This research develops a real-time network intrusion detection system for IoT and enterprise networks using the CIC-IDS IoT 2023 dataset. Aim to address the limitations of computationally intensive deep learning models and classifiers poses in IoT environment which uses lightweight-weight devices and also the issue of high false positive rates, this study proposes a PCA-enhanced ensemble framework. The methodology involved data preprocessing, normalization, and dimensionality reduction via Principal Component Analysis (PCA), handling data imbalance using SMOTE techniques followed by training with Random Forest and XGBoost classifiers. Evaluation revealed a critical performance trade-off: while both models excelled at classifying normal traffic, their security efficacy differed substantially. Random Forest demonstrated robust, with accuracy of 100% and precision of 99%, balanced performance across all threat classes, reliably identifying both 'attack' and 'scanning' activities. Conversely, XGBoost, despite its high accuracy of 97% and precision of 95% for all traffic classes, exhibited a severe operational weakness by misclassifying a significant number of 'attack' and 'scanning' instances as normal, rendering it unsuitable for security contexts where detecting threats is paramount. PCA successfully reduced the feature dimensionality, which enabled faster inference while preserving discriminatory power by retaining 95% of the data variance. A real-time deployment confirmed the system's capability for fast, accurate packet classification, providing a viable and interpretable solution for resource-constrained environments
Adeyemo et al. (Thu,) studied this question.