Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison

• URL: http://arxiv.org/abs/2511.21842v1
• Date: Wed, 26 Nov 2025 19:17:29 GMT
• Title: Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison
• Authors: Md. Sad Abdullah Sami, Mushfiquzzaman Abid,
• Abstract summary: This study investigates the effectiveness of two unsupervised anomaly detection techniques, Isolation Forest (IF) and One-Class Support Vector Machine (OC-SVM)<n>IF consistently outperformed OC-SVM, achieving higher detection accuracy, superior precision, and recall, along with a significantly better F1-score.<n>These findings underscore Isolation Forest's robustness in high-dimensional and imbalanced IoT environments.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The rapid expansion of Internet of Things (IoT) deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly Detection Systems (ADS) in identifying emerging and zero-day threats, this study investigates the effectiveness of two unsupervised anomaly detection techniques, Isolation Forest (IF) and One-Class Support Vector Machine (OC-SVM), using the TON_IoT thermostat dataset. A comprehensive evaluation was performed based on standard metrics (accuracy, precision, recall, and F1-score) alongside critical resource utilization metrics such as inference time, model size, and peak RAM usage. Experimental results revealed that IF consistently outperformed OC-SVM, achieving higher detection accuracy, superior precision, and recall, along with a significantly better F1-score. Furthermore, Isolation Forest demonstrated a markedly superior computational footprint, making it more suitable for deployment on resource-constrained IoT edge devices. These findings underscore Isolation Forest's robustness in high-dimensional and imbalanced IoT environments and highlight its practical viability for real-time anomaly detection.

Related papers

• Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework [60.72591149679355]
  The rapid expansion of low-altitude economy Internet of Things (LAE-IoT) networks has created unprecedented security challenges.<n>Traditional intrusion detection systems fail to tackle the unique characteristics of aerial IoT environments.<n>We introduce a large language model (LLM)-enabled agentic AI framework for enhancing intrusion detection in LAE-IoT networks.
  arXiv  Detail & Related papers  (2026-01-25T12:47:25Z)
• An Optimized Decision Tree-Based Framework for Explainable IoT Anomaly Detection [1.2520011735093362]
  The increase in the number of Internet of Things (IoT) devices has tremendously increased the attack surface of cyber threats.<n>The present paper suggests an explainable AI (XAI) framework based on an optimized Decision Tree classifier.<n>The proposed system attains the state of art on the test performance with 99.91% accuracy, F1-score of 99.51% and Cohen Kappa of 0.9960 and high stability is confirmed by a cross validation mean accuracy of 98.93%.
  arXiv  Detail & Related papers  (2026-01-18T08:48:53Z)
• SHIELD: Securing Healthcare IoT with Efficient Machine Learning Techniques for Anomaly Detection [0.0]
  This study proposes a machine learning-driven framework for detecting malicious cyberattacks and identifying faulty device anomalies.<n>Eight machine learning models are evaluated across three learning approaches.<n>The framework has the potential to prevent data breaches, minimize system downtime, and ensure the continuous and safe operation of medical devices.
  arXiv  Detail & Related papers  (2025-11-05T17:20:23Z)
• CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection [9.92596575679496]
  Internet of Things (IoT) is vulnerable to a wide range of cyber threats.<n>Intrusion detection systems (IDS) have been extensively studied to enhance IoT security.<n>We propose CITADEL, a self-supervised continual learning framework to extract robust representations from benign data.
  arXiv  Detail & Related papers  (2025-08-26T21:55:26Z)
• Contrastive-KAN: A Semi-Supervised Intrusion Detection Framework for Cybersecurity with scarce Labeled Data [0.0]
  We propose a real-time intrusion detection system based on a semi-supervised contrastive learning framework.<n>Our method leverages abundant unlabeled data to effectively distinguish between normal and attack behaviors.<n> Experimental results show that our method outperforms existing contrastive learning-based approaches.
  arXiv  Detail & Related papers  (2025-07-14T21:02:34Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Effective Intrusion Detection in Highly Imbalanced IoT Networks with Lightweight S2CGAN-IDS [48.353590166168686]
  Internet of Things (IoT) networks contain benign traffic far more than abnormal traffic, with some rare attacks. Most existing studies have been focused on sacrificing the detection rate of the majority class in order to improve the detection rate of the minority class. We propose a lightweight framework named S2CGAN-IDS to expand the number of minority categories in both data space and feature space.
  arXiv  Detail & Related papers  (2023-06-06T14:19:23Z)
• Free Lunch for Generating Effective Outlier Supervision [46.37464572099351]
  We propose an ultra-effective method to generate near-realistic outlier supervision. Our proposed textttBayesAug significantly reduces the false positive rate over 12.50% compared with the previous schemes.
  arXiv  Detail & Related papers  (2023-01-17T01:46:45Z)
• Anomaly Detection Based on Selection and Weighting in Latent Space [73.01328671569759]
  We propose a novel selection-and-weighting-based anomaly detection framework called SWAD. Experiments on both benchmark and real-world datasets have shown the effectiveness and superiority of SWAD.
  arXiv  Detail & Related papers  (2021-03-08T10:56:38Z)
• Robust Attack Detection Approach for IIoT Using Ensemble Classifier [0.0]
  The objective is to develop a two-phase anomaly detection model to enhance the reliability of an IIoT network. The proposed model is tested on standard IoT attack outliers such as WUSTL_IIOT-2018, N_BaIoT, and Bot_IoT. The results also demonstrate that the proposed model outperforms traditional techniques and thus improves the reliability of an IIoT network.
  arXiv  Detail & Related papers  (2021-01-30T07:21:44Z)
• Uncertainty-Aware Deep Calibrated Salient Object Detection [74.58153220370527]
  Existing deep neural network based salient object detection (SOD) methods mainly focus on pursuing high network accuracy. These methods overlook the gap between network accuracy and prediction confidence, known as the confidence uncalibration problem. We introduce an uncertaintyaware deep SOD network, and propose two strategies to prevent deep SOD networks from being overconfident.
  arXiv  Detail & Related papers  (2020-12-10T23:28:36Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.