Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Carbon-Aware Intrusion Detection: A Comparative Study of Supervised and Unsupervised DRL for Sustainable IoT Edge Gateways

Saeid Jamshidi, Foutse Khomh, Kawser Wazed Nafi, Amin Nikanjam, Samira Keivanpour, Omar Abdul-Wahab, Martine Bellaiche

TL;DR

This work tackles DDoS intrusion detection at IoT edge gateways with two DRL-based architectures designed for sustainability. DeepEdgeIDS offers unsupervised adaptability via an AE–DRL hybrid, while AutoDRL-IDS provides supervised, temporally aware detection through an LSTM–DRL fusion, both incorporating a carbon-aware reward to balance detection performance, latency, and environmental impact. The authors demonstrate theoretical guarantees (convergence, stability, Pareto optimality) and validate performance on a real-edge testbed with Bot-IoT data, showing DeepEdgeIDS achieving higher detection accuracy and faster adaptation, and AutoDRL-IDS delivering more energy- and carbon-efficient operation. The study highlights a practical trade-off between adaptability and efficiency, establishing a carbon-aware DRL framework as a viable path toward sustainable, real-time IoT security at the edge.

Abstract

The rapid expansion of the Internet of Things (IoT) has intensified cybersecurity challenges, particularly in mitigating Distributed Denial-of-Service (DDoS) attacks at the network edge. Traditional Intrusion Detection Systems (IDSs) face significant limitations, including poor adaptability to evolving and zero-day attacks, reliance on static signatures and labeled datasets, and inefficiency on resource-constrained edge gateways. Moreover, most existing DRL-based IDS studies overlook sustainability factors such as energy efficiency and carbon impact. To address these challenges, this paper proposes two novel Deep Reinforcement Learning (DRL)-based IDS: DeepEdgeIDS, an unsupervised Autoencoder-DRL hybrid, and AutoDRL-IDS, a supervised LSTM-DRL model. Both DRL-based IDS are validated through theoretical analysis and experimental evaluation on edge gateways. Results demonstrate that AutoDRL-IDS achieves 94% detection accuracy using labeled data, while DeepEdgeIDS attains 98% accuracy and adaptability without labels. Distinctly, this study introduces a carbon-aware, multi-objective reward function optimized for sustainable and real-time IDS operations in dynamic IoT networks.

Carbon-Aware Intrusion Detection: A Comparative Study of Supervised and Unsupervised DRL for Sustainable IoT Edge Gateways

TL;DR

This work tackles DDoS intrusion detection at IoT edge gateways with two DRL-based architectures designed for sustainability. DeepEdgeIDS offers unsupervised adaptability via an AE–DRL hybrid, while AutoDRL-IDS provides supervised, temporally aware detection through an LSTM–DRL fusion, both incorporating a carbon-aware reward to balance detection performance, latency, and environmental impact. The authors demonstrate theoretical guarantees (convergence, stability, Pareto optimality) and validate performance on a real-edge testbed with Bot-IoT data, showing DeepEdgeIDS achieving higher detection accuracy and faster adaptation, and AutoDRL-IDS delivering more energy- and carbon-efficient operation. The study highlights a practical trade-off between adaptability and efficiency, establishing a carbon-aware DRL framework as a viable path toward sustainable, real-time IoT security at the edge.

Abstract

The rapid expansion of the Internet of Things (IoT) has intensified cybersecurity challenges, particularly in mitigating Distributed Denial-of-Service (DDoS) attacks at the network edge. Traditional Intrusion Detection Systems (IDSs) face significant limitations, including poor adaptability to evolving and zero-day attacks, reliance on static signatures and labeled datasets, and inefficiency on resource-constrained edge gateways. Moreover, most existing DRL-based IDS studies overlook sustainability factors such as energy efficiency and carbon impact. To address these challenges, this paper proposes two novel Deep Reinforcement Learning (DRL)-based IDS: DeepEdgeIDS, an unsupervised Autoencoder-DRL hybrid, and AutoDRL-IDS, a supervised LSTM-DRL model. Both DRL-based IDS are validated through theoretical analysis and experimental evaluation on edge gateways. Results demonstrate that AutoDRL-IDS achieves 94% detection accuracy using labeled data, while DeepEdgeIDS attains 98% accuracy and adaptability without labels. Distinctly, this study introduces a carbon-aware, multi-objective reward function optimized for sustainable and real-time IDS operations in dynamic IoT networks.

Paper Structure

This paper contains 64 sections, 76 equations, 13 figures, 10 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. ML-Based IDS for DDoS Detection
  4. DRL-Based IDS for DDoS Detection
  5. Proposed Solutions
  6. DeepEdgeIDS
  7. AE-Based Feature Extraction
  8. Mitigation Strategy and State Modeling
  9. Sustainability-Aware Reward Function
  10. Modeling Energy, Memory, and Carbon Cost
  11. Experience Replay and Convergence
  12. Control-Theoretic Stability Analysis
  13. Adaptive Source Filtering
  14. DeepEdgeIDS Pipeline
  15. AutoDRL-IDS
  16. ...and 49 more sections

Figures (13)

  • Figure 1: Overview of the proposed DeepEdgeIDS architecture for DDoS detection.
  • Figure 2: Reward convergence for different $\epsilon$ values in DeepEdgeIDS.
  • Figure 3: Reward convergence for different $\epsilon$ values in AutoDRL-IDS.
  • Figure 4: IoT edge testbed architecture for evaluating AutoDRL-IDS and DeepEdgeIDS under real-time zero-day DDoS attacks.
  • Figure 5: System monitor log output during normal and DDoS attack scenarios showing performance metrics of AutoDRL-IDS and DeepEdgeIDS.
  • ...and 8 more figures