This article outlines various techniques for detecting types of attacks that may arise in ZigBee-based IoT system. The researchers introduced a hybrid Intrusion Detection System (IDS), combining rule-based intrusion detection and machine learning-based anomaly detection. Rule-based attack detection techniques are used to provide an accurate detection method for known attacks. However, determining accurate detection rules requires significant human effort that is susceptible to error. If it is done incorrectly, it can result in false alarms. Therefore, to alleviate this potential problem, the system is being upgraded by combining it (hybrid) with machine learning-based anomaly detection. This article expounds the researchers’ IDS implementation covering a wide variety of detection techniques to detect both known attacks and potential new types of attacks in ZigBee-based IoT system. Furthermore, a safe and efficient meth-od for large-scale IDS data collection is introduced to provide a trusted reporting mechanism that can operate on the stringent IoT resource requirements appropriate to today's IoT systems.