Evaluating the performance of TinyML singular and ensemble techniques for intrusion detection in IoT networks

IF 1.9 4区计算机科学 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Microprocessors and Microsystems Pub Date : 2025-06-03 DOI:10.1016/j.micpro.2025.105172

Abderahmane Hamdouchi , Ali Idri

{"title":"Evaluating the performance of TinyML singular and ensemble techniques for intrusion detection in IoT networks","authors":"Abderahmane Hamdouchi , Ali Idri","doi":"10.1016/j.micpro.2025.105172","DOIUrl":null,"url":null,"abstract":"<div><div>As the Internet of Things (IoT) expands, safeguarding IoT networks from vulnerabilities becomes critical. Intrusion detection systems (IDS) leveraging machine learning (ML) techniques are essential for enhancing security and preventing unauthorized access. However, transmitting data to the cloud can introduce latency, impeding real-time attack detection. This research evaluates three TinyML ensemble techniques (random forest, XGBoost, and extra trees) and three singular techniques (decision tree, Gaussian naive Bayes, and multilayer perceptron) using two feature selection methods (maximum relevance minimum redundancy and analysis of variance) on the NF-ToN-IoT-v2 and NF-BoT-IoT-v2 datasets for cyberattack detection. Evaluations on the Arduino UNO used the prediction performance criteria (Cohen’s kappa and Matthew’s correlation coefficient), device metrics (latency, static RAM, and flash memory), and the Scott-Knott test and Borda count voting system to assess the statistical significance and to rank the models. Results show that singular TinyML models outperformed ensemble models for multiclass classification in the IDS-IoT context. The best models are: (1) MLP with 20 features and a hidden layer size of 56 for NF-ToN-IoT-v2; and (2) ET with 13 features, 2 estimators, and a tree depth of 16 for NF-BoT-IoT-v2.</div></div>","PeriodicalId":49815,"journal":{"name":"Microprocessors and Microsystems","volume":"117 ","pages":"Article 105172"},"PeriodicalIF":1.9000,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Microprocessors and Microsystems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0141933125000407","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

As the Internet of Things (IoT) expands, safeguarding IoT networks from vulnerabilities becomes critical. Intrusion detection systems (IDS) leveraging machine learning (ML) techniques are essential for enhancing security and preventing unauthorized access. However, transmitting data to the cloud can introduce latency, impeding real-time attack detection. This research evaluates three TinyML ensemble techniques (random forest, XGBoost, and extra trees) and three singular techniques (decision tree, Gaussian naive Bayes, and multilayer perceptron) using two feature selection methods (maximum relevance minimum redundancy and analysis of variance) on the NF-ToN-IoT-v2 and NF-BoT-IoT-v2 datasets for cyberattack detection. Evaluations on the Arduino UNO used the prediction performance criteria (Cohen’s kappa and Matthew’s correlation coefficient), device metrics (latency, static RAM, and flash memory), and the Scott-Knott test and Borda count voting system to assess the statistical significance and to rank the models. Results show that singular TinyML models outperformed ensemble models for multiclass classification in the IDS-IoT context. The best models are: (1) MLP with 20 features and a hidden layer size of 56 for NF-ToN-IoT-v2; and (2) ET with 13 features, 2 estimators, and a tree depth of 16 for NF-BoT-IoT-v2.

查看原文本刊更多论文

评估TinyML奇异和集成技术在物联网网络中入侵检测的性能

随着物联网（IoT）的扩展，保护物联网网络免受漏洞的侵害变得至关重要。利用机器学习（ML）技术的入侵检测系统（IDS）对于增强安全性和防止未经授权的访问至关重要。然而，将数据传输到云可能会引入延迟，从而阻碍实时攻击检测。本研究评估了三种TinyML集成技术（随机森林、XGBoost和额外树）和三种奇异技术（决策树、高斯朴素贝叶斯和多层感知器），使用两种特征选择方法（最大相关最小冗余和方差分析）在NF-ToN-IoT-v2和NF-BoT-IoT-v2数据集上进行网络攻击检测。对Arduino UNO的评估使用了预测性能标准（Cohen’s kappa和Matthew’s相关系数）、设备指标（延迟、静态RAM和闪存）、Scott-Knott测试和Borda计数投票系统来评估统计显著性并对模型进行排名。结果表明，在IDS-IoT环境下，单一TinyML模型在多类分类方面优于集成模型。最佳模型是：(1)NF-ToN-IoT-v2的MLP具有20个特征，隐藏层大小为56；(2) NF-BoT-IoT-v2的ET具有13个特征，2个估计器，树深度为16。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Microprocessors and Microsystems 工程技术-工程：电子与电气

CiteScore

6.90

自引率

3.80%

发文量

204

审稿时长

172 days

期刊介绍： Microprocessors and Microsystems: Embedded Hardware Design (MICPRO) is a journal covering all design and architectural aspects related to embedded systems hardware. This includes different embedded system hardware platforms ranging from custom hardware via reconfigurable systems and application specific processors to general purpose embedded processors. Special emphasis is put on novel complex embedded architectures, such as systems on chip (SoC), systems on a programmable/reconfigurable chip (SoPC) and multi-processor systems on a chip (MPSoC), as well as, their memory and communication methods and structures, such as network-on-chip (NoC). Design automation of such systems including methodologies, techniques, flows and tools for their design, as well as, novel designs of hardware components fall within the scope of this journal. Novel cyber-physical applications that use embedded systems are also central in this journal. While software is not in the main focus of this journal, methods of hardware/software co-design, as well as, application restructuring and mapping to embedded hardware platforms, that consider interplay between software and hardware components with emphasis on hardware, are also in the journal scope.