RNN-Based Intrusion Detection System for Internet of Vehicles with IG, PCA, and RF Feature Selection

Authors

  • Benni Purnama Information System, Dinamika Bangsa University, Indonesia
  • Eko Arip Winanto Computer Engineering, Dinamika Bangsa University, Indonesia
  • Sharipuddin Informatics, Dinamika Bangsa University, Indonesia
  • Dodi Sandra Computing, University of Technology Malaysia, Malaysia
  • Nurhadi Informatics, Universitas Jenderal Soedirman, Indonesia
  • Lasmedi Afuan Informatics, Universitas Jenderal Soedirman, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.5.5293

Keywords:

Deep Learning, IG, Intrusion Detection, IoV, PCA, RF, RNN

Abstract

Cyberattacks in the Internet of Vehicles (IoV) threaten road safety and data integrity, requiring intrusion detection systems (IDS) that capture temporal patterns in vehicular traffic. This study develops a Recurrent Neural Network (RNN)-based IDS and evaluates three feature-selection strategies—Information Gain (IG), Principal Component Analysis (PCA), and Random Forest (RF)—on the CICIoV2024 dataset. Features are normalized using Min–Max scaling before being fed into the RNN classifier. The models achieve perfect classification on held-out tests (accuracy/precision/recall/F1 = 1.00). However, probabilistic evaluation reveals low ROC–AUC scores (IG: 0.572, PCA: 0.429, RF: 0.415), indicating limited discriminative margins and potential overfitting or calibration issues despite flawless confusion matrices. PCA and RF further reduce computational overhead during inference compared to IG. These findings highlight that relying solely on accuracy can be misleading for IDS evaluation; temporal RNNs should be complemented with probability-aware training, calibration, or hybrid architectures. This work contributes a temporal-aware IDS framework for IoV and motivates future research on real-time deployment, hybrid RNN-CNN/LSTM models, and adversarial robustness to improve generalization and safety of connected vehicles

Downloads

Download data is not yet available.

References

K. Huang, R. Xian, M. Xian, H. Wang, and L. Ni, “A comprehensive intrusion detection method for the internet of vehicles based on federated learning architecture,” Comput. Secur., vol. 147, p. 104067, Dec. 2024, doi: 10.1016/j.cose.2024.104067.

M. Dilshad et al., “IoV cyber defense: Advancing DDoS attack detection with gini index in tree models,” in 2024 international conference on emerging trends in networks and computer communications, ETNCC 2024 - proceedings, IEEE, 2024, pp. 681–688. doi: 10.1109/ETNCC63262.2024.10767505.

J. Tu and W. Shang, “Enhancing Intrusion Detection in The Internet of Vehicles: An Ensemble and Optimized Machine Learning Approach,” in 2023 2nd International Conference on Sensing, Measurement, Communication and Internet of Things Technologies (SMC-IoT), Changsha, China: IEEE, Dec. 2023, pp. 207–211. doi: 10.1109/SMC-IoT62253.2023.00044.

M. S. Korium, M. Saber, A. Beattie, A. Narayanan, S. Sahoo, and P. H. J. Nardelli, “Intrusion detection system for cyberattacks in the Internet of Vehicles environment,” Ad Hoc Netw., vol. 153, p. 103330, Feb. 2024, doi: 10.1016/j.adhoc.2023.103330.

S. Anbalagan, G. Raja, S. Gurumoorthy, R. D. Suresh, and K. Dev, “IIDS: Intelligent intrusion detection system for sustainable development in autonomous vehicles,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 12, pp. 15866–15875, 2023, doi: 10.1109/TITS.2023.3271768.

A. Anzer and M. Elhadef, “A multilayer perceptron-based distributed intrusion detection system for internet of vehicles,” Proc. - 4th IEEE Int. Conf. Collab. Internet Comput. CIC 2018, pp. 438–445, 2018, doi: 10.1109/CIC.2018.00066.

E. Gelenbe, B. C. Gül, and M. Nakıp, “DISFIDA: Distributed Self-Supervised Federated Intrusion Detection Algorithm with online learning for health Internet of Things and Internet of Vehicles,” Internet Things, vol. 28, p. 101340, Dec. 2024, doi: 10.1016/j.iot.2024.101340.

H. Taslimasa, S. Dadkhah, E. C. P. Neto, P. Xiong, S. Ray, and A. A. Ghorbani, “Security issues in Internet of Vehicles (IoV): A comprehensive survey,” Internet Things, vol. 22, p. 100809, July 2023, doi: 10.1016/j.iot.2023.100809.

L. Xing, K. Wang, H. Wu, H. Ma, and X. Zhang, “Intrusion Detection Method for Internet of Vehicles Based on Parallel Analysis of Spatio-Temporal Features,” Sensors, vol. 23, no. 9, p. 4399, Apr. 2023, doi: 10.3390/s23094399.

H. Zhang, J. Ye, W. Huang, X. Liu, and J. Gu, “Survey of federated learning in intrusion detection,” J. Parallel Distrib. Comput., vol. 195, p. 104976, Jan. 2025, doi: 10.1016/j.jpdc.2024.104976.

K. Aswal, D. C. Dobhal, and H. Pathak, “Comparative analysis of machine learning algorithms for identification of BOT attack on the Internet of Vehicles (IoV),” in 2020 International Conference on Inventive Computation Technologies (ICICT), Coimbatore, India: IEEE, Feb. 2020, pp. 312–317. doi: 10.1109/ICICT48043.2020.9112422.

