AUTHOR=Alabdullah Batool , Sankaranarayanan Suresh 
  
TITLE=Optimized ensemble machine learning model for cyberattack classification in industrial IoT
  
JOURNAL=Frontiers in Artificial Intelligence
  
VOLUME=Volume 8 - 2025
  
YEAR=2026
  
URL=https://www.frontiersin.org/journals/artificial-intelligence/articles/10.3389/frai.2025.1685376
  
DOI=10.3389/frai.2025.1685376
  
ISSN=2624-8212
  
ABSTRACT=IntroductionThe increasing cyber threats targeting industrial control systems (ICS) and the Internet of Things (IoT) pose significant risks, especially in critical infrastructures like the oil and gas sector. Existing machine learning (ML) approaches for cyberattack detection often rely on binary classification and lack computational efficiency.MethodsThis study proposes two optimized stacked ensemble models to enhance attack detection accuracy while reducing computational overhead. The main contribution lies in the strategic selection and integration of diverse base models, such as Logistic Regression, Extra Tree Classifier, XGBoost, and LGBM, with RFC as the final estimator. These models are chosen to address unique characteristics of security datasets, such as class imbalance, noise, and complex attack patterns. This combination aims to leverage different decision boundaries and learning mechanisms.ResultsEvaluations show that the Stacked Ensemble_2 model achieves 97% accuracy with a training and testing computation time of 54 minutes. Stacked Ensemble_2, which excelled over the traditional Stacked Ensemble_1, was also evaluated on the CICIDS 2017 dataset, achieving an impressive 100% accuracy with an AUROC of 99%.DiscussionThe results indicate that the proposed Stacked Ensemble_2 model provides a scalable, real-time detection mechanism for securing ICS and IoT environments. By proving its effectiveness on unseen data, this model demonstrates a significant advancement over traditional methods, offering enhanced accuracy and efficiency in detecting sophisticated cyber threats in critical infrastructure sectors.