memory Gated Recurrent Unit (cuLSTMGRU) for efficient threat detection in IoT environments. To properly assess the proposed system, a state-of-the-art IoT-based dataset and standard evaluation metrics were used. The proposed model achieved 99.23 % detection accuracy with a low false-positive rate. For further verification, we compare the proposed model results with two of our constructed models (i.e., cuBLSTM and cuGRUDNN) and current benchmark algorithms. The proposed model outclassed the other models regarding speed efficiency, detection accuracy, precision, and other standard evaluation metrics. Finally, the proposed work employed 10-fold cross-validation to ensure that the results were completely unbiased.


I. INTRODUCTION
With the development in information technology (IT), the Internet of things (IoT) has significantly evolved over the last two decades. IoT expands the existence of the Internet by connecting smart devices. The increase of user demands and the large data throughput produced by IoT devices have grown to billions of gigabytes. The IoT connects millions of smart devices resulting in smart environments, i.e., smart factories, ecosystems, smart cities, and intelligent health systems [1]. However, the high user demand and the increasing connectivity of these devices result in raising multiple security concerns. In the last several years, there has been a rapid growth in IoT devices along with the data shared The associate editor coordinating the review of this manuscript and approving it for publication was Giovanni Pau . by these devices. Due to this, many threats and attacks are also focusing on the networks of IoT [2]. IoT comprises heterogeneous and homogenous networks along with networking devices using different protocols. The dynamic characteristics of these devices make the entire system and IoT devices vulnerable to cyber-attacks, i.e., distributed denial of service (DDoS) attacks, brute force attacks, denial of service (DoS) attacks, etc. [3]. Security operation center analysts monitor the network continuously to identify each threat and vulnerability, but an attacker tries to exploit the system by looking for a single vulnerability. The authors of [4] discussed deception and replay attacks along with the detection techniques and security controls of such attacks on the industrial level. As the IoT devices are heterogeneous in nature and follow different protocols, various security measures need to be followed for these devices due to their seamless nature.
A comprehensive strategy has yet to be devised for securing the complete infrastructure of IoT. The security of the IoT environment remains a major challenge and presents a serious need for security.
Software-defined networking (SDN) enabled architecture provides the opportunity to configure and abridge the management of networks and improves the ability of the heterogeneous and dynamic nature of the IoT devices. Further, the SDN offers a platform for implementing a security solution to detect threats effectively and efficiently without the exhaustion that does not overburden the IoT devices. A network security system contains an antivirus, firewall, and intrusion detection system (IDS). The IDS generates alerts after identifying unusual behavior of the system, i.e., destruction, alteration, and replication. Thus, one of the best methods for SDN surveillance is to integrate IDS in SDN [5]. With the SDN's programmable feature and the feasibility of Artificial Intelligence (AI), Integrating AI-based security solutions with SDN helps boost security levels. The authors of [8] discussed AI-based techniques employed as network traffic algorithms such as Decision Trees, ANN's, and fuzzy logic resulting in ideal results.
Furthermore, Deep Learning (DL) algorithms and SDN have found several interesting applications in the research community. SDN gives better network security compared to traditional systems [6]. For efficient and early detection of new emerging numerous cyber-attacks, we use SDN-based DL architecture in this work, as illustrated in Figure 2. using the algorithms of DL. The experimentation and evaluations are performed on the CICIDS2017 dataset.

A. CONTRIBUTION
The contributions of this research are as follow: • We propose a hybrid Intelligent, SDN-enabled model for efficient and early threat detection in the IoT environment.
• cuLSTMGRU is used for effective intrusions detection. • We employ standard evaluation metrics for a thorough evaluation of the proposed model.
• cuBLSTM and cuGRUDNN are exploited on the same dataset for comparison purposes to prove the proposed model's efficiency.
• For further verification, we compare the proposed model with existing literature.
• Finally, we employed 10-fold cross-validation to ensure that the results were completely unbiased.
The remaining part of this paper is organized as follow: The Background and Related Work are described and discussed in Section II. The methodology is presented in Section III. The results are summarized and discussed in Section IV. This paper's conclusion is presented in Section V.

