Robust Hybrid Deep Learning for IoT Unknown Intrusion Detection Under Data Scarcity

Ali Maroosi ¹ ( Department of Computer Engineering, University of Torbat Heydarieh, Torbat Heydarieh, Iran )
Amir Hossein Hojatinia ² ( Department of Computer Engineering, University of Torbat Heydarieh, Torbat Heydarieh, Iran )
Arash Deldari ³ ( University: University of Torbat Heydarieh )

Submited date : 2025-08-05 Accepted date : 2026-05-13

Keywords: Internet of things, Intrusion detection, unknown attacks, Transfer learning, Multi-source, Autoencoder,

Abstract :

The rapid expansion of the Internet of Things (IoT) has significantly heightened the need for robust intrusion detection systems capable of identifying previously unseen cyber threats. Traditional approaches often struggle with novel attack patterns, leading to decreased detection rates and increased system vulnerability. To address this critical limitation, we propose an innovative and highly effective framework that combines multi-source transfer learning with autoencoders to detect unlabeled and unknown attack types with exceptional precision. Unlike prior methods that rely on single-source transfer learning or basic feature fusion techniques, our advanced approach introduces two groundbreaking techniques: the Concurrent Feature Fusion Model (CoFFM) and the Cascading Feature Fusion Model (CaFFM). These models, along with an enhanced Unified Feature Fusion Model (UFFM), leverage autoencoders to significantly improve adaptability across diverse feature domains, ensuring superior performance in dynamic threat environments. Experimental results on benchmark datasets demonstrate that CoFFM achieves an outstanding accuracy rate of 98.13%, surpassing both non-transfer learning methods (92%) and the best single-source transfer learning approaches (94%). Furthermore, CoFFM exhibits remarkable efficiency under challenging conditions, achieving a substantial 12.24% performance gain over baseline methods even when trained on only 10% of the available data through random sampling. This highlights the model's exceptional robustness in data-scarce scenarios, making it a highly reliable solution for real-world IoT security applications. The success of our framework underscores the potential of multi-source transfer learning combined with autoencoder-based feature fusion in advancing the field of intrusion detection.

References:

[1] M. Moudi, A. Soleimani, and A. Hojjatinia, "A Survey of Intrusion Detection Systems Based On Deep Learning for IoT Data," Journal of Information Systems and Telecommunication (JIST), vol. 3, no. 47, p. 197, 2024, doi: https://doi.org/10.61186/jist.44521.12.47.197.

[2] L. Kang and H. Shen, "A transfer learning based abnormal can bus message detection system," in 2021 IEEE 18th International Conference on Mobile Ad Hoc and Smart Systems (MASS), Denver, CO, USA, 2021: IEEE, pp. 545-553, doi: https://doi.org/10.1109/MASS52906.2021.00073.

[3] Z. Zhang, Q. Liu, S. Qiu, S. Zhou, and C. Zhang, "Unknown attack detection based on zero-shot learning," IEEE Access, vol. 8, pp. 193981-193991, 2020, doi: https://doi.org/10.1109/ACCESS.2020.3033494.

[4] L. Bilge and T. Dumitraş, "Before we knew it: an empirical study of zero-day attacks in the real world," in Proceedings of the 2012 ACM conference on Computer and communications security, New York, NY, USA, 2012: Association for Computing Machinery, pp. 833-844, doi: https://doi.org/10.1145/2382196.2382284.
[5] H. B. Arteaga. "Intrusion Detection System using Machine Learning." https://github.com/BioAITeam/Intrusion-Detection-System-using-Machine-Learning/tree/main/DBs (accessed.

[6] E. Seo, H. M. Song, and H. K. Kim, "GIDS: GAN based intrusion detection system for in-vehicle network," in 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland, 2018: IEEE, pp. 1-6, doi: https://doi.org/10.1109/PST.2018.8514157.

[7] P. Wu, H. Guo, and R. Buckland, "A transfer learning approach for network intrusion detection," in 2019 IEEE 4th international conference on big data analytics (ICBDA), Suzhou, China, 2019: IEEE, pp. 281-285, doi: https://doi.org/10.1109/ICBDA.2019.8713213.

