With the advanced technologies, IoT has widely emerged with data collection, processing, and communication as well in smart applications. The wireless medium in the IoT devices would broadcast the data, which makes them easily targeted by the attacks. In the local network, the normal communication attack is restricted to small local domain or local nodes. However, the attack present in IoT devices gets expanded to a large area that would cause destructive effects. The heterogeneity and distribution of IoT services/applications make the security of IoT a more challenging and complex one. This paper aims to propose a bi-level flow based anomalous activity identification system in IoT. Initially, the flow based features get extracted along with the statistical features like mean, median, variance, correlation, and correntropy. Subsequently, Bi-level classification is carried out in this work. In level 1, the presence of attack is detected and the level 2 classification classifies the type of attack. A decision tree is used for detecting the attacks by checking whether the network traffic is anomalous traffic or normal traffic. In level 2, an Optimized Neural network (NN) is used for categorizing the attacks in IoT with the knowledge of flow features and statistical features. To make the detection and classification more accurate, the weight of NN will be optimally tuned by a new Combined Whale SeaLion Algorithm (CWSA) that hybridizes the concepts of both SLnO and WOA. At last, the performance of the adopted method is computed over other traditional models in terms of accuracy, sensitivity, specificity, precision, FPR, FDR, FNR, NPV, F1-score, and MCC.