II. RELATED WORK AND BACKGROUND A. BACKGROUND
IoT is defined as an environment of physical devices connected in such a manner that these devices become vital members of a business process. These devices include sensors, network devices, health care, and household devices [7]. IoT consists of different kinds of devices connected by different protocols, and it varies from various networks and environments. A unique address is assigned to each device and connected to the Internet together [8]. The IoT is becoming an essential component of any evolving paradigm of networking and computing. This tremendous revolution in IoT, resulted in enormous advancement in terms of automation and monetary benefit. The complex nature of the IoT environment makes it challenging to provide a common solution because these devices are designed for explicit user purposes. Security is the primary objective in this era, and attaining security is not as simple for IoT devices. These devices cannot be fit into a single protocol due to their diverse nature. Scanning IoT devices for threat detection in real-time may result in an unavoidable overhead. That is why we introduce SDN to focus on the programmability of the network. SDN comprises an application plane, control plane, data plane, and related south and north-bound APIs layers. The control plane is responsible for all the decision-making for the whole network. The advent of SDNs has led to a new networking paradigm by separating the data plane and control plane. The efficient and effective SDN framework provides a centralized control plane VOLUME 10, 2022 to the entire control logic. Therefore, SDN's capability and efficiency intelligence reside in their centralized controlled architecture [9]. The south-bound protocol elements provide statistics (insight) to the SDN controller [10]. The integration of IoT and SDN provides a precise network inspection approach for detecting suspicious activities, threats, and attacks. Therefore SDN provides the IoT with a promising future.

