Autoencoder-Guided ML for Real-Time IoT Anomaly Detection

doi:10.23940/ijpe.26.02.p2.6776

Abstract

Abstract:

As the volume and complexity of Internet of Things (IoT) implementations proliferate, new cybersecurity challenges emerge that make anomaly detection harder, particularly in the case of limited data and real time requirements. In the past, Intrusion Detection Systems (IDS) are usually trained on balanced datasets, having access to clean normal traffic, which is rarely the case in working IoT environments. This paper presents a framework for supervised anomaly detection based on inverting the usual way of applying information to data labelling; in this case using only the attack traffic rather than normal traffic to train a deep autoencoder in order to generate realistic pseudo-normal samples based on low reconstruction error, and then using this data to produce normal balanced traffic made up of pseudo-normal samples, which statistically represents a true behavior without the introduction of any synthetic noise as in the case of SMOTE or GANs. Then, a high recall and good performance XGBoost classifier can be trained to robustly differentiate between pseudo-normal and attack traffic. This method not only resolves the data imbalance problem, but also eliminates the need for clean normal traffic, a great benefit in realistic deployments where clean normal traffic is often lacking and often unreliable if it does exist. Test results using the BoT-IoT 5% data set indicate the framework presented produced a recall of 91% and better than 91% accuracy rates, showing a great capability over the baseline Isolation Forest models. This framework is computationally lightweight, runs on edge deployments, and provides exploitability outputs to support operational trust. Finally, this work presents a new learning task for reverse autoencoders, optimized for recall-first detections, and represents a paradigm shift for how anomaly detection systems can resiliently function under adversarial, constrained, and imbalanced data volume cases in IoT networks.

Key words: IoT, anomaly detection, security framework, autoencoders, machine learning, DDoS attacks

Vaishali N. Rane, and Arunkumar M S. Autoencoder-Guided ML for Real-Time IoT Anomaly Detection [J]. Int J Performability Eng, 2026, 22(2): 67-76.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 19

[1]	Ali H.A.S., and Rani J.V., 2024. Machine learning for internet of things (IoT) security: a comprehensive survey. Int. J. Comput. Netw. Appl.(IJCNA), 11(5), pp. 617-659.
[2]	Saumya Y.M., and Vinay P., 2024. SmartDefend-IoT security using machine learning. In 2024 IEEE International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics (DISCOVER), pp. 109-114.
[3]	Omarov B.S., Auelbekov O.А., Kulambayev B.O., and Omarov B.S., 2024. IoT network intrusion detection using machine learning on unsw-nb15 dataset. HERALD of the Kazakh-British Technical University Учредители: Казахстанско-британский технический университет, 21(3), pp. 48-57.
[4]	Htwe C.S., Myint Z.T.T., and Thant Y.M., 2024. IoT security using machine learning methods with features correlation. Journal of Computing Theories and Applications, 2(2), pp. 151-163.
[5]	Harbi Y., Medani K., Gherbi C., Aliouat Z., and Harous S., 2024. Roadmap of adversarial machine learning in internet of things-enabled security systems. Sensors, 24(16), 5150.
[6]	Alomiri A., Mishra S., and AlShehri M., 2024. Machine learning-based security mechanism to detect and prevent cyber-attack in IoT networks. International Journal of Computing and Digital Systems, 16(1), pp. 645-659.
[7]	Ibitoye O.F., 2024. Robust Defenses Against Adversarial Machine Learning in Internet of Things Security(Doctoral dissertation, Carleton University).
[8]	Iqbal Z., Sajid A., Zakki M.N., Zafar A., and Mehmood A., 2024. Role of machine and deep learning algorithms in secure intrusion detection systems (IDS) for IoT & smart cities. International Journal of Information Technology, Research and Applications, 3(4), pp. 1-16.
[9]	Jony A.I., and Arnob A.K.B., 2024. Securing the internet of things: evaluating machine learning algorithms for detecting IoT cyberattacks using cic-iot2023 dataset. International Journal of Information Technology and Computer Science, 16(4), pp. 56-65.
[10]	Kumar A., Guleria K., Chauhan R., and Upadhyay D., 2024. Enhancing security in CIC IoT networks through machine learning algorithms. In 2024 IEEE International Conference on Information Technology, Electronics and Intelligent Communication Systems (ICITEICS), pp. 1-5.
[11]	Wu X.W., Cao Y., and Dankwa R., 2024. Pareto-optimal machine learning models for security of IoT applications. In 2024 International Conference on Smart Applications, Communications and Networking (SmartNets), pp. 1-6.
[12]	El-Sofany H., El-Seoud S.A., Karam O.H., and Bouallegue B., 2024. Using machine learning algorithms to enhance IoT system security. Scientific Reports, 14(1), 12077.
[13]	Jones R.K., 2024. Enhancing IoT security: leveraging advanced deep learning architectures for proactive botnet detection and network resilience. In Redefining Security with Cyber AI, pp. 56-71.
[14]	Mohamed M., and Alosman K., 2024. A comprehensive machine learning framework for robust security management in cloud-based internet of things systems. Jurnal Kejuruteraan, 36(3), pp. 1055-1065.
[15]	Sai Y., and Wang T., 2024. IoT information security system based on artificial intelligence. In 2024 Second International Conference on Networks, Multimedia and Information Technology (NMITCON), pp. 1-6.
[16]	Rani S., Sharma A., and Zohaib M., 2024. Study for integrating IoT-IDS datasets: machine and deep learning for secure IoT network system. In Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering, pp. 686-691.
[17]	Saini H., Mohammad F., Singh M.K., Sharma K.K., Shukla M., and Singh R., 2024. IoT and machine learning based real-time protection against cyber-physical threat mitigation. In 2024 4th International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), pp. 1751-1755.
[18]	Şimşek M.M., and Atılgan E., 2024. DoS and DDoS attacks on internet of things and their detection by machine learning algorithms. Dicle ÜNiversitesi MüHendislik FaküLtesi MüHendislik Dergisi, 15(2), pp. 341-353.
[19]	Ioannou I., Savva M., Raspopoulos M., Christophorou C., and Vassiliou V., 2024. Revolutionising IoT network security by assessing ML localisation techniques against jamming attacks. In 2024 22nd Mediterranean Communication and Computer Networking Conference (MedComNet), pp. 1-10.