[8] Y. Yang, J. Cheng, Z. Liu, H. Li, and G. Xu, "A multi-classification detection model for imbalanced data in NIDS based on reconstruction and feature matching," Journal of Cloud Computing, vol. 13, no. 1, p. 31, 2024, Art no. 31, doi: https://doi.org/10.1186/s13677-023-00584-7.

[9] I. Ahmed, G. Jeon, and A. Ahmad, "Deep learning-based intrusion detection system for internet of vehicles," IEEE Consumer Electronics Magazine, vol. 12, no. 1, pp. 117-123, 2021, doi: https://doi.org/10.1109/MCE.2021.3139170.

[10] U. K. Lilhore et al., "HIDM: Hybrid Intrusion Detection Model for Industry 4.0 Networks Using an Optimized CNN-LSTM with Transfer Learning," Sensors, vol. 23, no. 18, p. 7856, 2023, doi: https://doi.org/10.3390/s23187856

[11] W. Yutao, L. Zhongtian, B. Yi, L. Jie, X. Fangzheng, and B. Yu, "Internet of Things Intrusion Detection System based on Transfer Learning," in 2022 IEEE 2nd International Conference on Electronic Technology, Communication and Information (ICETCI), Changchun, China, 2022: IEEE, pp. 25-30, doi: https://doi.org/10.1109/ICETCI55101.2022.9832387.

[12] O. D. Okey, D. C. Melgarejo, M. Saadi, R. L. Rosa, J. H. Kleinschmidt, and D. Z. Rodríguez, "Transfer learning approach to IDS on cloud IoT devices using optimized CNN," IEEE Access, vol. 11, pp. 1023-1038, 2023, doi: https://doi.org/10.1109/ACCESS.2022.3233775.

[13] J. Zhao, S. Shetty, J. W. Pan, C. Kamhoua, and K. Kwiat, "Transfer learning for detecting unknown network attacks," EURASIP Journal on Information Security, vol. 2019, pp. 1-13, 2019, Art no. 1, doi: https://doi.org/10.1186/s13635-019-0084-4.

[14] C.-W. Tien, T.-Y. Huang, P.-C. Chen, and J.-H. Wang, "Using autoencoders for anomaly detection and transfer learning in IoT," Computers, vol. 10, no. 7, p. 88, 2021.

[15] H. Elubeyd, D. Yiltas-Kaplan, and Ş. Bahtıyar, "A Multi-Modal Deep Transfer Learning Framework for Attack Detection in Software-Defined Networks," IEEE Access, vol. 11, pp. 114128-114145, 2023, doi: https://doi.org/10.1109/ACCESS.2023.3324878.

[16] H. Wang, Y. Wang, and Y. Guo, "A Novel Approach of Unknown Network Attack Detection Based on Zero-Shot Learning," in 2021 IEEE International Conference on Data Science and Computer Application (ICDSCA), Dalian, China, 2021: IEEE, pp. 312-318, doi: https://doi.org/10.1109/ICDSCA53499.2021.9650182.

[17] G. Zachos, G. Mantas, K. Porfyrakis, J. M. C. S. d. Bastos, and J. Rodriguez, "Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation," IEEE Access, vol. 13, pp. 41994-42028, 2025, doi: 10.1109/ACCESS.2025.3547572.

[18] G. Logeswari, J. D. Roselind, K. Tamilarasi, and V. Nivethitha, "A Comprehensive Approach to Intrusion Detection in IoT Environments Using Hybrid Feature Selection and Multi-Stage Classification Techniques," IEEE Access, vol. 13, pp. 24970-24987, 2025, doi: 10.1109/ACCESS.2025.3532895.

[19] U. C. Akuthota and L. Bhargava, "Transformer-Based Intrusion Detection for IoT Networks," IEEE Internet of Things Journal, vol. 12, no. 5, pp. 6062-6067, 2025, doi: 10.1109/JIOT.2025.3525494.

[20] J. Gao, M. Fan, Y. He, D. Han, Y. Lu, and Y. Qiao, "MACAE: memory module-assisted convolutional autoencoder for intrusion detection in IoT networks," The Journal of Supercomputing, vol. 81, no. 1, p. 231, 2024/12/02 2024, doi: 10.1007/s11227-024-06704-7.

