Title: Enhancing IoT Intrusion Detection via SMOTE Oversampling and Comprehensive Multi-Model Analysis on Side-Channel Power Metrics

Abstract:

Traditional machine learning techniques struggle to address the unique hurdles of intrusion detection within Internet of Things (IoT) networks. A primary obstacle is the severe class imbalance inherent in side-channel datasets, where the disparity between normal traffic samples and attack instances can be as extreme as 75,964 to 1. While Dominguez et al. demonstrated the viability of power-based intrusion detection, their work did not attempt to mitigate this imbalance, nor did it evaluate classifier performance on a balanced training set. This study addresses both limitations simultaneously.

We applied the Synthetic Minority Oversampling Technique (SMOTE) to all nine datasets derived from the original source, achieving a precise imbalance ratio of 1.1 across each. Under identical experimental conditions, we trained eight distinct algorithms on the SMOTE-balanced 6-hour dataset: Random Forest, HistGradientBoosting, LightGBM, Extra Trees, XGBoost, k-Nearest Neighbors, Multi-Layer Perceptron, and Decision Tree.

The results highlight significant performance gains. The Random Forest model achieved a micro-averaged F1 score of 0.9989 and a macro F1 score of 0.9794, surpassing the previous best micro-F1 score of 0.9983 reported by the Time Series Forest algorithm in the foundational study. Notably, Extra Trees delivered equivalent performance but operated ten times faster.

By explicitly incorporating the macro-F1 metric—contrasting with the aggregate metrics used in the base paper—this analysis uncovers critical class-level insights that broader performance indicators often obscure. An examination of per-class recall rates, utilizing confusion matrices, F1 heatmaps, and ROC curves, demonstrates that minority attack classes, particularly those involving combined M+L infections, are detected with high reliability only when SMOTE balancing is employed. Furthermore, feature importance analysis identified the most recent time steps within the 60-step power window as the most significant predictor signals.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC