The rapid proliferation of Internet of Things (IoT) devices in healthcare, manufacturing, and smart cities has introduced significant cybersecurity challenges. These devices present an attractive attack surface for cyber threats, making robust intrusion detection essential. Traditional Intrusion Detection Systems (IDS) analyse IoT network traffic data as independent instances, failing to capture important temporal dependencies, leading to suboptimal detection performance. To address this limitation, we propose TSM-NIDS, an adaptation of the TSMixer architecture for anomaly detection in IoT networks. While TSMixer has demonstrated exceptional performance in domains such as retail forecasting and energy demand prediction, its application to cybersecurity remains largely unexplored. TSM-NIDS employs an All-MLP (Multi-Layer Perceptron) design that performs both time mixing and feature mixing, enabling it to learn sequential patterns and cross-feature dependencies crucial for differentiating between regular and malicious traffic. We evaluate TSM-NIDS using the publicly available TON-IoT dataset, where it surpasses existing state-of-the-art approaches, showing its potential for enhancing IoT network security. - Leverages a unified model to capture temporal and feature dependencies in IoT network data. - Adapts a proven forecasting architecture to the domain of cybersecurity for anomaly detection. - Demonstrates superior detection performance on a benchmark IoT security dataset.
Hanafiah et al. (Sun,) studied this question.