Performance-Efficient Intrusion Detection for IoT Using CNN-BiLSTM and Incremental Principal Component Analysis

doi:10.23940/ijpe.26.03.p2.128137

Abstract

Abstract:

The intensive growth of Internet of Things (IoT) devices has exponentially increased cyber-attack surfaces, and the resource-constrained nature of IoT-based devices strongly restricts the ability to deploy traditional deep-intrusion detection systems (IDS). In this paper, a lightweight hybrid IDS is proposed, which consists of a light convolutional neural network (CNN) combined with bidirectional long short-term memory (BiLSTM) and Incremental Principal Component Analysis (IPCA) to perform online dimensionality reduction on features. The offered method is considered in detail using both real-world datasets of IoT intrusion, namely CICIoT2023 (large-scale lab-generated IoT attacks with 33 attack types) and IoT-23 (realistic long-duration malware scenarios on commercial IoT devices). The model achieves a detection accuracy of 98.23% and a recall of 98.6% on CICIoT2023. On the IoT-23 dataset, it yields a detection accuracy of 97.15% and a recall of 97.1%, indicating that it can generalize more strongly across different distributions of IoT traffic. The method reduces model size by 60% and inference time by 65% compared to full-feature deep baselines, and achieves better accuracy than the current state-of-the-art lightweight methods. The findings indicate the feasibility of the method in effective and real-time IoT intrusion detection using a limited edge infrastructure.

Key words: intrusion, detection, IoT, attack, security, CNN

Santosh Kumar Upadhyay and Vikas. Performance-Efficient Intrusion Detection for IoT Using CNN-BiLSTM and Incremental Principal Component Analysis [J]. Int J Performability Eng, 2026, 22(3): 128-137.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 21

[1]	Miloslavskaya N., and Tolstoy A., 2019. Internet of things: information security challenges and solutions. Cluster Computing, 22(1), pp. 103-119.
[2]	Luo S., Zeng P., Ma C., and Wei Y., 2025. Anomaly detection for industrial internet of things devices based on self-adaptive blockchain sharding and federated learning. Journal of Communications and Networks, 27(2), pp. 92-102.
[3]	Misrak S.F., and Melaku H.M., 2025. Lightweight intrusion detection system for IoT with improved feature engineering and advanced dynamic quantization. Discover Internet of Things, 5(1), 97.
[4]	Wang Z., Chen H., Yang S., Luo X., Li D., and Wang J., 2023. A lightweight intrusion detection method for IoT based on deep learning and dynamic quantization. PeerJ Computer Science, 9, e1569.
[5]	Zyad E., and Mohammed A.B., 2024. Evaluation of pca variants for intrusion detection in IoT networks. In 2024 Sixth International Conference on Intelligent Computing in Data Sciences (ICDS), pp. 1-5.
[6]	Al-Sarem M., Saeed F., Alkhammash E.H., and Alghamdi N.S., 2021. An aggregated mutual information based feature selection with machine learning methods for enhancing IoT botnet attack detection. Sensors, 22(1), 185.
[7]	Achbarou O., Datsi T., and Bourkoukou O., 2025. Enhanced intrusion detection system using feature selection and hybrid learning models for high performance and efficiency in an IoT environment. Journal of Engineering Research.
[8]	Wang X., Ren X., Qiu C., Xiong Z., Yao H., and Leung V.C., 2022. Integrating edge intelligence and blockchain: what, why, and how. IEEE Communications Surveys & Tutorials, 24(4), pp. 2193-2229.
[9]	Zarpelão B.B., Miani R.S., Kawakani C.T., and De Alvarenga S.C., 2017. A survey of intrusion detection in internet of things. Journal of Network and Computer Applications, 84, pp. 25-37.
[10]	Light R.A., 2017. Mosquitto: server and client implementation of the MQTT protocol. Journal of Open Source Software, 2(13), 265.
[11]	Syarif I., Prugel-Bennett A., and Wills G., 2016. SVM parameter optimization using grid search and genetic algorithm to improve classification performance. TELKOMNIKA (Telecommunication Computing Electronics and Control), 14(4), pp. 1502-1509.
[12]	Sharafaldin I., Lashkari A.H., and Ghorbani A.A., 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1( 2018), pp. 108-116.
[13]	Schonlau M., and Zou R.Y., 2020. The random forest algorithm for statistical learning. the Stata Journal, 20(1), pp. 3-29.
[14]	Rahman M.M., Al Shakil S., and Mustakim M.R., 2025. A survey on intrusion detection system in IoT networks. Cyber Security and Applications, 3, 100082.
[15]	Dina A.S., Siddique A.B., and Manivannan D., 2023. A deep learning approach for intrusion detection in internet of things using focal loss function. Internet of Things, 22, 100699.
[16]	Alsubaei F.S., 2025. Smart deep learning model for enhanced IoT intrusion detection. Scientific Reports, 15(1), 20577.
[17]	Yang K., Wang J., and Li M., 2024. An improved intrusion detection method for IIoT using attention mechanisms, BiGRU, and inception-CNN. Scientific Reports, 14(1), 19339.
[18]	Farhan M., Waheed Ud Din H., Ullah S., Hussain M.S., Khan M.A., Mazhar T., Khattak U.F., and Jaghdam I.H., 2025. Network-based intrusion detection using deep learning technique. Scientific Reports, 15(1), 25550.
[19]	Fenjan A., Almashhadany M.T.M., Ahmed S.R., Fadel H.A., Sekhar R., Shah P., and Veena B.S., 2024. Adaptive intrusion detection system using deep learning for network security. In Proceedings of the Cognitive Models and Artificial Intelligence Conference, pp. 279-284.
[20]	Kaggle, CICIoT2023: A Modern Dataset for Intelligent IoT Threat Detection, https://www.kaggle.com/datasets/himadri07/ciciot2023, accessed on February 1, 2026.
[21]	Garcia S., Parmisano A., and Erquiaga M.J., 2020. IoT-23: A labeled dataset with malicious and benign IoT network traffic.