Self-adaptive cyber defense for sustainable IoT: A DRL-based IDS optimizing security and energy efficiency

The Internet of Things (IoT) has revolutionized industries by creating a vast, interconnected ecosystem. Still, the rapid deployment of IoT devices has introduced severe security risks, including DDoS, DoS GoldenEye, DoS Hulk attacks, and Port scanning. Traditional Machine Learning (ML)-based Intrusion Detection Systems (IDS) often operate passively, detecting threats without taking action, and are rarely evaluated under real-time attacks. This limits our understanding of their performance within the resource constraints typical of IoT systems—an essential factor for stable, resilient systems. This paper proposes a Security Edge with Deep Reinforcement Learning (SecuEdge-DRL) specifically designed for the IoT edge, aiming to enhance security while maintaining energy efficiency, contributing to sustainable IoT operations. Our IDS integrates DRL with the MAPE-K (Monitor, Analyze, Plan, Execute, Knowledge) control loop, enabling real-time detection and adaptive response without relying on predefined data models. DRL allows continuous learning, while MAPE-K provides structured self-adaptation, ensuring the system remains effective against evolving threats. We also implemented four targeted security policies tailored to a specific attack type to enhance the IDS’s threat mitigation capabilities. Experimental findings indicate that the proposed SecuEdge-DRL achieves an average detection accuracy of 92% across diverse real-world cyber threats (e.g., DoS Hulk, DoS GoldenEyes, DDoS, and Port scanning). Statistical analysis further validates that these security policies enhance IoT systems’ defense without compromising performance, establishing our approach as a resilient, resource-efficient security solution for the IoT ecosystem.