Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems

• URL: http://arxiv.org/abs/2603.00363v1
• Date: Fri, 27 Feb 2026 23:00:36 GMT
• Title: Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems
• Authors: Sourasekhar Banerjee, David Bergqvist, Salman Toor, Christian Rohner, Andreas Johnsson,
• Abstract summary: Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems.<n>Intrusion Detection Systems (IDS) trained on static datasets often fail to generalize to unseen threats.<n>We propose a method-agnostic IDS framework that can integrate diverse continual learning strategies.
• Score: 1.7297586889191063
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems. Intrusion Detection Systems (IDS) trained on static datasets often fail to generalize to unseen threats and suffer from catastrophic forgetting when updated with new attacks. Ensuring continual adaptability of IDS is therefore essential for maintaining robust IoT network defence. In this focused study, we formulate intrusion detection as a domain continual learning problem and propose a method-agnostic IDS framework that can integrate diverse continual learning strategies. We systematically benchmark five representative approaches across multiple domain-ordering sequences using a comprehensive multi-attack dataset comprising 48 domains. Results show that continual learning mitigates catastrophic forgetting while maintaining a balance between plasticity, stability, and efficiency, a crucial aspect for resource-constrained IoT environments. Among the methods, Replay-based approaches achieve the best overall performance, while Synaptic Intelligence (SI) delivers near-zero forgetting with high training efficiency, demonstrating strong potential for stable and sustainable IDS deployment in dynamic IoT networks.

Related papers

• Backdoor Attacks on Contrastive Continual Learning for IoT Systems [0.0]
  Internet of Things (IoT) systems increasingly depend on continual learning to adapt to non-stationary environments.<n> Contrastive continual learning (CCL) combines contrastive representation learning with incremental adaptation, enabling robust feature reuse.<n>Backdoor attacks can exploit embedding alignment and replay reinforcement, enabling the implantation of persistent malicious behaviors.
  arXiv  Detail & Related papers  (2026-02-13T16:17:25Z)
• Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework [60.72591149679355]
  The rapid expansion of low-altitude economy Internet of Things (LAE-IoT) networks has created unprecedented security challenges.<n>Traditional intrusion detection systems fail to tackle the unique characteristics of aerial IoT environments.<n>We introduce a large language model (LLM)-enabled agentic AI framework for enhancing intrusion detection in LAE-IoT networks.
  arXiv  Detail & Related papers  (2026-01-25T12:47:25Z)
• Adaptive Intrusion Detection System Leveraging Dynamic Neural Models with Adversarial Learning for 5G/6G Networks [2.062593640149623]
  This paper presents an advanced IDS framework that leverages adversarial training and dynamic neural networks in 5G/6G networks.<n>Unlike conventional models, which require costly retraining to update knowledge, the proposed framework integrates incremental learning algorithms, reducing the need for frequent retraining.
  arXiv  Detail & Related papers  (2025-12-11T13:40:37Z)
• CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection [9.92596575679496]
  Internet of Things (IoT) is vulnerable to a wide range of cyber threats.<n>Intrusion detection systems (IDS) have been extensively studied to enhance IoT security.<n>We propose CITADEL, a self-supervised continual learning framework to extract robust representations from benign data.
  arXiv  Detail & Related papers  (2025-08-26T21:55:26Z)
• Network Sparsity Unlocks the Scaling Potential of Deep Reinforcement Learning [57.3885832382455]
  We show that introducing static network sparsity alone can unlock further scaling potential beyond dense counterparts with state-of-the-art architectures.<n>Our analysis reveals that, in contrast to naively scaling up dense DRL networks, such sparse networks achieve both higher parameter efficiency for network expressivity.
  arXiv  Detail & Related papers  (2025-06-20T17:54:24Z)
• Expert-in-the-Loop Systems with Cross-Domain and In-Domain Few-Shot Learning for Software Vulnerability Detection [38.083049237330826]
  This study explores the use of Large Language Models (LLMs) in software vulnerability assessment by simulating the identification of Python code with known Common Weaknessions (CWEs)<n>Our results indicate that while zero-shot prompting performs poorly, few-shot prompting significantly enhances classification performance.<n> challenges such as model reliability, interpretability, and adversarial robustness remain critical areas for future research.
  arXiv  Detail & Related papers  (2025-06-11T18:43:51Z)
• Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks [47.18575262588692]
  We propose a novel Multi-Space Prototypical Learning framework tailored for few-shot attack detection.<n>By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks.<n> Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types.
  arXiv  Detail & Related papers  (2024-12-28T00:09:46Z)
• Lightweight CNN-BiLSTM based Intrusion Detection Systems for Resource-Constrained IoT Devices [38.16309790239142]
  Intrusion Detection Systems (IDSs) have played a significant role in detecting and preventing cyber-attacks within traditional computing systems. The limited computational resources available on Internet of Things (IoT) devices make it challenging to deploy conventional computing-based IDSs. We propose a hybrid CNN architecture composed of a lightweight CNN and bidirectional LSTM (BiLSTM) to enhance the performance of IDS on the UNSW-NB15 dataset.
  arXiv  Detail & Related papers  (2024-06-04T20:36:21Z)
• Redefining DDoS Attack Detection Using A Dual-Space Prototypical Network-Based Approach [38.38311259444761]
  We introduce a new deep learning-based technique for detecting DDoS attacks. We propose a new dual-space prototypical network that leverages a unique dual-space loss function. This approach capitalizes on the strengths of representation learning within the latent space.
  arXiv  Detail & Related papers  (2024-06-04T03:22:52Z)
• Enhancing IoT Security Against DDoS Attacks through Federated Learning [0.0]
  Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Traditional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning.
  arXiv  Detail & Related papers  (2024-03-16T16:45:28Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Dependable Intrusion Detection System for IoT: A Deep Transfer Learning-based Approach [0.0]
  This manuscript proposes a deep transfer learning-based dependable IDS model that outperforms several existing approaches. It includes effective attribute selection, which is best suited to identify normal and attack scenarios for a small amount of labeled data. It also includes a dependable deep transfer learning-based ResNet model, and evaluating considering real-world data.
  arXiv  Detail & Related papers  (2022-04-11T02:46:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.