Enhancing Cybersecurity in IoT & IIoT: A Machine Learning Approach for Anomaly Detection ()
1. Introduction
The Internet of Things (IoT) and the Industrial Internet of Things (IIoT) have totally changed the way industries work by connecting devices and automating processes, which helps in making smart decisions [1]. IoT includes all those smart gadgets and sensors that gather and share data, while IIoT takes this further into areas like manufacturing, energy, and transportation [2]. Because of the rise of IoT and IIoT devices, we’re now seeing a huge surge in data, which can really help with efficiency and maintenance [3]. But, with all this growth comes some big security issues since a lot of IoT and IIoT systems don’t have strong security, which can leave them open to cyberattacks [4]. In IoT and IIoT ecosystems, concerns like DDoS attacks, malware, and unauthorized access can seriously threaten data security and system performance [5]. Such fundamental measures of security such as firewalls and encryption methods are often rendered ineffective in the face of the highly heterogeneous and dynamic landscapes found in IoT networks [6]. Plus, many IoT devices don’t have the processing power to handle complicated security measures. Because of this, we really need better ways to spot and deal with cyber threats in real-time. Machine Learning (ML) is starting to look like a good answer for improving security in these systems [7]-[10]. Being able to analyze a lot of network data, it helps find out different patterns and catches everything that seems off. Different ML techniques have shown that supervised learning and unsupervised learning did miracles and could distinguish normal behavior from unusual behavior pretty well [11]. Still, there are some ongoing issues, like false alarms and attacks on the ML models themselves, which we need to sort out [12]. Improving cybersecurity in IoT and IIoT using ML’s anomaly detection is key to protecting important systems, keeping data private, and ensuring everything runs smoothly [13]. Solid detection systems can help prevent financial losses, protect sensitive information, and reduce downtime from cyber-attacks. Plus, using machine learning in IoT and IIoT security fits right in with the changes we’re seeing in Industry 4.0, making industrial systems smarter and tougher [14].
The ever-increasing deployment of IoT/IIoT systems is posing a real-time challenge to existing security mechanisms for the detection of advanced cyber threats; though many systems with such an intention exist, challenges are nonetheless apparent [15]. Conventional signature-based detection schemes work poorly against zero-day attacks, and rule-based systems fail mainly because of the ever-changing nature of IoT networks [16]. Therefore, adaptive, scalable, and efficient ML parameterization for anomaly detection needs to be considered to overcome those limitations [17]. This research is concerned with the design and evaluation of ML-based anomaly detection models developed for IoT/IIoT environments. The research analyzes supervised and unsupervised methods, including deep learning, to increase detection accuracy and reduce computational overhead [18]. The work covers real-world IoT/IIoT datasets and simulated attack scenarios for validation [19]. The primary research question is: How can machine learning enhance anomaly detection in IoT/IIoT cybersecurity? The aim of this study is to design an efficient ML-based framework for identifying and mitigating cyber threats in IoT/IIoT networks. Key objectives include: 1) reviewing existing ML-based anomaly detection techniques, 2) developing an optimized detection model, and 3) evaluating performance metrics such as precision, recall, and computational efficiency [20]. Unlike prior works focusing on single-algorithm approaches (e.g., SVM or LSTM alone), our hybrid framework uniquely combines Random Forest, Isolation Forest, and LSTM autoencoders to address both known and zero-day attacks. This integration achieves superior accuracy (96.2% F1-score) while maintaining edge compatibility, a gap in existing literature. Additionally, our adversarial training and federated learning components advance robustness and scalability, respectively, beyond current state-of-the-art solutions [11] [17].
The remainder of this paper is organized as follows: Section II reviews related works on IoT/IIoT security and ML-based anomaly detection. Section III presents the proposed methodology, while Section IV discusses experimental results. Finally, Section V concludes the study and suggests future research directions.
2. Literature Review
2.1. Overview of IoT and IIoT Security Challenges
The rapid adoption of IoT and IIoT has introduced complex security challenges due to the heterogeneous and distributed nature of these systems [1] [2]. Traditional security mechanisms, such as firewalls and encryption, struggle to protect IoT/IIoT networks due to their limited computational resources and dynamic attack surfaces [4] [6]. In a world of cyber threats, botnet attacks such as Mirai, ransomware, or man-in-the-middle (MITM) attacks exploit the vulnerabilities of poorly secured IoT devices. Critical infrastructure IIoT systems such as smart grid power supply infrastructures and industrial control systems are prime targets of the advanced persistent threats (APTs) that can interrupt the operational procedures to a catastrophic extent [5]. Various authors have pointed out the shortcomings of the traditional intruder detection systems (IDS) regarding IoT/IIoT environments [13] [16]. A signature-based IDS mainly suffers from the inability to detect so-called zero-day attacks, whereas rule-based systems are intended to be in constant need of updating to remain helpful [13] [21]. Due to the huge amount of data produced by IoT devices, it is also imperative that detection mechanisms be scalable and real-time, which traditional security methods typically do not provide [22] [23].
2.2. Machine Learning for Anomaly Detection in IoT/IIoT
Machine Learning (ML) has developed into a leading means of detecting anomalies in IoT/IIoT networks due to its unique characteristics of being able to learn patterns from data and adapt to the evolving nature of these threats [8] [9]. SVM and Random Forest are two supervised learning algorithms often applied for high-accuracy classification of malicious traffic [24] [25]. One major drawback with these algorithms is that they require labeled datasets, which are often in short supply in real-life IoT implementations [26].
Clustering (K-means, DBSCAN) and autoencoders are different types of unsupervised learning approaches that have found increased applicability in the detection of unknown attack patterns without prior labeling [10] [27]. Deep learning offers several models for solving this problem, among which CNNs and LSTMs have comparatively excelled in recognizing complex signature attacks in network traffic [17] [28]. For instance, Mirsky et al. [18] proposed an ensemble of autoencoders, called Kitsune, for the real-time intrusion detection system in IoT networks with a high detection rate and low latency. However, machine-learning-based anomaly detection is still a challenge because of adversarial attacks (for instance, evasion and poisoning attacks), many false positives, and resource overhead in IoT devices [11] [29]. Federated learning and edge-based ML have been proposed to mitigate these issues by distributing computation and preserving data privacy [30] [31].
2.3. Comparative Analysis of Existing Approaches
A comparative analysis of recent ML-based anomaly detection techniques reveals varying performance across different IoT/IIoT datasets. Meidan et al. [7] demonstrated that behavioral profiling using ML improves device identification and attack detection in IoT networks. Similarly, Chaabouni et al. [11] found that hybrid models combining supervised and unsupervised learning outperform single-algorithm approaches in detecting zero-day attacks.
However, most existing studies focus on specific attack types (e.g., DDoS, malware) rather than providing a holistic security framework for diverse IoT/IIoT environments [32] [33]. Additionally, there is a lack of standardized evaluation metrics and benchmark datasets, making it difficult to compare different ML models fairly [34]. Recent works emphasize the need for explainable AI (XAI) in cybersecurity to enhance trust and interpretability in ML-driven detection systems [35].
2.4. Research Gaps and Opportunities
On the one hand, ML-based anomaly detection has immense potential to help secure IoT/IIoT systems. On the other hand, it has quite a lot of issues being subject to very important research gaps. Scalability is an important critical area of research. For instance, a lot of ML models cannot work on IoT/IIoT networks that are high in terms of dimensionality and it should be real-time for large production [36]. Besides, they don’t account for adversarial robustness. You have such an ML model which is open to evasion and poisoning attacks [29] [37]. Moreover, energy efficiency remains a major problem because the deployment of deep learning models, which are resource-hungry in computations, is rarely possible on IoT devices that are resource deficient [38]. And it adds the disadvantage of non-availability of common datasets and evaluation metrics that compare the performance of models in several studies [34]. In face of these drawbacks, new approaches such as reinforcement learning (RL) for dynamic threat adaptation show a high promise for future research, as also quantum ML improvements in computational efficiency [39]-[44]. This could go a long way in developing strong, scalable, and energy-efficient ML solutions for IoT/IIoT security.
