Toward Autonomous and Efficient Cybersecurity: A Multi-Objective AutoML-based Intrusion Detection System
Li Yang, Abdallah Shami
TL;DR
The paper addresses the need for autonomous, efficient intrusion detection in IoT and next‑generation networks where resources are limited. It introduces a MOO‑AutoML IDS framework that combines automated data preprocessing (AutoDP), automated feature engineering (OIP‑AutoFS), and automated model optimization (OPCE‑CASH) with a Multi‑Objective PSO, using XGBoost and LightGBM as base learners. The approach jointly optimizes detection effectiveness (F1), confidence, and computational efficiency, and demonstrates superior performance and calibration on the CICIDS2017 and IoTID20 datasets, with favorable deployment characteristics for both edge and cloud settings. The work provides a practical pathway toward deployment‑ready, autonomous cybersecurity for IoT and modern networks, highlighting the configurable trade‑offs between accuracy, latency, and reliability. Overall, the framework advances autonomous defense by delivering higher detection quality, better probability calibration, and lower resource demands than state‑of‑the‑art IDS solutions.
Abstract
With increasingly sophisticated cybersecurity threats and rising demand for network automation, autonomous cybersecurity mechanisms are becoming critical for securing modern networks. The rapid expansion of Internet of Things (IoT) systems amplifies these challenges, as resource-constrained IoT devices demand scalable and efficient security solutions. In this work, an innovative Intrusion Detection System (IDS) utilizing Automated Machine Learning (AutoML) and Multi-Objective Optimization (MOO) is proposed for autonomous and optimized cyber-attack detection in modern networking environments. The proposed IDS framework integrates two primary innovative techniques: Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS) and Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH). These components optimize feature selection and model learning processes to strike a balance between intrusion detection effectiveness and computational efficiency. This work presents the first IDS framework that integrates all four AutoML stages and employs multi-objective optimization to jointly optimize detection effectiveness, efficiency, and confidence for deployment in resource-constrained systems. Experimental evaluations over two benchmark cybersecurity datasets demonstrate that the proposed MOO-AutoML IDS outperforms state-of-the-art IDSs, establishing a new benchmark for autonomous, efficient, and optimized security for networks. Designed to support IoT and edge environments with resource constraints, the proposed framework is applicable to a variety of autonomous cybersecurity applications across diverse networked environments.