Trends and Challenges in Anomaly Intrusion Detection at the Edge for IoT: A Review
Abstract
The rapid proliferation of Internet of Things (IoT) devices has brought about new security challenges, particularly in the area of intrusion detection. This review article provides a comprehensive analysis of the trends and challenges in anomaly intrusion detection at the edge for IoT. By synthesizing findings from recent literature (2021-2023), we explore various approaches to anomaly detection, including those based on machine learning (ML), deep learning (DL), statistical methods, and rule-based techniques. We also examine network attacks relevant to IoT, such as man-in-the-middle (MitM), replay, and injection attacks. Our findings reveal a growing trend towards the use of ML and DL for anomaly detection, with many studies focusing on hybrid approaches to improve detection accuracy. While edge computing offers advantages in terms of reduced latency and enhanced privacy, significant challenges remain in implementing anomaly detection on resource-constrained edge devices. These include the heterogeneity of devices and protocols, the increasing sophistication of cyberattacks, the limited availability of labeled data, and privacy concerns. This review identifies unresolved research gaps, including the need for more efficient algorithms, more adaptive approaches, methods for generating synthetic anomaly data, and large-scale implementations. Furthermore, this work discusses the practical implications for enhancing IoT security and provides guidance for researchers and practitioners in the field. We conclude that future efforts should emphasize the development of adaptive and efficient methods, particularly for real-time detection, and consider ethical aspects like data privacy in the deployment of anomaly detection at the edge.
Downloads
References
[2] R. Singh, A. Gehlot, and A. Joshi, “Review on Intrusion Detection in Edge Based IOT,” in 2022 International Interdisciplinary Humanitarian Conference for Sustainability (IIHC), 2022, pp. 788–793. doi: 10.1109/IIHC55949.2022.10060587.
[3] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge Computing: Vision and Challenges,” IEEE Internet Things J., vol. 3, no. 5, pp. 637–646, 2016, doi: 10.1109/JIOT.2016.2579198.
[4] E. Fazeldehkordi and T.-M. Grønli, “A Survey of Security Architectures for Edge Computing-Based IoT,” IoT, vol. 3, no. 3, pp. 332–365, 2022, doi: 10.3390/iot3030019.
[5] B. Olanrewaju-George and B. Pranggono, “Federated learning-based intrusion detection system for the internet of things using unsupervised and supervised deep learning models,” Cyber Secur. Appl., vol. 3, p. 100068, 2025, doi: https://doi.org/10.1016/j.csa.2024.100068.
[6] Y. Harbi, Z. Aliouat, A. Refoufi, and S. Harous, “Recent Security Trends in Internet of Things: A Comprehensive Survey,” IEEE Access, vol. 9, pp. 113292–113314, 2021, doi: 10.1109/ACCESS.2021.3103725.
[7] K. Dubey, R. Dubey, S. Panedy, and S. Kumar, “A Review of IoT Security: Machine Learning and Deep Learning Perspective,” Procedia Comput. Sci., vol. 235, pp. 335–346, 2024, doi: https://doi.org/10.1016/j.procs.2024.04.034.
[8] S. Szymoniak, J. Piątkowski, and M. Kurkowski, “Defense and Security Mechanisms in the Internet of Things: A Review,” Appl. Sci., vol. 15, no. 2, 2025, doi: 10.3390/app15020499.
[9] K. Cao, S. Hu, Y. Shi, A. W. Colombo, S. Karnouskos, and X. Li, “A Survey on Edge and Edge-Cloud Computing Assisted Cyber-Physical Systems,” IEEE Trans. Ind. Informatics, vol. 17, no. 11, pp. 7806–7819, 2021, doi: 10.1109/TII.2021.3073066.
[10] F. C. Andriulo, M. Fiore, M. Mongiello, E. Traversa, and V. Zizzo, “Edge Computing and Cloud Computing for Internet of Things: A Review,” Informatics, vol. 11, no. 4, 2024, doi: 10.3390/informatics11040071.
[11] M. BERHILI, O. CHAIEB, and M. BENABDELLAH, “Intrusion Detection Systems in IoT Based on Machine Learning: A state of the art,” Procedia Comput. Sci., vol. 251, pp. 99–107, 2024, doi: https://doi.org/10.1016/j.procs.2024.11.089.
[12] H. Liao et al., “A Survey of Deep Learning Technologies for Intrusion Detection in Internet of Things,” IEEE Access, vol. 12, no. January, pp. 4745–4761, 2024, doi: 10.1109/ACCESS.2023.3349287.
[13] E. Ortega, F. Su, R. Chattopadhyay, and K. Chakrabarty, “Discretized-Isolation Forest: Memory- and Compute-Efficient Unsupervised Anomaly Detection for Resource-Constrained Internet of Things Edge Devices,” IEEE Internet Things J., vol. 12, no. 2, pp. 1699–1717, 2025, doi: 10.1109/JIOT.2024.3468950.
[14] M. F. Elrawy, L. Hadjidemetriou, C. Laoudias, and M. K. Michael, “Detecting and classifying man-in-the-middle attacks in the private area network of smart grids,” Sustain. Energy, Grids Networks, vol. 36, p. 101167, 2023, doi: https://doi.org/10.1016/j.segan.2023.101167.
[15] A. A. Elsaeidy, A. Jamalipour, and K. S. Munasinghe, “A Hybrid Deep Learning Approach for Replay and DDoS Attack Detection in a Smart City,” IEEE Access, vol. 9, pp. 154864–154875, 2021, doi: 10.1109/ACCESS.2021.3128701.
[16] D. Mehta, H. Suhagiya, H. Gandhi, M. Jha, P. Kanani, and A. Kore, “SQLIML: A Comprehensive Analysis for SQL Injection Detection Using Multiple Supervised and Unsupervised Learning Schemes,” SN Comput. Sci., vol. 4, no. 3, Mar. 2023, doi: 10.1007/s42979-022-01626-8.