L. Yang, A. Shami, G. Stevens, and S. De Rusett, “LCCDE: A Decision-Based Ensemble Framework for Intrusion Detection in The Internet of Vehicles,” in GLOBECOM 2022 - 2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil: IEEE, Dec. 2022, pp. 3545–3550. doi: 10.1109/GLOBECOM48099.2022.10001280.

Y. Otoum, Y. Wan, and A. Nayak, “Transfer Learning-Driven Intrusion Detection for Internet of Vehicles (IoV),” in 2022 International Wireless Communications and Mobile Computing (IWCMC), Dubrovnik, Croatia: IEEE, May 2022, pp. 342–347. doi: 10.1109/IWCMC55113.2022.9825115.

B. Wang, Y. Shang, F. Wang, and Y. Zeng, “A DoS attack detection system based on CNN and BiLSTM for internet of vehicles,” in 2024 12th international conference on information systems and computing technology, isctech 2024, 2024. doi: 10.1109/ISCTech63666.2024.10845700.

X. Yuan, S. Han, W. Huang, H. Ye, X. Kong, and F. Zhang, “A simple framework to enhance the adversarial robustness of deep learning-based intrusion detection system,” Comput. Secur., vol. 137, no. July 2023, 2024, doi: 10.1016/j.cose.2023.103644.

X. Huang et al., “A survey of safety and trustworthiness of deep neural networks: Verification, testing, adversarial attack and defence, and interpretability,” Comput. Sci. Rev., vol. 37, 2020, doi: 10.1016/j.cosrev.2020.100270.

V. Ravi, R. Chaganti, and M. Alazab, “Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system,” Comput. Electr. Eng., vol. 102, no. February, p. 108156, 2022, doi: 10.1016/j.compeleceng.2022.108156.

E. C. P. Neto et al., “CICIoV2024: Advancing realistic IDS approaches against DoS and spoofing attack in IoV CAN bus,” Internet Things, vol. 26, p. 101209, July 2024, doi: 10.1016/j.iot.2024.101209.

M. B. Dissanayake, “Feature engineering for cyber-attack detection in internet of things,” Int. J. Wirel. Microw. Technol., vol. 11, no. 6, pp. 46–54, 2021, doi: 10.5815/ijwmt.2021.06.05.

A. A. Aburomman and M. B. I. Reaz, “Ensemble of binary SVM classifiers based on PCA and LDA feature extraction for intrusion detection,” Proc. 2016 IEEE Adv. Inf. Manag. Commun. Electron. Autom. Control Conf. IMCEC 2016, pp. 636–640, 2017, doi: 10.1109/IMCEC.2016.7867287.

T. A. Alhaj, M. M. Siraj, A. Zainal, H. T. Elshoush, and F. Elhaj, “Feature selection using information gain for improved structural-based alert correlation,” PLoS ONE, vol. 11, no. 11, pp. 1–18, 2016, doi: 10.1371/journal.pone.0166017.

T. E. T. Djaidja, B. Brik, S. Mohammed Senouci, A. Boualouache, and Y. Ghamri-Doudane, “Early Network Intrusion Detection Enabled by Attention Mechanisms and RNNs,” IEEE Trans. Inf. Forensics Secur., vol. 19, pp. 7783–7793, 2024, doi: 10.1109/TIFS.2024.3441862.

M. A. Khan, “HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system,” Processes, vol. 9, no. 5, 2021, doi: 10.3390/pr9050834.

M. Essaid, D. Y. Kim, S. H. Maeng, S. Park, and H. T. Ju, “A collaborative DDoS mitigation solution based on ethereum smart contract and RNN-LSTM,” in 2019 20th asia-pacific network operations and management symposium: Management in a cyber-physical world, APNOMS 2019, IEICE, 2019, pp. 12–17. doi: 10.23919/APNOMS.2019.8892947.

S. Abdelhamid, I. Hegazy, M. Aref, and M. Roushdy, “TL-IDS: a transfer learning technique for botnet detection in IoT,” 6th Int. Conf. Comput. Inform. ICCI 2024, pp. 315–321, 2024, doi: 10.1109/ICCI61671.2024.10485152.

S. Li, J. Wang, Y. Wang, G. Zhou, and Y. Zhao, “EIFDAA: Evaluation of an IDS with function-discarding adversarial attacks in the IIoT,” Heliyon, vol. 9, no. 2, p. e13520, Feb. 2023, doi: 10.1016/j.heliyon.2023.e13520.

D. Wang, X. Wang, and J. Fei, “IDS-GAN: Adversarial Attack against Intrusion Detection Based on Generative Adversarial Networks,” in 2024 5th International Conference on Computer Vision, Image and Deep Learning (CVIDL), Zhuhai, China: IEEE, Apr. 2024, pp. 1130–1134. doi: 10.1109/CVIDL62147.2024.10603582.

Additional Files

Published

2025-10-16

How to Cite

[1]
B. . Purnama, E. A. Winanto, S. Sharipuddin, D. Sandra, N. Nurhadi, and . L. . Afuan, “RNN-Based Intrusion Detection System for Internet of Vehicles with IG, PCA, and RF Feature Selection”, J. Tek. Inform. (JUTIF), vol. 6, no. 5, pp. 3204–3216, Oct. 2025.

Issue

Vol. 6 No. 5 (2025): JUTIF Volume 6, Number 5, Oktober 2025

Section

Articles

License

Copyright (c) 2025 Benni Purnama, Eko Arip Winanto, Sharipuddin, Dodi Sandra, Nurhadi, Lasmedi Afuan

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.