Deep Feature Learning Enhanced Ensemble Models for Multi-Class Intrusion Detection in Imbalanced IoT Networks
Oluwapelunmi Bankole *
Department of Management, Entrepreneurship Technology, Lee Business School, University of Nevada Las Vegas, 4505 S Maryland Pkwy, Las Vegas, NV 89154, USA.
*Author to whom correspondence should be addressed.
Abstract
The proliferation of Internet of Things (IoT) devices has created unprecedented security challenges, with intrusion detection systems (IDS) facing significant difficulties in accurately identifying diverse attack patterns within highly imbalanced network traffic datasets. Traditional machine learning approaches, while effective for majority classes, often fail to detect minority attack types that pose critical security threats. This study investigates the integration of deep learning feature extraction techniques with ensemble models to enhance multi-class intrusion detection performance in imbalanced IoT networks. Using the IoTID20 dataset containing 261,419 samples across 9 attack categories, we systematically evaluate autoencoder-based and convolutional neural network (CNN)-based feature extraction combined with XGBoost ensemble classifier, comparing these hybrid approaches against traditional sampling methods. Our comprehensive experimental analysis reveals that while baseline XGBoost achieved 91.46% accuracy on the preprocessed dataset, the integration of SMOTE with traditional features improved minority class detection by up to 65% for the most challenging attack type (Mirai-Ackflooding), increasing F1-score from 0.264 to 0.432. However, deep feature learning approaches demonstratedtrade-offs: although dimensionality was successfully reduced from 79 to 32 features (59.5% compression), overall accuracydecreased to 84.93% for hybrid models. Crucially,SMOTE-enhanced ensemble methods produced the most significant improvement for the rarest attack type (Mirai-Ackflooding),raising the F1-score from 0.264 to 0.432—a 63.6% relative gain—demonstrating that targeted oversampling can make previously undetectable rare attacks reliably identifiable. Our findings indicate that data quality preprocessing and appropriate sampling techniques should be prioritised before implementing computationally intensive feature learning, particularly for moderate-sized datasets. These results offer direct practical guidance for IoT security practitioners: lightweight ensemble models trained on rigorously cleaned data achieve performance competitive with far more complex deep architectures, making them viable for resource-constrained gateway and edge deployments. This research contributes practical insights into when deep learning feature extraction provides advantages in IoT intrusion detection and establishes that context-dependent approaches outperform universal architectural solutions.
Keywords: Internet of Things, intrusion detection, imbalanced learning, deep learning, ensemble methods, feature extraction, XGBoost, autoencoder, convolutional neural networks, SMOTE, cybersecurity, network security