3. Methodology
3.1. Data Collection and Preprocessing
3.1.1. Data Collection
The research made use of three benchmark datasets to evaluate the framework proposed. The TON-IoT dataset provided the telemetry data of IoT/IIoT devices with labels offering realistic attack scenarios [45]. The CICIDS2017 dataset was used for analyzing the network traffic due to its diverse attack signatures [46], and the UNSW-NB15 instance offered dual-testing environments in hybrid IoT-enterprise scenarios [47]. These datasets were selected for maximum coverage in relation to the security challenges posed in IoT/IIoT including zero-day attacks and temporal anomaly detection.
3.1.2. Preprocessing and Justification
The data preprocessing consisted of three vital steps. Min-max scaling was applied first to normalize non-homogeneous data values into a single range. Following that, dimensionality reduction was performed with a Principal Component Analysis for linear correlations, while an auto encoder was used for capturing other non-linear patterns considering maximum computational efficiency. Next, engineering of temporal features such as session duration and packet-frequency related statistical measures was performed such that better discriminative power was necessitated. PCA was intended for better interpretability, making it useful for linear relationships, whereas the autoencoders complemented it by capturing complex non-linear dependency presented in the data, ensuring that the representation of features is kept as a solid feature representation for subsequent ML models [48] [49].
3.2. Model Architecture
Our hybrid ML framework employs a strategically selected combination of three complementary algorithms, each targeting distinct dimensions of IoT/IIoT security threats while collectively addressing the limitations of monolithic approaches [11] [17]. The ensemble comprises: 1) a Random Forest classifier (100 trees, Gini impurity) optimized for high-precision (95.8% F1-score) identification of known attack signatures in labeled datasets; 2) an Isolation Forest detector (ψ = 0.01) implementing unsupervised anomaly scoring to surface zero-day threats without dependency on labeled examples; We chose the Isolation Forest algorithm because it works well for finding anomalies without needing labeled data, which is often hard to come by in high-dimensional IoT or IIoT data. Its way of breaking down the data helps it spot anomalies with fewer splits, making it faster and easier to use, especially on devices that have limited resources [41], and 3) a stacked LSTM autoencoder (64-unit hidden layers, sequence length = 10) specifically engineered to extract temporal patterns from network traffic streams, demonstrating particular efficacy against DDoS attacks (22% false negative reduction versus non-temporal baselines). This tripartite architecture, illustrated in Figure 1, achieves comprehensive threat coverage while maintaining the computational efficiency required for edge deployment through careful dimensionality management (PCA + autoencoder preprocessing) and federated optimization.
The implementation details of each component reflect both algorithmic best practices and IoT-specific optimizations: a) Random Forest employs scikit-learn’s histogram-based split finding for 3.2 × speedup on edge hardware; b) Isolation Forest implements the extended iForest algorithm for streaming data support; and c) the LSTM autoencoder uses CuDNN kernels when GPU-accelerated nodes are available.
Figure 1. Proposed ML Framework Architecture as described in Section III-B, illustrating the 4-phase integration of Random Forest, Isolation Forest, and LSTM autoencoder components.
3.3. Training and Optimization
The framework’s training pipeline incorporates three key optimization strategies to enhance security and efficiency. Federated learning (FL) was implemented across Raspberry Pi 4 edge nodes, enabling distributed model training that reduces cloud dependency by 40% while preserving data privacy through localized processing. To defend against adversarial evasion, the models underwent robust training using Fast Gradient Sign Method (FGSM)-resistant architectures, reducing attack success rates from 32% to 8%. Bayesian approaches to hyperparameter optimization with F1-score maximization in the objective function exhaustively trail over 200 parameter combinations to realize detection performance. We used Bayesian methods for hyperparameter tuning, which helps adjust settings by modeling the F1-score as a Gaussian process. This method cut down the search space by 60% compared to grid search and found the best configurations, like using 100 trees for Random Forest and 64-unit LSTM layers, in just 200 iterations while keeping within the limits of edge devices [42]. This multiple-faceted approach is intentionally designed to overcome the most significant constraints of the IoT/IIoT. The FL satisfies privacy compliance in distributed industrial environments; the models are hardened against the evolving threat vectors by adversarial training, and optimum algorithmic performance without transcending the computational limits of the edge devices is ensured by using coherent Bayesian optimization. Hyperparameters include Random Forest (100 trees, Gini impurity), LSTM autoencoder (64-unit hidden layer, Adam optimizer, learning rate = 0.001), and Isolation Forest (contamination factor = 0.01).
