Smart IoT Security: Lightweight Machine Learning Techniques for Multi-Class Attack Detection in IoT Networks
Shahran Rahman Alve, Muhammad Zawad Mahmud, Samiha Islam, Md. Asaduzzaman Chowdhury, Jahirul Islam
TL;DR
This work tackles the challenge of multiclass intrusion detection in resource-constrained IoT networks by evaluating lightweight ML classifiers on the CICIoT_2023 dataset. The authors compare Random Forest, Decision Tree, KNN, Gradient Boosting, and AdaBoost with GridSearchCV tuning and 5-fold CV, identifying the Decision Tree as the best performer with 99.56% accuracy and 99.62% F1, while Random Forest remains close at 98.22% accuracy. The study demonstrates that simple, low-resource models can achieve high detection performance on a rich, multiclass IoT intrusion dataset and establishes a strong baseline for future lightweight security solutions. The findings support deploying ML-based IDS in IoT environments to balance detection accuracy with time and resource efficiency, with avenues for real-time, adaptive, and energy-aware extensions.
Abstract
The Internet of Things (IoT) is expanding at an accelerated pace, making it critical to have secure networks to mitigate a variety of cyber threats. This study addresses the limitation of multi-class attack detection of IoT devices and presents new machine learning-based lightweight ensemble methods that exploit its strong machine learning framework. We used a dataset entitled CICIoT 2023, which has a total of 34 different attack types categorized into 10 categories, and methodically assessed the performance of a substantial array of current machine learning techniques in our goal to identify the best-performing algorithmic choice for IoT application protection. In this work, we focus on ML classifier-based methods to address the biocharges presented by the difficult and heterogeneous properties of the attack vectors in IoT ecosystems. The best-performing method was the Decision Tree, achieving 99.56% accuracy and 99.62% F1, indicating this model is capable of detecting threats accurately and reliably. The Random Forest model also performed nearly as well, with an accuracy of 98.22% and an F1 score of 98.24%, indicating that ML methods excel in a scenario of high-dimensional data. These findings emphasize the promise of integrating ML classifiers into the protective defenses of IoT devices and provide motivations for pursuing subsequent studies towards scalable, keystroke-based attack detection frameworks. We think that our approach offers a new avenue for constructing complex machine learning algorithms for low-resource IoT devices that strike a balance between accuracy requirements and time efficiency. In summary, these contributions expand and enhance the knowledge of the current IoT security literature, establishing a solid baseline and framework for smart, adaptive security to be used in IoT environments.