B. RELATED WORK
Internet of Things (IoT) is an expeditiously evolving cutting-edge technology that aims to ameliorate traditional communication networks. The broader surroundings of IoT applications make it susceptible to an assortment of crucial security concerns that need to be taken into consideration. Literature has witnessed a plethora of scientific contributions in this regard that have been discussed in this article.
The deep learning (DL) methods improve the model's performance over the traditional Machine learning (ML) approaches. DL framework has been used in different fields, i.e., computer vision, voice recognition, image processing, by large organizations such as Youtube, Google, Microsoft, and Facebook. In recent years, different approaches of DL have been used to mitigate cyber-attacks [11]. The authors in [12] proposed a Deep Learning (DL) driven Software Defined Networks (SDN) based intrusion detection mechanism (CNN-LSTM) for resource-constrained IoT supported medical environments. The system is trained on a distinguished dataset-IoT Malware Dataset that makes it durable to detect the existence of an enormous variety of common security threats in IoT networking scenarios. Attack detection accuracy, confusion matrix, True Positive (TP), False Positive (FP), True Negative (TN), and False Negative (FN) are all used to evaluate the suggested framework's performance. Moreover, a performance comparison is conducted between the designed framework and other relevant solutions, where favorable results with 99.9% attack detection accuracy seem to support CNN-LSTM and endorse it as a secure and decisive choice for IoT-based communication networks. Another security model is elaborated in [13], where authors proposed an IDS to highlight the malicious enterprises enclosing the IoT communication systems. The proposed system is trained on CICIDS2017 set in accomplice with Random Forest (RF) classifier; the performance is analyzed in comparison with some other variants of the same dataset-The Wednesday's release version. The proposed framework seems to beat later datasets with 99.7% attack detection accuracy and proves its effectiveness in terms of convenient configuration, instant communication, and a trustworthy security sphere. RF is acquired as a training pattern in [14] as well, where another IDS is proposed that aims to assure threat-free transmission channels in IoT environments. The authors conducted a legitimate traffic analysis through Wireshark by taking various factors into account, such as normal packets, encapsulated suspicious elements, transmission speed, transmission power, etc. The obtained logs are filtered and categorized in an appropriate dataset labeled as the USTA-IoT dataset that comes with a moderate integration capability with all state-of-the-art classifiers. The designed model is then scrutinized on a scattered performance matrix including a vast range comprising Denial of Service (DOS) attacks such as SYN, UDP Flood, UDP scan, and ping flood. The proposed framework proves its effectiveness by detecting formerly mentioned networks attacks in significantly less time as compared to the benchmarked model with data set BoT-IOT and TON-IoT.
Distributed Denial of Services (DDOS) attacks possess noticeable status among the list of frequently reported security threats in IoT scenarios. Such sort of attacks tends to slow down the overall performance of the network and sometimes result in even more swear outcomes. To countermeasure such security concerns, another solution is proposed in [15], where the core concepts of deep learning are implemented to formulate a threat detection framework. The designed framework, referred to as CyDDoS comprises of CICIDoS2019 dataset accompanied with a training pattern on a Deep Neural Network (DNN) classifier. A security matrix is composed to compare the performance of the proposed framework and its rival framework. However, CyD-DoS remarkably depicts substantial results and becomes a trustworthy threat detection system. DNN classifier is also interconnected with IoT Network-Traffic dataset to forge a disclosure mechanism for cyber-attacks such as the isolation attacks and misappropriation attacks in IoT networks based on the Routing Protocol for Low Power and Lossy Networks (RPL) [16]. [17] presents another excellent approach for dealing with DoS attacks. The proposed model is trained on three distinguished machine learning techniques, i.e., Multilayer Perception (MLP), Support Vector Machine (SVM), and K-nearest Neighbour (KNN). Moreover, the system is interspersed with two different datasets-the UNSW-NB15 dataset and the ISCX Dataset. IoT networks more often are victimized by another domain of security threats in which the various suspicious attacks are committed to gain unauthorized access upon the crucial network components. The relevant catalog encompasses a User-to-Root attack (U2R), Remote-to-Local (R2L) attack, and probe attack. [18] intensively spotlight such attacks and provide optimal strategies to culprit such malevolent practices within IoT environments. The designed security framework is trained on the NSL-KDD dataset with its more recent version at NSL-KDD'99. Furthermore, some remarkable training algorithms named Stacked Deep Polynomial Network (SDPN) and Spider Monkey Optimization (SMO) are considered. The proposed framework proficiently encounters the mentioned attacks with the detection accuracy of approximately 99.02%, 99.3%, and 99.4%, respectively. In [19], the authors have proposed a comprehensive security framework to detect the existence of threats in IoT infrastructure. Multiple data sets, i.e., BoT-IoT, MQTT-IoT-IDS2020, IoT Network Intrusion, and IoT-23, are incorporated to make the designed framework more splendid and responsive. This formulated solution is later evaluated in terms of attack detection, where incredibly surprising results advocate the proficiencies of this model by witnessing 98.7% detection accuracy against an extensive range of cyber threats. IoT may also be potentially victimized by a diverse range of cyber threats, including port scanning and Brute-Force attacks. Work proposed in [20] comes to safeguard IoT against such conglomeration. The designed mechanism is trained by acquiring Long Short-Term Memory (LSTM) pattern in an acquisition with Coburg Intrusion Detection Dataset (CIDDS-001). The proposed system possesses the capability to remarkably detect the existence of pre-discussed attacks with 99.92% accuracy along with 99.85% precision, which makes it a phenomenal choice to protect IoT working environments. Host Brute-Force attacks, HTTP flooding, and UDP flooding attacks can also be enlisted in the intermittent threats for IoT. [21] formulated a protection mechanism as an antidote to these security threats. Convolution neural networks (CNN) along with LSTM are some well-known classifiers that have been employed to train the proposed framework. Furthermore, Particle Swarm Optimization (PSO) is used to select the best feature among the IoTID20 dataset. Authors have addressed a vast range of cyber-attacks, and their designed framework has validated this claim by successfully detecting these attacks with remarkable accuracy. [22] discussed a relevantly admissible approach to an encounter Brute-Force attack, SYN flooding, and ICMP flooding attacks. The designed security framework is aggregated with CSE-CIC-IDS2018 data set with a training pattern on LSTM and is capable of detecting premonition threats in IoT communications. Another ML-based IDS is offered by employing state-of-the-art feature extraction techniques to accumulate their combined features to detect cyber threats in an effectual way [23]. The system is leveraged by Artificial Neural Network (ANN) classifier in interconnection with the AWID dataset, which makes it compatible with investigating the existence of suspicious entities in a miraculous way. Another relevant approach is used in [24], where researchers proposed another id by commemorating the Support Vector Machine (SVM) classifier in coordination with the BOT-IOT dataset. The actual momentum of the proposed system is analyzed under diverse performance matrixes where adjuvant outcomes seem to strengthen the ancillary framework. [25] contains an encyclopedic IDS to substantially detect the perpetuation of cyber threats. Authors have encompassed an acclaimed data set originated by the Canadian Institute of Cyber Security Intrusion Detection System Dataset (CICIDS2017). Additionally, six different classifiers are taken into consideration, namely Decision Tree (DT), Logistic Regression (LR), Naïve Bayes (NB), Random Forest (RF), Stochastic gradient descent (SGD, and Support Vector Machine (SVM). The framework dexterously percolates malicious communicational streams among IoT networks with impressive veracity.
The entire related work is summarized in Table 1.

