**1. Introduction**

Nowadays, many research efforts have been concentrated on the efficiency and security of IoT devices to raise the performance and the level of protection for IoT data and detect possible attacks. It is significant to understand the types of data delivery challenges in IoT. The challenges related to wireless sensor networks (WSN), cyber-physical systems (CPS), and machine-to-machine (M2M) continue to appear within the context of IoT since the basic components of IoT networks include WSNs, CPS, and M2M. One of the challenges is the difficulty in providing communications using infrastructure-based wireless systems because of the high cost of deploying and maintaining this infrastructure with the rapid growth of IoT users and devices [1]. Furthermore, the IoT system is mobile and dynamic; thus, its perimeters are not well-defined. It is also robustly heterogeneous concerning the devices, protocols, and communication medium.

The other concern is that IoT system is vulnerable to malicious cyber-attacks. One of these aggressive attacks is a distributed DoS (DDoS) attack, which intends to bring down a victim system by preventing legitimate devices of service from accessing it. DDoS attackers may also aim to gain unlimited access to the victim machines and cause more damage consequently. These attacks are made not to be significantly distinct from the usual behavior practiced by the system. One of the techniques that can be used to

detect cyber-attacks is intrusion detection (ID). Yet, the advanced ID schemes utilizing machine learning techniques struggle to detect some of the cyber-attacks. These attacks are made not to be significantly distinct from the usual behavior practiced by the system. Therefore, there is a need for an anomaly-based IDS combined with artificial intelligence and machine learning due to its ability to classify and identify earlier hidden attacks. This kind of IDS will help in detecting multi-stage DDoS attacks. Current schemes in the development of ID investigate artificial intelligence and machine learning in academia and industry, such as artificial neural networks and fuzzy logic.

IoT advanced systems can achieve high performance with a human being's supervision for defining how to perform their duties. They also can automatically detect unusual patterns of web traffic with malicious activities and learn the patterns by themselves over time. Previous studies in the wireless network security area focused on ID based on a single hidden Markov model (HMM) and multi-class system classifier (MCSC) [2, 3]. Here, we study the potential applicability of the hierarchical hidden Markov model (HHMM) for intrusion detection in IoT systems in which the problem space can be several magnitudes higher than in wireless networks. And, we propose a probabilistic hierarchical hidden Markov model that reduces the high state-space without compromising classification accuracy. The proposed scheme shows better outcomes for detecting the DoS and DDoS attack patterns compared to the state-of-the-artwork.

The main contributions of the work are:


The rest of this paper is organized as follows. Section II investigates the state of the art of some IoT data delivery used methods and presents the related work, followed by the background in Section III. Then, the model details are demonstrated in section IV and section V. Next, we show and discuss the experiments and simulation results in sections VI and VII. Finally, section V ends the paper, outlining some suggestions for future work.
