Intrusion Detection on Resource-Constrained IoT Devices with Hardware-Aware ML and DL

TL;DR

This paper develops and evaluates hardware-aware machine learning and deep learning intrusion detection models optimized for resource-limited IoT devices, demonstrating their effectiveness and deployment feasibility on edge hardware.

Contribution

It introduces hardware-aware neural architecture search and constrained grid search for resource-efficient IDS models tailored for IoT edge devices, enabling practical real-time threat detection.

Findings

LightGBM achieves 95.3% accuracy within 75 KB flash and 1.2 K operations.

HW-NAS CNN reaches 97.2% accuracy with 190 KB flash and 840 K FLOPs.

Models operate within strict latency and resource constraints on Raspberry Pi 3 B Plus.

Abstract

This paper proposes a hardware-aware intrusion detection system (IDS) for Internet of Things (IoT) and Industrial IoT (IIoT) networks; it targets scenarios where classification is essential for fast, privacy-preserving, and resource-efficient threat detection. The goal is to optimize both tree-based machine learning (ML) models and compact deep neural networks (DNNs) within strict edge-device constraints. This allows for a fair comparison and reveals trade-offs between model families. We apply constrained grid search for tree-based classifiers and hardware-aware neural architecture search (HW-NAS) for 1D convolutional neural networks (1D-CNNs). Evaluation on the Edge-IIoTset benchmark shows that selected models meet tight flash, RAM, and compute limits: LightGBM achieves 95.3% accuracy using 75 KB flash and 1.2 K operations, while the HW-NAS-optimized CNN reaches 97.2% with 190 KB flash and 840 K floating-point operations (FLOPs). We deploy the full pipeline on a Raspberry Pi 3 B Plus, confirming that tree-based models operate within 30 ms and that CNNs remain suitable when accuracy outweighs latency. These results highlight the practicality of hardware-constrained model design for real-time IDS at the edge.