[21] Z. Alwaeli, O. A. Fadare, and F. Al-Turjman, "Developing Deep Learning-Based Network Intrusion Detection Systems (NIDS) for Iot Networks," in Smart Infrastructures in the IoT Era, F. Al-Turjman Ed. Cham: Springer Nature Switzerland, 2025, pp. 1105-1113.

[22] M. L. Hernandez-Jaimes, A. Martinez-Cruz, K. A. Ramírez-Gutiérrez, and A. Morales-Reyes, "Network traffic inspection to enhance anomaly detection in the Internet of Things using attention-driven Deep Learning," Integration, vol. 103, p. 102398, 2025/07/01/ 2025, doi: https://doi.org/10.1016/j.vlsi.2025.102398.

[23] S. Walling and S. Lodh, "An Extensive Review of Machine Learning and Deep Learning Techniques on Network Intrusion Detection for IoT," Transactions on Emerging Telecommunications Technologies, vol. 36, no. 2, p. e70064, 2025, doi: https://doi.org/10.1002/ett.70064.

[24] Y. Fan, Y. Li, M. Zhan, H. Cui, and Y. Zhang, "Iotdefender: A federated transfer learning intrusion detection framework for 5g iot," in 2020 IEEE 14th international conference on big data science and engineering (BigDataSE), Guangzhou, China, 2020: IEEE, pp. 88-95, doi: https://doi.org/10.1109/BigDataSE50710.2020.00020.

[25] N. Khatri, S. Lee, and S. Y. Nam, "Transfer Learning-based Intrusion Detection System for a Controller Area Network," IEEE Access, vol. 11, pp. 120963-120982, 2023, doi: https://doi.org/10.1109/ACCESS.2023.3328182.

[26] Ü. Çavuşoğlu, D. Akgun, and S. Hizal, "A novel cyber security model using deep transfer learning," Arabian Journal for Science and Engineering, vol. 49, no. 3, pp. 3623-3632, 2024, doi: https://doi.org/10.1007/s13369-023-08092-1.

[27] U. S. N. Australia. "The UNSW-NB15 Dataset." https://research.unsw.edu.au/projects/unsw-nb15-dataset (accessed.

[28] C. I. f. Cybersecurity. "ISCX NSL-KDD dataset 2009 " https://www.unb.ca/cic/datasets/nsl.html (accessed.

[29] cloudstor. "Download Ton-IoT Dataset." https://cloudstor.aarnet.edu.au/plus/s/ds5zW91vdgjEj9i?path=%2FTrain_Test_datasets (accessed.

[30] I. Idrissi, M. Azizi, and O. Moussaoui, "Accelerating the update of a DL-based IDS for IoT using deep transfer learning," Indones. J. Electr. Eng. Comput. Sci, vol. 23, no. 2, pp. 1059-1067, 2021, doi: https://doi.org/10.11591/ijeecs.v23.i2.

[31] G.-P. Fernando, A.-A. H. Brayan, A. M. Florina, C.-B. Liliana, A.-M. Héctor-Gabriel, and T.-S. Reinel, "Enhancing Intrusion Detection in IoT Communications through ML Model Generalization with a New Dataset (IDSAI)," IEEE Access, vol. 11, pp. 70542-70559, 2023.

[32] Y. Wang, Y. Lai, Y. Chen, J. Wei, and Z. Zhang, "Transfer learning-based self-learning intrusion detection system for in-vehicle networks," Neural Computing and Applications, vol. 35, pp. 10257–10273, 2023, doi: https://doi.org/10.1007/s00521-023-08233-5.

[33] J. Wang, P. Li, W. Kong, and R. An, "Unknown Security Attack Detection of Industrial Control System by Deep Learning," Mathematics, vol. 10, no. 16, p. 2872, 2022, doi: https://doi.org/10.3390/math10162872.

[34] F. S. Alrayes, M. Zakariah, S. U. Amin, Z. I. Khan, and M. Helal, "Intrusion detection in IoT systems using denoising autoencoder," IEEE Access, 2024.

[35] C. Zha et al., "SKT-IDS: Unknown attack detection method based on Sigmoid Kernel Transformation and encoder–decoder architecture," Computers & Security, vol. 146, p. 104056, 2024.