Quantized autonomous edge intrusion detection system for adaptive feature aware internet of medical things networks
摘要
Real-time intrusion detection in resource-constrained Internet of Medical Things (IoMT) and Internet of Things (IoT) environments has become a critical cybersecurity challenge due to limited computational capability, memory constraints, increasing communication overhead, and the growing complexity of modern cyberattacks. To address these challenges, this study proposes a hierarchical Quantized Autonomous Edge Intrusion Detection System (QAE-IDS) framework that combines lightweight on-device anomaly detection with explainable edge-level multiclass intrusion analysis for practical and scalable IoMT security. At the device layer, a lightweight 1D-CNN-based binary intrusion detection model is implemented to perform preliminary anomaly filtering directly on IoMT devices. Two different experimental test cases are designed to evaluate the effectiveness of the lightweight model under constrained deployment conditions. Experimental results demonstrate approximately 99% and 95% detection accuracy in the respective test cases, indicating that the proposed device-level model can effectively identify suspicious traffic while maintaining low computational overhead and reduced communication cost. At the edge layer, an optimized XGBoost-based multiclass intrusion detection framework is proposed for detailed attack categorization. To address severe dataset imbalance problems, random undersampling and controlled SMOTE-based oversampling techniques are applied during preprocessing. Furthermore, ANOVA F-score-based SelectKBest feature selection is employed to identify the most discriminative traffic features for edge-level analysis. Experimental evaluation using the CIC-BCCC-NRC-IoMT2024 dataset demonstrates that the proposed edge-level framework achieves 96.22% multiclass classification accuracy together with precision, recall, and F1-score values of 96.36%, 96.22%, and 96.26%, respectively. In addition, the model achieves a ROC-AUC score of 0.997 and an average PR-AUC score of 0.839, indicating strong multiclass attack discrimination capability. To improve model transparency and trustworthiness, SHAP-based explainability analysis is integrated into the edge-level framework. The explainability analysis provides class-wise and feature-level interpretation of model prediction behavior by identifying the most influential traffic features contributing to different attack categories. Comparative analysis further demonstrates that the proposed framework provides improved multiclass robustness, explainability, deployment feasibility, and computational efficiency compared with several recent state-of-the-art IoMT intrusion detection approaches. Overall, the proposed QAE-IDS framework provides an effective, explainable, and deployment-aware cybersecurity solution for next-generation intelligent healthcare and IoMT ecosystems.