Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison

Md. Sad Abdullah Sami, Mushfiquzzaman Abid

TL;DR

This work addresses unsupervised anomaly detection for IoT security under edge-resource constraints by benchmarking Isolation Forest and OC-SVM on the TON_IoT thermostat dataset. It jointly evaluates traditional detection metrics and resource usage (inference time, RAM, model size) to assess deployment feasibility on constrained devices. Isolation Forest outperforms OC-SVM across accuracy, precision, recall, and F1, while also offering faster inference and smaller memory footprint, signaling strong suitability for real-time edge deployment. The findings provide practical guidance for selecting anomaly detectors in resource-limited IoT environments and point to future work on multi-class and real-time evaluation across diverse hardware.

Abstract

The rapid expansion of Internet of Things (IoT) deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly Detection Systems (ADS) in identifying emerging and zero-day threats, this study investigates the effectiveness of two unsupervised anomaly detection techniques, Isolation Forest (IF) and One-Class Support Vector Machine (OC-SVM), using the TON_IoT thermostat dataset. A comprehensive evaluation was performed based on standard metrics (accuracy, precision, recall, and F1-score) alongside critical resource utilization metrics such as inference time, model size, and peak RAM usage. Experimental results revealed that IF consistently outperformed OC-SVM, achieving higher detection accuracy, superior precision, and recall, along with a significantly better F1-score. Furthermore, Isolation Forest demonstrated a markedly superior computational footprint, making it more suitable for deployment on resource-constrained IoT edge devices. These findings underscore Isolation Forest's robustness in high-dimensional and imbalanced IoT environments and highlight its practical viability for real-time anomaly detection.

Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison

TL;DR

This work addresses unsupervised anomaly detection for IoT security under edge-resource constraints by benchmarking Isolation Forest and OC-SVM on the TON_IoT thermostat dataset. It jointly evaluates traditional detection metrics and resource usage (inference time, RAM, model size) to assess deployment feasibility on constrained devices. Isolation Forest outperforms OC-SVM across accuracy, precision, recall, and F1, while also offering faster inference and smaller memory footprint, signaling strong suitability for real-time edge deployment. The findings provide practical guidance for selecting anomaly detectors in resource-limited IoT environments and point to future work on multi-class and real-time evaluation across diverse hardware.

Abstract

The rapid expansion of Internet of Things (IoT) deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly Detection Systems (ADS) in identifying emerging and zero-day threats, this study investigates the effectiveness of two unsupervised anomaly detection techniques, Isolation Forest (IF) and One-Class Support Vector Machine (OC-SVM), using the TON_IoT thermostat dataset. A comprehensive evaluation was performed based on standard metrics (accuracy, precision, recall, and F1-score) alongside critical resource utilization metrics such as inference time, model size, and peak RAM usage. Experimental results revealed that IF consistently outperformed OC-SVM, achieving higher detection accuracy, superior precision, and recall, along with a significantly better F1-score. Furthermore, Isolation Forest demonstrated a markedly superior computational footprint, making it more suitable for deployment on resource-constrained IoT edge devices. These findings underscore Isolation Forest's robustness in high-dimensional and imbalanced IoT environments and highlight its practical viability for real-time anomaly detection.

Paper Structure

This paper contains 12 sections, 4 equations, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Literature Review
  3. Methodology
  4. Evaluation Metrics
  5. Dataset
  6. Results and Discussion
  7. Comparative Performance Analysis
  8. Resource Utilization Analysis
  9. Confusion Matrix Analysis
  10. Discussion
  11. Limitations
  12. Conclusion

Figures (4)

  • Figure 1: Flowchart of the Proposed Unsupervised Anomaly Detection Framework
  • Figure 2: Performance comparison of Isolation Forest and OC-SVM based on Accuracy, Precision, Recall, and F1-score.
  • Figure 3: Comparison of resource utilization between Isolation Forest and OC-SVM models, including (a) Inference Time, (b) Model Size, and (c) Peak RAM Usage.
  • Figure 4: Normalized confusion matrix for the Isolation Forest model.