Given the increasing rate of cyber attacks, specifically Denial of Service (DoS) attacks, there is a growing need for fast and efficient Intrusion Detection Systems (IDS). In this work, we studied the implementation of real-time IDS within resource constrained environments like Internet of Things (IoT) networks. We studied and tested a wide range of Machine Learning and Deep Learning models applied to the CICIDS2017 dataset, a commonly used benchmarking tool for network intrusion detection. We compared the results of models such as Logistic Regression, Random Forest, XGBoost, K-Nearest Neighbors, Support Vector Machines, Single-layer Perceptron (SLP), Multi-layer Perceptron (MLP), Deep Convolutional Neural Network (DCNN), ResNet, and DenseNet. We focused our investigation on performance metrics such as accuracy, precision, recall, F1-score, and inference time, trying to find the model with the best trade-off between detection capability and computation overhead considering the constrained resources of IoT devices. The results highlight that real-time security of IoT infrastructures with minimal resource consumption is possible with simple models such as XGBoost, SLP, or MLP.
Lightweight Anomaly Detection for IoT: Evaluating Machine Learning and Deep Learning Models on CICIDS2017 / Iacobelli, E.; Ponzi, V.; Puglisi, A.; Kuznetsov, O.; Nieszporek, K.; Randieri, C.; Napoli, C.. - 15950:(2026), pp. 25-37. ( 24th International Conference on Artificial Intelligence and Soft Computing, ICAISC 2025 pol ) [10.1007/978-3-032-03711-4_3].
Lightweight Anomaly Detection for IoT: Evaluating Machine Learning and Deep Learning Models on CICIDS2017
Iacobelli E.Co-primo
Membro del Collaboration Group
;Ponzi V.Co-primo
Membro del Collaboration Group
;Puglisi A.Co-primo
Membro del Collaboration Group
;
2026
Abstract
Given the increasing rate of cyber attacks, specifically Denial of Service (DoS) attacks, there is a growing need for fast and efficient Intrusion Detection Systems (IDS). In this work, we studied the implementation of real-time IDS within resource constrained environments like Internet of Things (IoT) networks. We studied and tested a wide range of Machine Learning and Deep Learning models applied to the CICIDS2017 dataset, a commonly used benchmarking tool for network intrusion detection. We compared the results of models such as Logistic Regression, Random Forest, XGBoost, K-Nearest Neighbors, Support Vector Machines, Single-layer Perceptron (SLP), Multi-layer Perceptron (MLP), Deep Convolutional Neural Network (DCNN), ResNet, and DenseNet. We focused our investigation on performance metrics such as accuracy, precision, recall, F1-score, and inference time, trying to find the model with the best trade-off between detection capability and computation overhead considering the constrained resources of IoT devices. The results highlight that real-time security of IoT infrastructures with minimal resource consumption is possible with simple models such as XGBoost, SLP, or MLP.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
