Optimizing IoT Intrusion Detection with Tabular Foundation Models for Smart City Forensics
This work provides the first systematic evaluation of a foundation model for IoT intrusion detection, addressing the need for fast and accurate threat screening in smart city security operations.
TabPFNv2.5, a transformer-based foundation model, achieves 40x faster inference than Random Forest with 97% accuracy for IoT intrusion detection on the TON IoT dataset, enabling real-time forensic triage in smart cities.
Security operations in smart cities demand detection systems that balance accuracy with response time. While ensemble methods like Random Forest achieve high accuracy, their computational overhead impedes real-time forensic triage. We present the first systematic evaluation of TabPFNv2.5, a transformer-based foundation model, against traditional ensemble classifiers for IoT intrusion detection. Using the TON IoT dataset, we demonstrate that TabPFNv2.5 achieves 40 faster inference than Random Forest while maintaining 97% binary classification accuracy. We propose a hybrid pipeline in which TabPFNv2.5 performs rapid threat screening, while ensemble models handle detailed classification. Our analysis reveals that scanning attacks remain the hardest to detect (F1: 69.8%) and cross-device generalization depends critically on feature similarity. These findings establish foundation models as viable components for time-sensitive IoT security operations