Exploring Unsupervised One-Class Classifiers for Lightweight Intrusion Detection in IoT Systems

The Internet of Things (IoT) has revolutionized numerous domains, but security and privacy remain significant concerns. Massive amounts of IoT data poses challenges for a centralized IDS. Distributed solutions, particularly using Machine Learning (ML) and Deep Learning (DL) methods, demand substantial data and processing power, thus impractical for resource-constrained IoT devices. This study employs three ML, one DL, and five One-Class Classification (OCC) methods for anomaly detection across five IoT datasets. While supervised ML and DL methods demonstrate superior performance, only some OCC methods exhibit comparable performance. All ML and DL methods show consistent performance on all different datasets, but this seamless consistency is not observed among OCCs. DT stands out as the most accurate algorithm among all, and DROCC and LOF stand out as the most accurate and consistent OCCs. In terms of execution time, DT is the fastest among all methods, and DROCC and LOF are the second and third fastest among OCCs. Conversely, among the most time-consuming algorithms, OCSVM is the most time-intensive, followed by DeepSVDD and DNN.