Internet of things (IoT) systems are often inherently heterogeneous and the constantly evolving cyber threat presents a variety of attack vectors that can expose sensitive data across multiple mission-critical applications. The existing intrusion detection methods are often prone to zero-day attacks and specific to limited known intrusions. This paper designs a hybrid and multi level cyber-threat detection framework based on the robust data preprocessing scheme, correlation-based optimal feature selection and integrated anomaly and intrusion detection using a supervised learning approach. In the first stage, a random forest (RF)-based binary anomaly detector is designed as a fast primary threat filter against zero-day threats by detecting traffic anomalies without any prior attack signal. In the second stage, an adaptive, time-aware long short-term memory (LSTM) model performs multi-class intrusion classification using time-lag analysis in traffic flows to accurately identify and classify known attack types with high precision. The proposed framework is evaluated on the network flow telemetry of network–internet of things–version 2 (NF-ToN-IoT-V2) dataset and achieved 99% accuracy in both binary and multiclass settings, with a lower response time of 7.8 ms.

Anomaly detection; Artificial intelligence; Internet of things; Intrusion detection; Long short-term memory; Random forest