Adaptive Anomaly Detection for IoT Networks: Improved Feature Engineering and Classification
摘要
Intrusion Detection Systems (IDS) are vital for securing Internet-of-Things (IoT) networks, yet rule‐based and feature-based schemes fall short against fast-evolving attacks in resource-constrained settings. While deep learning has raised detection accuracy, many models still struggle with temporal dependencies, class imbalance, and interpretability. This study introduces a unified, lightweight, and explainable IDS framework evaluated on the IoTbenchmark, which captures diverse attacks and normal traffic across real IoT protocols. The detection pipeline integrates three components: (i) FW-SMOTE to balance minority classes, (ii) mutual-information SelectKBest to prune redundant features, and (iii) a Bi-CNN-GRU with attention to learn the fine-grained spatio-temporal patterns without heavy computation. Experiments on binary, attack-type, and subtype classification tasks show consistent gains over a CNN-GRU baseline: 99.95% accuracy for binary detection, 97.30% macro-F1 for attack-type, and 71.00% macro-F1 for subtype classification even under severe class imbalance. These results demonstrate that coupling attention and bidirectional recurrence with light preprocessing yields a scalable, interpretable IDS suitable for real-world IoT deployments, advancing both methodology and practical security.