In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Also, the existing anomaly-based methods for multiclass detection do not present acceptable accuracy. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. It has high accuracy and recall rates and is ideal for composing the first level of the two-stage detection method of the presented architecture. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. It was evaluated with the public databases NSL-KDD and CICIDS2017. We used the method of selecting attributes based on the rate of information gain. The approach proposed in this work obtained 99.77% accuracy for the NSL-KDD dataset and 99.85% accuracy for the CICIDS2017 dataset. The experimental results showed that the proposed hybrid approach was able to achieve greater precision about classic machine learning approaches and the recent advances in intrusion detection for IoT systems. In addition, the approach works with low overhead in terms of memory and processing costs.

在物联网（IoT）系统中，通常通过Internet和分布式解决方案相互连接的系统连续捕获，处理和传输各种信息。捕获信息和过载服务的攻击很常见。这一事实使得安全技术在物联网环境中必不可少。入侵检测是至关重要的安全点之一，旨在识别尝试的攻击。物联网设备的特性使其无法在这种环境中应用这些解决方案。同样，现有的基于异常的多类检测方法也无法提供可接受的准确性。我们提出了一种在雾计算层中运行的入侵检测体系结构。它具有两个步骤，旨在将事件分类为特定类型的攻击或非攻击，以执行对策。我们的工作为这方面的最新技术做出了重要贡献。我们提出了一种称为DNN-kNN的混合二进制分类方法。它具有很高的准确性和查全率，是组成本架构两阶段检测方法的第一级的理想选择。该方法基于深度神经网络（DNN）和k最近邻居（kNN）算法。已使用公共数据库NSL-KDD和CICIDS2017对它进行了评估。我们使用了基于信息获取率选择属性的方法。这项工作中提出的方法对于NSL-KDD数据集获得了99.77％的准确性，对于CICIDS2017数据集获得了99.85％的准确性。实验结果表明，提出的混合方法能够实现比传统机器学习方法更高的精度，以及物联网系统入侵检测的最新进展。另外，该方法在存储器和处理成本方面以低开销工作。