Toward Autonomous and Efficient Cybersecurity: A Multi-Objective AutoML-based Intrusion Detection System

TL;DR

This paper introduces an innovative AutoML-based intrusion detection system that employs multi-objective optimization to enhance detection accuracy and efficiency, especially suited for resource-constrained IoT and edge networks.

Contribution

It presents the first IDS framework integrating all four AutoML stages with multi-objective optimization for balanced detection performance and computational efficiency.

Findings

Outperforms state-of-the-art IDSs on benchmark datasets.

Effectively balances detection accuracy and computational efficiency.

Supports deployment in resource-constrained IoT and edge environments.

Abstract

With increasingly sophisticated cybersecurity threats and rising demand for network automation, autonomous cybersecurity mechanisms are becoming critical for securing modern networks. The rapid expansion of Internet of Things (IoT) systems amplifies these challenges, as resource-constrained IoT devices demand scalable and efficient security solutions. In this work, an innovative Intrusion Detection System (IDS) utilizing Automated Machine Learning (AutoML) and Multi-Objective Optimization (MOO) is proposed for autonomous and optimized cyber-attack detection in modern networking environments. The proposed IDS framework integrates two primary innovative techniques: Optimized Importance and Percentage-based Automated Feature Selection (OIP-AutoFS) and Optimized Performance, Confidence, and Efficiency-based Combined Algorithm Selection and Hyperparameter Optimization (OPCE-CASH). These components optimize feature selection and model learning processes to strike a balance between intrusion detection effectiveness and computational efficiency. This work presents the first IDS framework that integrates all four AutoML stages and employs multi-objective optimization to jointly optimize detection effectiveness, efficiency, and confidence for deployment in resource-constrained systems. Experimental evaluations over two benchmark cybersecurity datasets demonstrate that the proposed MOO-AutoML IDS outperforms state-of-the-art IDSs, establishing a new benchmark for autonomous, efficient, and optimized security for networks. Designed to support IoT and edge environments with resource constraints, the proposed framework is applicable to a variety of autonomous cybersecurity applications across diverse networked environments.