3.4. Experimental Setup and Ethical Considerations
Evaluation of the tasks was carried out in a hardware testbed with Raspberry Pi 4 units (4 GB RAM) for the edge deployment and NVIDIA Jetson TX2 modules as the gateway nodes, thus depicting realistic constraints of an IoT/IIoT infrastructure. System performance was evaluated in terms of three criteria, namely F1-score for detection accuracy, inference latency (in milliseconds), and energy usage (in Joules per inference). In consideration of ethical principles, all datasets that had been acquired were subject to a stringent anonymization process preceding any analysis, and adversarial testing was carried out strictly in isolated sandbox environments, all with strict network segmentation controls. The experimental design thus enabled comprehensive evaluation and demonstration of the operational capability of the framework while adhering to security best practices such that data integrity is secured throughout the testing process.
4. Results
4.1. Detection Accuracy Performance
The proposed framework achieves state-of-the-art performance (Table 1) with a 96.2% F1-score, demonstrating significant improvements over existing approaches: CNN-LSTM (92.7%) [28], SVM (88.1%) [24], and Snort IDS (78.5%) [22]. Comprehensive evaluation across multiple metrics including a low false positive rate (1.8%), real-time latency (14.5 ms), and energy efficiency (0.42 Joules/inference) confirms its balanced detection capability. Precision-recall analysis (Figure 2) and energy-accuracy Pareto fronts (Figure 3) further validate superior performance trade-offs compared to GAN-based and transformer models [20]. Notably, the LSTM autoencoder component excels in temporal attack detection, achieving 98.3% recall for DDoS threats. As illustrated in Figure 4’s cross-dataset comparison, the hybrid architecture consistently outperforms alternatives, effectively addressing both known attack signatures and novel anomalies while maintaining computational efficiency.
Table 1. Comparative analysis of anomaly detection models.
Model |
F1-Score (%) |
False Positive Rate (%) |
Latency (ms) |
Energy
(Joules/inference) |
Proposed Framework |
96.2 |
1.8 |
14.5 |
0.42 |
CNN-LSTM [28] |
92.7 |
3.1 |
28.3 |
0.87 |
SVM [24] |
88.1 |
5.6 |
9.2 |
0.35 |
Snort (IDS) [22] |
78.5 |
8.9 |
2.1 |
0.12 |
The experimental results yielded three key findings that demonstrate the effectiveness of the proposed framework. First, the hybrid approach combining ensemble methods with LSTM architecture achieved an optimal balance between detection accuracy (96.2% F1-score) and false alarm reduction (1.8% FPR), significantly outperforming single-algorithm approaches. Second, through careful lightweight optimization, the framework-maintained edge compatibility with inference latency below 15 ms on Raspberry Pi devices while preserving detection performance, making it practical for resource-constrained IoT environments. Finally, the integration of SHAP explainability and adversarial training techniques successfully addressed two critical operational requirements: providing interpretable detection decisions with >90% analyst confidence while improving resilience against evasion attacks (reducing success rates from 32% to 8%) [37] [44], thereby
![]()
Figure 2. Performance comparison of Anomaly Detection Methods.
Figure 3. Performance comparison of Anomaly Detection Methods.
Figure 4. Bar plot comparison across datasets.
enhancing both the transparency and robustness of the security system in real-world deployments. These findings collectively validate the framework’s ability to meet the complex demands of modern IoT/IIoT cybersecurity.
4.2. Computational Efficiency Analysis
The framework demonstrated significant improvements in computational efficiency through its edge-optimized design. Deployment on edge devices achieved an inference latency of just 14.5 ms, representing a 48.76% reduction compared to cloud-based processing, enabling real-time threat detection capabilities critical for time-sensitive IoT applications. Furthermore, the implementation of federated learning yielded substantial energy savings, reducing consumption by 40.5% through distributed model training and localized data processing. The associated gains in efficiency are visually summarized via a grouped bar plot in Figure 5, which compares the latency and energy consumption breakdown of various deployment scenarios. The results validate that the framework indeed tries to find a balance between detection performance and resource efficiency, therefore making it well suited for resource-constrained IoT environments where fast response and lower power consumption are critical operational constraints.
![]()
Figure 5. Latency and energy consumption breakdown.
The multi-panel technical comparison illustrates and gives a clear picture of framework performance enhancement in regards to key operational metrics. The latency analysis reports a 66% improvement as processing moves from a cloud scenario to the edge where measured values fall consistently below the required 15 ms threshold for real-time processing applications in time-sensitive IoTs. The detailed pie chart effectively conveys the energy consumption profile, namely, the 40.5% savings from the distributed structure of federated learning. The horizontal bar graphs further quantify the reduced dependency of the system components on the cloud in demonstrating the edge-based processing of the framework. These three visualizations communicate three important advantages: 1) Real-time processing through edge optimization; 2) Energy efficiency gained by implementation of federated learning; 3) Reduced dependency on cloud infrastructure for maintaining detection accuracy, all key features for actually deploying IoT security in resource-constrained environments.
4.3. Robustness and Explainability Performance
Additionally, creating one of the most significant breakthroughs directed towards adversarial robustness and decision interpretability in its primary concerns to ML-based security systems. This implementation of FGSM-resistant models reduced the success rate of adversarial evasion attacks from 32 to 8 percent thus making the system stronger against lethal threats. To further complement this security strength, the SHAP (SHapley Additive exPlanations) values provided interpretability around detection decisions with over 90% confidence among security analysts, thereby allowing operational transparency for validation. The dual advancements are summarized in the line plot of adversarial attack resilience in Figure 6, showcasing the increasing strength of the framework against reduced detection accuracy with increasing levels of attack. Subsequently, these results corroborate how well the system positions itself in the juxtaposition of attack resistance and explainable AI, making it both technically sound and operationally practical for real-world IoT security deployments, where trust and reliability matter.
![]()
Figure 6. Showing line plot of adversarial attack resilience.
4.4. Robustness and Operational Trust
The framework demonstrates robust security through two measurable advances: 1) adversarial attack resistance, reducing evasion success rates from 32% to 8% via FGSM-resistant training, and 2) interpretable decision-making with SHAP (SHapley Additive exPlanations) values exceeding 90% confidence. Feature importance analysis on the TON-IoT dataset revealed packet-frequency variance (SHAP = 0.62) and TCP flag anomalies (SHAP = 0.41) as critical indicators for DDoS detection, enabling security operators to validate alerts and refine models using SHAP force plots (Figure 7). These plots distinctly differentiate attack patterns: packet-frequency dominance in DDoS, API call sequences in malware, and authentication failures in unauthorized access attempts. Operational testing exposed that 85% of false positives originated from industrial sensor noise (e.g., voltage spikes beyond ±2.3σ), prompting rule-based pre-filtering that enhanced precision by 6.2%. This synergy of adversarial robustness (Section IV-D) and explainability addresses a key limitation of black-box ML by allowing: 1) Real-time verification of threat alerts against feature contribution patterns; 2) Iterative refinement of detection rules without compromising model integrity [33]. The framework’s practical efficacy is further evidenced in precision-recall analysis (Figure 3), particularly for DDoS detection (AUC = 0.983), where the LSTM autoencoder’s temporal processing minimizes false positives in streaming data. By unifying hardened security (8% evasion susceptibility) with operational transparency (>90% SHAP confidence), this approach bridges the gap between enterprise-grade protection and deployable IoT solutions, setting a new standard for adversarial-resistant, interpretable ML in cybersecurity. We used SHAP values to measure how interpretable our model is. SHAP helps explain why the model makes certain decisions by looking at input features, kind of like a game theory approach. This gave us over 90% confidence in spotting key indicators, like packet-frequency changes and TCP flags. It also helped us get past some of the black-box issues, allowing security analysts to check alerts against these feature patterns (see Figure 7) [44].
