Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Lightweight CNN-BiLSTM based Intrusion Detection Systems for Resource-Constrained IoT Devices

Mohammed Jouhari, Mohsen Guizani

TL;DR

The paper addresses intrusion detection for resource-constrained IoT devices by proposing a lightweight CNN-BiLSTM hybrid that combines spatial feature extraction with temporal modeling. It achieves strong on-device performance, reporting binary accuracy of 97.28% and multiclass accuracy of 96.91% on the UNSW-NB15 dataset, aided by a weighted loss to handle class imbalance. The model is compact (7841 trainable parameters) and designed for edge deployment with reasonable inference times, outperforming several traditional ML baselines and some CNN-LSTM hybrids. The work highlights practical potential for IoT security and proposes Bayesian optimization as a future direction to further tune hyperparameters for even better performance.

Abstract

Intrusion Detection Systems (IDSs) have played a significant role in detecting and preventing cyber-attacks within traditional computing systems. It is not surprising that the same technology is being applied to secure Internet of Things (IoT) networks from cyber threats. The limited computational resources available on IoT devices make it challenging to deploy conventional computing-based IDSs. The IDSs designed for IoT environments must also demonstrate high classification performance, utilize low-complexity models, and be of a small size. Despite significant progress in IoT-based intrusion detection, developing models that both achieve high classification performance and maintain reduced complexity remains challenging. In this study, we propose a hybrid CNN architecture composed of a lightweight CNN and bidirectional LSTM (BiLSTM) to enhance the performance of IDS on the UNSW-NB15 dataset. The proposed model is specifically designed to run onboard resource-constrained IoT devices and meet their computation capability requirements. Despite the complexity of designing a model that fits the requirements of IoT devices and achieves higher accuracy, our proposed model outperforms the existing research efforts in the literature by achieving an accuracy of 97.28\% for binary classification and 96.91\% for multiclassification.

Lightweight CNN-BiLSTM based Intrusion Detection Systems for Resource-Constrained IoT Devices

TL;DR

The paper addresses intrusion detection for resource-constrained IoT devices by proposing a lightweight CNN-BiLSTM hybrid that combines spatial feature extraction with temporal modeling. It achieves strong on-device performance, reporting binary accuracy of 97.28% and multiclass accuracy of 96.91% on the UNSW-NB15 dataset, aided by a weighted loss to handle class imbalance. The model is compact (7841 trainable parameters) and designed for edge deployment with reasonable inference times, outperforming several traditional ML baselines and some CNN-LSTM hybrids. The work highlights practical potential for IoT security and proposes Bayesian optimization as a future direction to further tune hyperparameters for even better performance.

Abstract

Intrusion Detection Systems (IDSs) have played a significant role in detecting and preventing cyber-attacks within traditional computing systems. It is not surprising that the same technology is being applied to secure Internet of Things (IoT) networks from cyber threats. The limited computational resources available on IoT devices make it challenging to deploy conventional computing-based IDSs. The IDSs designed for IoT environments must also demonstrate high classification performance, utilize low-complexity models, and be of a small size. Despite significant progress in IoT-based intrusion detection, developing models that both achieve high classification performance and maintain reduced complexity remains challenging. In this study, we propose a hybrid CNN architecture composed of a lightweight CNN and bidirectional LSTM (BiLSTM) to enhance the performance of IDS on the UNSW-NB15 dataset. The proposed model is specifically designed to run onboard resource-constrained IoT devices and meet their computation capability requirements. Despite the complexity of designing a model that fits the requirements of IoT devices and achieves higher accuracy, our proposed model outperforms the existing research efforts in the literature by achieving an accuracy of 97.28\% for binary classification and 96.91\% for multiclassification.
Paper Structure (8 sections, 1 equation, 4 figures, 5 tables)

This paper contains 8 sections, 1 equation, 4 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Hybrid CNN MODEL FOR THE UNSW-NB15 DATASET
  4. Description of the UNSW-NB15 dataset
  5. Lightweight CNN-BiLSTM
  6. Measuring NIDS Performance: Key Metrics
  7. EXPERIMENTAL RESULTS AND ANALYSIS
  8. Conclusion

Figures (4)

  • Figure 1: The architecture of our Lightweight CNN-BiLSTM Model with 7841 Trainable Parameters for UNSW-NB15 Dataset Classification
  • Figure 2: BiLSTM architecture.
  • Figure 3: CNN-BiLSTM confusion matrix for binary classification of attacks.
  • Figure 4: CNN-BiLSTM confusion matrix for multiclassification of attacks.