Anomaly Detection for Enhancing IoT Device Security Using Machine Learning: A Comparative Study of Four Lightweight Models Based on the IoT-23 Dataset

School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, 215028, China

^* Corresponding author: This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract

This study focused on lightweight anomaly detection for Internet of Things (IoT) edge devices using the IoT-23 dataset. Four models were developed: Logistic Regression, Decision Tree (DT), Naive Bayes (NB), and Linear Support Vector Machine (SVM). The Decision Tree attained the highest accuracy at 0.9956, with an F1 score of 0.8873, exceeding IoT-23 standards while maintaining a low false positive rate of 0.0024. Logistic Regression had a precision of 0.6602, Naive Bayes struggled with feature independence, and Linear SVM missed some attacks due to its precision focus. All models identified high-risk traffic, especially on port 1 (100% attack frequency) and port 23 (related to Mirai botnets). However, the core location F1 score was low ( ≤ 0.0103) due to inadequate core sample representation. The study emphasises the need for feature optimisation and suggests the Decision Tree for its accuracy and interpretability. Future work will explore ensemble learning, use datasets like BoT-IoT, implement online education, and conduct field tests on devices like the ESP8266. Overall, lightweight machine learning can enhance IoT edge security, with the Decision Tree being the preferred option.