![]()
Figure 7. Security Robustness Analysis (see Section IV-D), showing adversarial attack success rates and SHAP interpretability metrics across threat categories.
4.5. Ablation Study Results
The ablation study quantitatively validates the framework’s architectural choices by systematically disabling key components: 1) removing the LSTM autoencoder degraded DDoS detection recall by 22% (from 98.3% to 76.3%), confirming its critical role in temporal pattern recognition; 2) disabling adversarial training increased evasion attack success rates from 8% to 25%, demonstrating the necessity of defensive distillation; and 3) eliminating federated learning increased energy consumption by 65% (0.42J to 0.69 J per inference), highlighting its efficiency benefits for edge deployment. As detailed in Figure 8, these results prove that each component contributes non-redundant value to the framework’s state-of-the-art performance, with the complete system outperforming partial configurations by an average of 18.7% across all metrics.
Figure 8. Stacked bar plot comparing component contributions.
To rigorously evaluate the framework’s design choices, we conducted a comprehensive ablation study that systematically assessed the impact of each key component. The results demonstrated that the LSTM autoencoder plays a critical role in temporal pattern recognition, as its removal led to a 22% decline in time-series attack detection accuracy. Similarly, disabling adversarial training substantially weakened the system’s defenses, allowing evasion attack success rates to rise to 25% compared to the enhanced model’s 8% rate. The study further revealed that abandoning federated learning in favor of centralized training incurred significant energy costs, increasing consumption by 65%, which highlights FL’s crucial role in maintaining the framework’s energy efficiency. These findings collectively validate our architectural decisions, confirming that each component, temporal modeling with LSTM, adversarial robustness measures, and distributed learning through FL, makes essential, non-redundant contributions to the framework’s overall performance, security, and operational efficiency in IoT environments.
![]()
Figure 9. Component importance analysis (Section IV-E) showing performance degradation when removing 1) LSTM temporal processing, 2) adversarial training, or 3) federated learning infrastructure.
The component impact analysis (Figure 9) demonstrates three key findings: 1) The LSTM’s temporal processing accounts for 62% of DDoS detection capability; 2) Adversarial training provides 3.4 × greater evasion resistance than baseline models; 3) Federated learning reduces per-node energy costs by 40.5% compared to centralized processing.
5. Conclusions
5.1. Summary of Contributions
The proposed hybrid ML framework integrates Random Forest (for known attack detection), Isolation Forest (for zero-day anomalies), and LSTM autoencoders (for temporal pattern analysis) to establish new benchmarks in IoT/IIoT anomaly detection. Comprehensive evaluation demonstrates three key advancements: 1) State-of-the-art performance with a 96.2% F1-score at 14.5 ms latency (17.7% improvement over traditional IDS systems, Table 2). 2) Robust adversarial resistance through FGSM-trained architectures that reduce evasion attacks from 32% to 8%. 3) Operational practicality with federated learning achieving 40.5% energy reduction (0.42 Joules/inference) on edge devices while maintaining cloud-comparable accuracy (±2%). The framework demonstrates superior performance across three critical dimensions of IoT/IIoT security. In detection capability, it achieves 96.4% accuracy for DDoS attacks, 95.1% for malware, and 93.8% for APTs outperforming CNN-LSTM (92.7%) and SVM (88.1%) baselines (Figures 3-4). Its edge-optimized design ensures resource efficiency, delivering real-time responsiveness (14.5 ms latency) with 66% lower bandwidth usage compared to cloud-dependent solutions. For operational trust, SHAP analysis provides >90% interpretability (Figure 7), while ablation studies confirm the necessity of each component, showing a 22% recall drop when excluding LSTM autoencoders and a threefold increase in evasion risk without adversarial training. Together, these advances resolve the IoT security trilemma by simultaneously optimizing accuracy, efficiency, and deployability, with reproducible implementations (600 DPI vector graphics) facilitating industrial adoption.
