Enhancing Zero-Day Attack Detection in IoT Networks via Isolation Forest and Ensemble Tree Models

The Internet of Things (IoT) devices perform critical functions such as sensitive data collection, storage, and processing, which make them vulnerable to malicious attacks. In this study, a Network Intrusion Detection System was designed to enhance the security of IoT devices. Data sets obtained from three different IoT environments (CICEVSE2024, CICIoT2023, and RT-IoT2022) were utilized for attack detection using tree-based machine learning methods. Experimental results demonstrated that attacks were detected with an average accuracy of 99%. Additionally, a second security layer was implemented to identify zero-day attacks. Analyses showed that the Isolation Forest algorithm detected zero-day attacks with accuracies ranging from 30% to 62%. This proposed approach shows promise in enhancing security against known and unknown attacks.

Cite this article as: S. Üstebay, “Improving zero-day attack detection accuracy in IoT networks with isolation forest and tree-based models,” Electrica, 25, 0177, 2025. doi: 10.5152/electrica.2025.24177.