The growing shift toward Internet of Things (IoT)-based solutions expands the attack surface of systems by connecting an extensive network of heterogeneous devices and technologies. The heterogeneity of IoT devices and the scale of the network often make conventional security measures impractical. Therefore, recent research efforts have focused on machine learning (ML)-based device-agnostic IoT security solutions. However, most proposed solutions have focused solely on detecting malicious traffic in IoT networks. While this is important, further information about the attack is needed to provide a comprehensive defense before, during, and after the incident. To address this gap, we proposed an anomaly-based intrusion detection model that detects malicious traffic and identifies the attack category and subcategory with high accuracy, recall, precision, and F1-score. The proposed intrusion detection model is an ensemble model that integrates multiple ML models to produce more robust and reliable detections. For evaluation, we performed three sets of experiments: (1) a binary classification to detect malicious traffic; (2) a multi-class classification to detect the attack category; and (3) a multi-class classification to detect the attack subcategory. In the experiments, our model achieved an accuracy, recall, precision, and F1-score of 100% for the binary detection; a precision, recall, and F1-score of 99% and an accuracy of 100% for the multi-class category classification; and an accuracy, recall, precision, and F1-score of 88% for the multi-class subcategory classification. These results suggest that the proposed model can reliably detect anomalies in IoT devices.