III. METHODOLOGY
This section provides the entire research methodology of this research work with a thorough explanation of the network model, dataset, detection framework, algorithms, preprocessing, etc.

A. NETWORK MODEL
In the last few years, SDN has emerged as a technology of integrated network design. It consists of three planes: Application, control, and data plane. In SDN, the control and data planes are separated, which allows simplification VOLUME 10, 2022 and flexibility. The whole network is managed by the SDN controller, placed in the control plane. The SDN simplifies gathering network statistics by having a global view of central control functions and networks and gives better network security than traditional techniques. In SDN architecture, the south-bound protocol is the most significant protocol, responsible for exchanging information between the networking devices and controller.
The authors propose a DL-driven, SDN-enabled framework for intrusion detection in the IoT environment. The proposed model flow chart is illustrated in figure 1 and network model is shown in Figure 2. The proposed DL-driven model (cuLSTMGRU) is placed in the control plane. The proposed model is highly cost-effective and centralized. We have placed the proposed model in the control plane for the following reasons: First of all, the SDN control plan is utterly programmable and adjustable. Secondly, the control plane can cover multiple networks on its data plane. Thirdly, it can leverage IoT devices without the exhaustion that does not overburden them, which makes it a suitable revolution for IoT.
Fourthly, it has Open-Flow (OF) switches that provide a solution for heterogeneity between IoT devices and SDN controllers. OF is a prime south-bound protocol identified by an SDN framework's control and data plane. It consists of activities and flows tables that notify the switch how to proceed with these channels and flows; consequently, the switches and controller are connected. The combination of IoT and SDN provides a proper way to inspect network traffic for detecting threats, suspicious events, and attacks. Further, many IoT devices can be added to the data plane of SDN: e.g., sensors, wireless technologies, and smart devices.

B. DATASET
Selecting an appropriate dataset significantly affects the threat detection framework performance. Various datasets have been employed by different authors for intrusion detection in IoT contexts, according to the literature, i.e., the author in [26] used CICDDoS19 for threat detection in IoT. At the same time, some authors used kdd99, NSLKDD, etc., which lacks the supportive features of IoTs. As a result, the proposed research work used the most up-to-date publicly available CICIDS2017 dataset [27]. This dataset has the supporting features of IoTs, i.e., the dataset is flow-based and is multiclass. It comprises more than 80 features with eight categories of attacks such that. The proposed work selected all the features of this dataset, and the total distribution is across five classes, i.e., benign and attacks. Table 2 provides more information about these classes and its instances.

C. PREPROCESSING OD DATASET
The data in the dataset is in various forms, feeding it directly to the algorithm for classification is not reliable. To increase the proposed model's performance and efficiency, we have performed the pre-processing of the dataset. Initially, all the rows having NaN and Infinity values are deleted. Further, all the non-numeric values are converted to numeric values as the algorithms of DL process the numeric data mainly. Finally, we have performed data normalization to improve the dataset's quality by using the MinMaxScalar function.

