The Internet of Things (IoT) is now used across many connected settings, yet a large number of edge devices and gateways still have limited memory, processing capacity, and energy. Because of this, deployability becomes a central issue in intrusion detection, not something secondary to model accuracy. A detector that performs well in experiments may still be difficult to use in practice if it is too heavy or behaves unreliably at the edge. In this work, we study a lightweight intrusion detection framework using the CICIoT2023 benchmark. The framework includes leakage-aware preprocessing, aligned binary and multiclass labeling, several lightweight supervised models, compression for the neural model, and post hoc confidence calibration. We evaluate it under both a standard in-dataset setting and a more difficult within-dataset shift setting, where selected attack categories where selected attack categories are left out during training. The experiments cover Logistic Regression, Random Forest, LightGBM, and a compact multilayer perceptron, along with INT8 quantization, structured pruning, feature-subset ablation, and threshold-based decision control. In the standard setting, the tree-based models give the strongest overall results, while the compact neural model has the smallest footprint. The results are less reassuring under shift. When some attack families are absent from training, performance drops in a number of cases, most notably for reconnaissance-related traffic, even though the random-split results remain strong. A similar tradeoff appears in the calibration analysis: stricter thresholds reduce false alarms, but they also lower recall for malicious traffic. Overall, the results suggest that IoT intrusion detection should be evaluated with deployment in mind, considering predictive performance, runtime cost, confidence behavior, and robustness to distribution shift together.
Keskin et al. (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: