Avaliação de Modelos Leves para Detecção de Anomalias em Redes IoT Domésticas
Resumo
A proliferação de dispositivos IoT em redes domésticas expandiu a superfície de ataque residencial, contudo, poucos estudos avaliam conjuntamente o desempenho preditivo e o custo computacional para implantação na borda. Este trabalho compara três modelos de aprendizado de máquina, Isolation Forest, Autoencoder e Random Forest, para detecção de anomalias no tráfego de redes IoT, avaliando as métricas de classificação e o consumo de recursos. Experimentos em dois conjuntos de dados públicos demonstram que modelos não supervisionados podem alcançar desempenho de detecção competitivo sem a necessidade de dados de ataque rotulados, comprovando a viabilidade de agentes leves para detecção de anomalias em redes IoT domésticas reais.Referências
Adhikari, D., Jiang, W., Zhan, J., Rawat, D. B., and Bhattarai, A. (2024). Recent advances in anomaly detection in Internet of Things: Status, challenges, and perspectives. Computer Science Review, 54:100665.
Alaghbari, K. A., Lim, H.-S., Saad, M. H. M., and Yong, Y. S. (2023). Deep autoencoder-based integrated model for anomaly detection and efficient feature extraction in IoT networks. IoT, 4(3):345–365.
Alotaibi, B. (2024). An efficient flow-based anomaly detection system for enhanced security in iot networks. Sensors, 24(22):7408.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17), pages 1093–1110, Vancouver, BC. USENIX Association.
Asulba, B., Souto, P. F., and Almeida, L. (2024). Bringing IoT intrusion detection to the edge. In Proceedings of the 8th International Conference on Future Networks and Distributed Systems (ICFNDS ’24), Marrakech, Morocco. ACM.
Ayad, A. G., El-Gayar, M. M., Hikal, N. A., and Sakr, N. A. (2024). Efficient real-time anomaly detection in iot networks using one-class autoencoder and deep neural network. Electronics, 14(1).
Breiman, L. (2001). Random forests. Machine learning, 45(1):5–32.
Comitê Gestor da Internet no Brasil (2025). Pesquisa sobre o uso das tecnologias de informação e comunicação nos domicílios brasileiros: Tic domicílios 2025. Pesquisa realizada pelo Centro Regional de Estudos para o Desenvolvimento da Sociedade da Informação (Cetic.br).
Fawcett, T. (2006). An introduction to roc analysis. Pattern Recognition Letters, 27(8):861–874.
Gholamy, A., Kreinovich, V., and Kosheleva, O. (2018). Why 70/30 or 80/20 relation between training and testing sets: A pedagogical explanation. Technical Report 1209, Departmental Technical Reports (CS), University of Texas at El Paso.
Hair, J. F., Black, W. C., Babin, B. J., and Anderson, R. E. (2019). Multivariate Data Analysis. Cengage, United Kingdom, 8th edition.
Hastie, T., Tibshirani, R., and Friedman, J. (2009). The Elements of Statistical Learning. Springer, 2 edition.
Hussein, A. Y., Falcarin, P., and Sadiq, A. T. (2022). Iot intrusion detection using modified random forest based on double feature selection methods. In Emerging Technology Trends in Internet of Things and Computing, pages 61–78, Cham. Springer International Publishing.
Javed, A., Ehtsham, A., Jawad, M., Awais, M. N., Qureshi, A. H., and Larijani, H. (2024). Implementation of lightweight machine learning-based intrusion detection system on IoT devices of smart homes. Future Internet, 16(6):200.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):20.
Liu, F. T., Ting, K. M., and Zhou, Z.-H. (2008). Isolation forest. In 2008 Eighth IEEE International Conference on Data Mining, pages 413–422. IEEE.
Liu, F. T., Ting, K. M., and Zhou, Z.-H. (2012). Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data, 6(1).
Marzano, A., Alexander, D., Fazzion, E., Fonseca, O., Ítalo Cunha, Hoepers, C., Steding-Jessen, K., Chaves, M. H. P. C., Guedes, D., and Jr., W. M. (2018). Monitoramento e caracterização de botnets bashlite em dispositivos iot. In Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2018), Vitória, ES, Brasil. Sociedade Brasileira de Computação - SBC.
Meidan, Y., Nolane, M., Doitshman, Y., Yashkaniv, S., Bakalo, R., Breitenbacher, D., Shabtai, A., and Elovici, Y. (2018). N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Computing, 17(3):12–22.
Neto, E. C. P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A. A. (2023). Ciciot2023: A real-time dataset and benchmark for large-scale attacks in iot environment. Sensors, 23(13).
Ntayagabiri, J. P., Bentaleb, Y., Ndikumagenge, J., and El Makhtoum, H. (2025). A comparative analysis of supervised machine learning algorithms for iot attack detection and classification. Journal of Computing Theories and Applications, 2(3):312–326.
Obidiagha, C. C., Rahouti, M., Drid, H., Hamouid, K., Medjadba, Y., and Jagatheesaperumal, S. K. (2025). Iforestexplain: a dual-stage isolation forest framework with explainable ai for dos/ddos anomaly detection in iot networks. Cluster Computing, 28(10):668.
Rafique, S. H., Abdallah, A., Musa, N. S., and Murugan, T. (2024). Machine learning and deep learning techniques for Internet of Things network anomaly detection—current research trends. Sensors, 24(6):1968.
scikit-learn developers (2024). StandardScaler – scikit-learn documentation. Acesso em: fev. 2026.
Sokolova, M. and Lapalme, G. (2009). A systematic analysis of performance measures for classification tasks. Information Processing & Management, 45(4):427–437.
The Zeek Project (2026). Zeek network security monitor. Accessed: 2026-03-14.
Torabi, H., Mirtaheri, S. L., and Greco, S. (2023). Practical autoencoder based anomaly detection by using vector reconstruction error. Cybersecurity, 6(1):1.
Tuncer, T., Dogan, S., and Acharya, U. R. (2021). Analysis of machine learning algorithms for anomaly detection on edge devices. Sensors, 21(14):4946.
Alaghbari, K. A., Lim, H.-S., Saad, M. H. M., and Yong, Y. S. (2023). Deep autoencoder-based integrated model for anomaly detection and efficient feature extraction in IoT networks. IoT, 4(3):345–365.
Alotaibi, B. (2024). An efficient flow-based anomaly detection system for enhanced security in iot networks. Sensors, 24(22):7408.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17), pages 1093–1110, Vancouver, BC. USENIX Association.
Asulba, B., Souto, P. F., and Almeida, L. (2024). Bringing IoT intrusion detection to the edge. In Proceedings of the 8th International Conference on Future Networks and Distributed Systems (ICFNDS ’24), Marrakech, Morocco. ACM.
Ayad, A. G., El-Gayar, M. M., Hikal, N. A., and Sakr, N. A. (2024). Efficient real-time anomaly detection in iot networks using one-class autoencoder and deep neural network. Electronics, 14(1).
Breiman, L. (2001). Random forests. Machine learning, 45(1):5–32.
Comitê Gestor da Internet no Brasil (2025). Pesquisa sobre o uso das tecnologias de informação e comunicação nos domicílios brasileiros: Tic domicílios 2025. Pesquisa realizada pelo Centro Regional de Estudos para o Desenvolvimento da Sociedade da Informação (Cetic.br).
Fawcett, T. (2006). An introduction to roc analysis. Pattern Recognition Letters, 27(8):861–874.
Gholamy, A., Kreinovich, V., and Kosheleva, O. (2018). Why 70/30 or 80/20 relation between training and testing sets: A pedagogical explanation. Technical Report 1209, Departmental Technical Reports (CS), University of Texas at El Paso.
Hair, J. F., Black, W. C., Babin, B. J., and Anderson, R. E. (2019). Multivariate Data Analysis. Cengage, United Kingdom, 8th edition.
Hastie, T., Tibshirani, R., and Friedman, J. (2009). The Elements of Statistical Learning. Springer, 2 edition.
Hussein, A. Y., Falcarin, P., and Sadiq, A. T. (2022). Iot intrusion detection using modified random forest based on double feature selection methods. In Emerging Technology Trends in Internet of Things and Computing, pages 61–78, Cham. Springer International Publishing.
Javed, A., Ehtsham, A., Jawad, M., Awais, M. N., Qureshi, A. H., and Larijani, H. (2024). Implementation of lightweight machine learning-based intrusion detection system on IoT devices of smart homes. Future Internet, 16(6):200.
Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):20.
Liu, F. T., Ting, K. M., and Zhou, Z.-H. (2008). Isolation forest. In 2008 Eighth IEEE International Conference on Data Mining, pages 413–422. IEEE.
Liu, F. T., Ting, K. M., and Zhou, Z.-H. (2012). Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data, 6(1).
Marzano, A., Alexander, D., Fazzion, E., Fonseca, O., Ítalo Cunha, Hoepers, C., Steding-Jessen, K., Chaves, M. H. P. C., Guedes, D., and Jr., W. M. (2018). Monitoramento e caracterização de botnets bashlite em dispositivos iot. In Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2018), Vitória, ES, Brasil. Sociedade Brasileira de Computação - SBC.
Meidan, Y., Nolane, M., Doitshman, Y., Yashkaniv, S., Bakalo, R., Breitenbacher, D., Shabtai, A., and Elovici, Y. (2018). N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Computing, 17(3):12–22.
Neto, E. C. P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A. A. (2023). Ciciot2023: A real-time dataset and benchmark for large-scale attacks in iot environment. Sensors, 23(13).
Ntayagabiri, J. P., Bentaleb, Y., Ndikumagenge, J., and El Makhtoum, H. (2025). A comparative analysis of supervised machine learning algorithms for iot attack detection and classification. Journal of Computing Theories and Applications, 2(3):312–326.
Obidiagha, C. C., Rahouti, M., Drid, H., Hamouid, K., Medjadba, Y., and Jagatheesaperumal, S. K. (2025). Iforestexplain: a dual-stage isolation forest framework with explainable ai for dos/ddos anomaly detection in iot networks. Cluster Computing, 28(10):668.
Rafique, S. H., Abdallah, A., Musa, N. S., and Murugan, T. (2024). Machine learning and deep learning techniques for Internet of Things network anomaly detection—current research trends. Sensors, 24(6):1968.
scikit-learn developers (2024). StandardScaler – scikit-learn documentation. Acesso em: fev. 2026.
Sokolova, M. and Lapalme, G. (2009). A systematic analysis of performance measures for classification tasks. Information Processing & Management, 45(4):427–437.
The Zeek Project (2026). Zeek network security monitor. Accessed: 2026-03-14.
Torabi, H., Mirtaheri, S. L., and Greco, S. (2023). Practical autoencoder based anomaly detection by using vector reconstruction error. Cybersecurity, 6(1):1.
Tuncer, T., Dogan, S., and Acharya, U. R. (2021). Analysis of machine learning algorithms for anomaly detection on edge devices. Sensors, 21(14):4946.
Publicado
25/05/2026
Como Citar
LIMA, Euler da Silva; CASTRO, Ana Carolina Xavier; AGUIAR, Cauê Rodrigues de; ROCHA FILHO, Geraldo Pereira.
Avaliação de Modelos Leves para Detecção de Anomalias em Redes IoT Domésticas. In: WORKSHOP DE INTELIGÊNCIA ARTIFICIAL PARA REDES DE COMPUTADORES (WIARC), 1. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 15-28.
DOI: https://doi.org/10.5753/wiarc.2026.22930.
