To address escalating security vulnerabilities and the challenge of detecting diverse attack types in large-scale Internet of Things (IoT) networks, this paper proposes a hybrid machine learning intrusion detection system (IDS) based on an ensemble voting mechanism. The method innovatively integrates Random Forest, XGBoost, K-Nearest Neighbors (KNN), and AdaBoost into a scalable ensemble architecture, leveraging a weighted voting strategy to enhance robustness and multi-class attack discrimination. Comprehensive evaluation on the real-world IoT-23 dataset demonstrates that the proposed approach consistently outperforms individual baseline models in both binary and multi-class intrusion detection tasks, achieving average improvements of 5.2–8.7% in accuracy and F1-score. Notably, it exhibits superior detection capability against sophisticated threats—including Advanced Persistent Threats (APTs), Distributed Denial-of-Service (DDoS) attacks, and malicious scanning. The implementation is open-sourced and designed for practical deployment in resource-constrained IoT environments.

The rapid growth of the Internet of Things (IoT) has revolutionized industries, enabling unprecedented connectivity and functionality. However, this expansion also increases vulnerabilities, exposing IoT networks to increasingly sophisticated cyberattacks. Intrusion Detection Systems (IDS) are crucial for mitigating these threats, and recent advancements in Machine Learning (ML) offer promising avenues for improvement. This research explores a hybrid approach, combining several standalone ML models such as Random Forest (RF), XGBoost, K-Nearest Neighbors (KNN), and AdaBoost, in a voting-based hybrid classifier for effective IoT intrusion detection. This ensemble method leverages the strengths of individual algorithms to enhance accuracy and address challenges related to data complexity and scalability. Using the widely-cited IoT-23 dataset, a prominent benchmark in IoT cybersecurity research, we evaluate our hybrid classifiers for both binary and multi-class intrusion detection problems, ensuring a fair comparison with existing literature. Results demonstrate that our proposed hybrid models, designed for robustness and scalability, outperform standalone approaches in IoT environments. This work contributes to the development of advanced, intelligent IDS frameworks capable of addressing evolving cyber threats.