Improving IoT Intrusion Detection Through SMOTE-Based Oversampling and Extended Multi-Model Evaluation on Side-Channel Power Data

Researchers address critical class imbalance problems in IoT intrusion detection by applying SMOTE oversampling to power-based side-channel datasets, achieving superior detection performance with Random Forest and Extra Trees algorithms. The study demonstrates that balanced datasets reveal minority attack classes previously missed by traditional evaluation metrics, advancing security for IoT networks.

This research tackles a fundamental challenge in cybersecurity machine learning: detecting rare but critical attack events in datasets dominated by normal operations. The 75,964-to-1 class imbalance ratio represents a real-world problem where traditional algorithms struggle to learn attack patterns, often defaulting to predicting the majority class. By applying SMOTE to synthetically balance datasets, the researchers force algorithms to develop robust minority class recognition without losing detection sensitivity.

The work builds on prior power-based intrusion detection research but introduces methodological rigor missing from previous studies. By evaluating eight different algorithms under identical conditions, the authors establish a benchmark that accounts for both aggregate performance (micro-F1) and per-class accuracy (macro-F1). This dual-metric approach reveals that some attack combinations, particularly M+L infections, remain undetectable without balancing techniques—a critical insight for deployed systems where missing certain attacks could have severe consequences.

For IoT security practitioners, this research validates that algorithm selection matters less than addressing fundamental data imbalance first. Extra Trees matching Random Forest performance at 10x speed offers practical deployment advantages for resource-constrained IoT environments. The feature importance finding—that recent power measurements drive predictions—suggests attackers cannot easily disguise their presence across time-series data.

The significance lies in demonstrating reproducible methodologies for imbalanced cybersecurity datasets, providing a template other researchers can apply to different IoT attack scenarios and sensor modalities. This work strengthens the foundation for power-side-channel security as a viable intrusion detection approach in production environments.

• →SMOTE-based oversampling improves minority attack class detection from undetectable to 0.97+ F1 scores in IoT intrusion scenarios.
• →Extra Trees achieves equivalent performance to Random Forest at 10x faster inference, critical for real-time IoT deployments.
• →Macro-F1 metrics reveal per-class vulnerabilities that aggregate metrics hide, essential for security-critical applications.
• →Recent power measurements prove most informative for attack detection, constraining the temporal complexity of monitoring systems.
• →Class imbalance ratios exceeding 75,000:1 require synthetic oversampling; traditional algorithms fail on raw imbalanced data.