5.2. Practical Implications
The research outcomes have immediate practical value for industrial IoT deployments. The framework provides reliable, real-time protection for critical infrastructure with its sub-15 ms detection capability, effectively preventing potentially catastrophic operational disruptions. Notably, the system achieves this while maintaining exceptional energy efficiency (<0.42 Joules per inference), though this does require carefully balanced trade-offs between the computational demands of deep learning components and the resource constraints of edge devices. These characteristics make the solution particularly suitable for Industry 4.0 applications where both security responsiveness and energy efficiency are paramount concerns for large-scale, distributed deployments.
5.3. Future Directions
Table 2. Comprehensive performance summary of the proposed framework (see Section V-A), comparing detection accuracy (F1-score), computational efficiency (latency/energy), and robustness metrics against baseline systems.
Metric |
Proposed Framework |
Traditional IDS (Snort |
SVM
Baseline |
Improvement Over Baseline |
Detection Accuracy |
F1-score (%) |
96.6 |
78.5 |
88.1 |
+17.75 |
Recall (DDoS) (%) |
99.3 |
62.3 |
85.6 |
+12.7% |
False Positive Rate (%) |
1.8 |
8.9 |
5.6 |
−3.8% |
Computational Efficiency |
Latency (ms) |
14.5 |
2.1 |
9.2 |
−48.8% (Cloud) |
Energy (Joules/inference) |
0.42 |
0.12 |
0.35 |
+16% (SVM) |
Robustness |
Adversarial Attack Success Rate (%) |
8 |
32 (baseline) |
25 |
−24% |
SHAP Interpretability
Confidence (%) |
>90 |
N/A |
N/A |
N/A |
Building on Figure 3’s energy-accuracy trade-offs and Table 2’s robustness metrics, three key directions emerge: 1) Quantum ML acceleration to reduce the 14.5 ms latency by 30% - 50%; 2) Expanded adversarial testing against physical-world attack vectors [49]; 3) Standardization of the evaluation benchmarks demonstrated in Figure 4 and Figure 7. Future work will look into testing for real-world attack methods, like sensor spoofing and electromagnetic interference, to see how well the framework stands up against hardware-related threats. This fits with the need for strong security in cyber-physical systems in today’s tech landscape.
Acknowledgements
The authors sincerely thank their academic colleagues for their invaluable support, including Prof. Dr. M. S. Fofanah (DVC, BO Campus), Dr. Ibrahim Dumbuya (HOD, Industrial Technology), Ing. Dr. Maurice Sesay (PhD, Postdoc, MSLIE), Dr. M. Jalloh (University Registrar), Dr. M. Blango (Dean, School of Technology), and Dr. John Koroma (H.O.D, Basic Science). Special appreciation also goes to faculty members from Nankai University, Njala University, and Xi’an Jiaotong University.
We also extend deep gratitude to Ubuntu Afrika for their pivotal role in our technical growth. Their training programs in software development and research were essential to this publication, providing both foundational skills and ongoing support.
Authors’ Contributions
Name of Author |
Contribution |
Mohamed Koroma (Ing.) |
Conceptualization, methodology, model design, writing (original draft), supervision. |
Alhaji Mansaray |
Data curation, software implementation, federated learning optimization, validation. |
Yahya Labay Kamara |
Formal analysis, adversarial training, SHAP interpretability, visualization. |
Chernor Gurasiue Jalloh |
Experimental setup, hardware deployment, latency/energy metrics, ablation studies. |
Ibrahim Sorie Ojasy Bah |
Literature review, dataset preprocessing, performance benchmarking, editing. |