D. DETECTION FRAMEWORK
The authors proposed SDN enabled intelligent framework, i.e., cuLSTMGRU, to combat sophisticated threats in IoT.
Gated Recurrent Unit (GRU) is a lately-developed variant of the long short-term memory (LSTM) unit. GRU is informal to adjust and uses the hidden state to allocate information; however, it doesn't require memory units. Consequently, quicker to train and provide improved performance. Subsequently, LSTM is implemented to attain effectual modeling for longer sequences from the dataset, sustaining significantly for preemption of gradient vanishing problem. To entirely get an advantage from the abilities of various DL-classifiers simultaneously, we have used LSTM and GRU for refining complete outcomes in terms of accuracy, recall, precision, speed efficiency, and F1-score. The proposed framework is highly versatile and cost-effective. This framework has been trained and tested on the CICIDS2017 dataset and achieved a better detection accuracy with a very low false-positive rate (FPR). The proposed framework has multiple layers, i.e., LSTM 200 and GRU have 100 neurons in a single layer. The proposed detection framework is depicted in Figure 3. We have used the Relu and softmax functions. For experimental purposes, we have used the Cuda-enabled versions for improved performance. The experimentation has been conducted for five epochs with 32 batch-size for achieving efficient results. Further, the proposed work used the Keras framework and the backend of TensorFlow (TF) for python. In addition, we have used two hybrid classifiers to compare their results with our proposed model for an enhanced evaluation, i.e., cuBLSTM and cuGRUDNN are used as comparison classifiers. cuBLSTM consists of one layer of BLSTM with 200 neurons, while cuGRUDNN consists of one layer of GRU with 200 and another layer of DNN with 100 neurons. Table 3 depicts an in-depth description of the proposed scheme along with the comparison classifiers.   the values while the three gates control the information flow in and out of the cell.
Each j-th LSTM unit maintains a memory cjt at time t, unlike the recurrent unit, which simply adds up the weighted sums of the input signals and applies a nonlinear function; the recurrent unit adds up the weighted sums of the input signals and applies a nonlinear function. The output hjt, or the activation, of the LSTM unit, is then The ojt, which is an input gate, controls the amount of memory content exposure. The output gate is determined by the following formula: where Vo is a diagonal matrix and -α is a logistic sigmoid function. Cjt is the memory cell that is updated by partially forgetting the present memory and adding a new memory content c∼jt: where the new memory content is The degree to which the current memory is forgotten is modulated by a forget gate fjt, and the degree to which the new memory content is added to the memory cell is modulated by an input gate ijt. Gates are computed by 2) GATED RECURRENT UNIT (GRU) GRU belongs to the RNN family and is the improved version of the standard RNN. GRU has the ability to solve the problem of the gradient by using an update and reset gate. They are known as the two vectors and decide what info should be passed to the output. Its specialty is keeping the information from long ago instead of removing the information irrelevant to the prediction. The equations of GRU are as follow: Equation 07 is used to calculate the update gate.
Equation 08 is used for resetting the gate and for deciding how much past info to forget. Both of these formulas are the same. The only difference is the gate usage and the weight.
Rt is a set of reset gates and is an element-wise multiplication. The reset gate basically causes the unit to behave as if it is reading the first symbol in an input sequence, allowing it to forget the state it had previously computed. Equation 3 is used for storing the related info from the past.
Equation 10 is the final phase, in which the network must calculate the vectors containing the current state's information.

F. PSEUDO CODE
The pseudo code of the proposed model is as follow Calculate update gate for timestamp t. 7 Calculate reset gate to determine how much of past information to forget. 8 Starting with the usage of the reset gate, new memory content will use the reset gate to store information. 9 Calculating ht-Vector, which holds information of the current position.  for experimentation. Complete detail of the experimental setup is shown in Table 4.

A. PERFORMANCE EVALUATION METRICS
The proposed work used all of the standard metrics of evaluation, i.e., Accuracy, F1-score, Recall, Precision, etc., to comprehensively assess the proposed framework's performance on the CICIDS2017 dataset. The description of the parameters and the mathematical formulae of these metrics of evaluation are as follow:

B. ACCURACY
The accuracy represents the accurately classified percentage of the records in the dataset.
It represents the total number of records that are accurately predicted over all the data available for a specific class.

V. RESULTS AND DISCUSSION
The complete results and assessment of the proposed model are presented here. For a comprehensive assessment of the proposed model (cuLSTMGRU), its results are compared with the other two classifiers, i.e., cuBLSTM and cuGRUDNN, which are also trained and tested on the same dataset. All of the three models are evaluated under the same standard metrics of evaluation. For further verification, the output of the proposed model is also compared with the existing literature. The proposed model's performance is assessed using the standard metrics listed below.

A. CROSS-VALIDATION
The ten-fold cross-validation has also been employed for the verification of our results. A complete description of each of the folds is depicted in Table 5. The average results of the ten-fold are presented in different parts of this paper for evaluation metrics.

