The rapid expansion of Internet of Things (IoT) devices has resulted in an unparalleled surge in the production of data and interconnectivity. Nevertheless, as IoT ecosystems become increasingly intricate, security concerns become of utmost importance, particularly in access control systems. The objective of this research is to improve the security of IoT access control by utilizing a hybrid model for analyzing threats and modeling attacks based on activities. This study has two primary objectives: a) A hybrid classification model is used to predict labels (attack or not) in binary classification with an impressive accuracy of 98.18%. b) Another hybrid classification model is employed to predict types of attacks in M2M communication, achieving a commendable accuracy of 90%. The primary goal is to create and assess a hybrid classification model for binary classification. This model will differentiate between regular system behavior and malicious attacks on access control schemes in the Internet of Things (IoT). The hybrid model, which combines the strengths of Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) networks, achieves an exceptional accuracy rate of 98.18%. The model's high accuracy demonstrates its effectiveness in precisely detecting potential threats and minimizing false positives, thereby establishing a strong basis for improving access control security. The second objective focuses on the complex area of security, with the goal of categorizing distinct forms of attacks in Machine-to-Machine (M2M) communication within the Internet of Things (IoT) framework. The hybrid classification model, employing both GRU and LSTM networks, achieves a remarkable accuracy of 90%. This accomplishment showcases the model's aptitude in detecting and distinguishing different types of attacks, including Distributed Denial of Service (DDoS) and Man-in-the-Middle attacks. The hybrid model provides security professionals with valuable insights to proactively respond to diverse threats in M2M communication by accurately classifying attack types. This strengthens the overall security posture of IoT access control systems. Overall, this study offers a thorough and efficient combination of threat analysis and activity-based attack modeling to enhance access control in IoT. The obtained accuracies in binary classification and prediction of attack types highlight the practical usability of the suggested hybrid model, establishing a strong basis for improving the security of IoT access control systems against evolving cyber threats