A Multi-Step Comparative Framework for Anomaly Detection in IoT Data Streams
This provides incremental guidance for improving anomaly detection in IoT security, addressing a domain-specific need for practitioners.
The paper tackled the problem of anomaly detection in IoT data streams by evaluating how preprocessing steps interact with machine learning models, finding that Gradient Boosting consistently achieved superior accuracy, while RNN-LSTM and autoencoders showed specific gains in normalization and recall, respectively.
The rapid expansion of Internet of Things (IoT) devices has introduced critical security challenges, underscoring the need for accurate anomaly detection. Although numerous studies have proposed machine learning (ML) methods for this purpose, limited research systematically examines how different preprocessing steps--normalization, transformation, and feature selection--interact with distinct model architectures. To address this gap, this paper presents a multi-step evaluation framework assessing the combined impact of preprocessing choices on three ML algorithms: RNN-LSTM, autoencoder neural networks (ANN), and Gradient Boosting (GBoosting). Experiments on the IoTID20 dataset shows that GBoosting consistently delivers superior accuracy across preprocessing configurations, while RNN-LSTM shows notable gains with z-score normalization and autoencoders excel in recall, making them well-suited for unsupervised scenarios. By offering a structured analysis of preprocessing decisions and their interplay with various ML techniques, the proposed framework provides actionable guidance to enhance anomaly detection performance in IoT environments.