B. CONFUSION MATRIX ANALYSIS
It is used for the purpose of classification and is extremely important to measure the accuracy, F1-score, and recall. The confusion matrix shows the TNR, TPR, FNR, and FPR. The proposed model (cuLSTMGRU) identified the classes properly, as shown in Figure 4.

C. ROC CURVE ANALYSIS
The Roc is a crucial parameter in any intrusion detection system (IDS). It is used for plotting the visualized performance to compare the false positive rate and true positive rate. Figure 5 depicts the Roc curves of the three models accordingly, proving that the proposed algorithm performs significantly better than the other hybrid DL-driven architectures.

D. ACCURACY, F1-SCORE, PRECISION AND RECALL
For a better assessment, we present the proposed model accuracy. The detection accuracy indicates the performance and efficiency of our proposed model. Figure 6 depicts the results of the proposed model along with the other two models. The proposed model achieved an accuracy of 99.23 %. The detection accuracy has been acquired from the implementation results by applying Cu-LSTM-GRU on the CICIDS2017 dataset. The precision represents the total number of accurately predicted records over all the predicted records. The precision of the model is 99.79 %. Further, the recall signifies the total number of accurately predicted records over the data available for a specific class. The F1-score and recall of the  Figure 8 demonstrates that the

G. SPEED AND TIME EFFICIENCY
Training and testing are two phases of analysis. The testing phase is critical since it demonstrates the model's effectiveness. However, the training phase is primarily conducted offline, which is normally overlooked. Figure 9 depicts the proposed model's (cuLSTMGRU) testing time of only 15.3 ms, proving that the model is computationally efficient. However, the speed efficiency of cuBLSTM and cuGRUDNN is 26.1 ms and 29.6 ms.

H. COMPARISON WITH CURRENT BENCHMARK ALGORITHMS
To prove the proposed model's efficiency, we have further compared the proposed model (Cu-LSTMGRU) with our constructed two classifiers, i.e., Cu-BLSTM and Cu-GRU-DNN. These models are trained on the same dataset and evaluated under the same standard evaluation metrics. Furthermore, the model is also compared with current benchmark algorithms for a thorough performance evaluation, as shown in Table 6. In [28], the authors used CNN as a detection model, trained on the CICIDS2018 dataset, and achieved a detection accuracy of 91.50%. However, in [29], a hybrid detection module, i.e., LSTM-CNN, has been used, and the achieved accuracy and precision rates are 98.60% and 99.37%, with a testing time of 296 milliseconds (ms). The authors of [30] used an autoencoder with sigmoid AF (EDSA) as a detection module trained and evaluated under the CICDDoS2019 dataset. The authors achieved an accuracy of 98% with a 91% precision. In [31], Deep Neural Network (DNN) was used as a detection module, but the authors got a very low detection accuracy of only 75.75%. Our proposed model (cuLSTMGRU) outclassed the existing literature in all of the considered standard metrics of evaluation. In addition, cuLSTMGRU has a testing time of only 15.30 ms, reasonably better than cuBLSTM and cuGRUDNN classifiers and existing literature.

VI. CONCLUSION
The Internet of Things requires a dependable, dynamic, adaptable, quicker, and secure network architecture. Intrusion detection systems based on deep learning are capable of detecting a wide range of sophisticated threats and attacks. In this paper, the authors introduced SDN-based hybrid DL-driven architecture (i.e., cuLSTMGRU) for efficient threat detection in an IoT environment. The architecture presented is both cost-effective and scalable. The detection accuracy achieved by the proposed model is 99.23 %, with a false-positive rate of only 0.0066 %. A comprehensive evaluation of the model is conducted by comparing it with two of our constructed DL-driven models (i.e., cuBLSTM and cuGRUDNN) and current benchmarks. The proposed model outclassed the other models in terms of all standard metrics of evaluation. The testing time of the proposed model is only 15.30 milliseconds, proving the speed efficiency of the model. In the future, we aim to use blockchain with hybrid models based on DL to develop a more efficient intrusion detection system for IoTs. Furthermore, this hybrid model is expected to be integrated into the NIDS so that it can be used to mitigate sophisticated threats in real-time. Finally, the authors recommend a variety of DL-driven hybrid models for the security of the IoT ecosystem and upcoming computational paradigms.