Intrusion Detection System in IoT Using Convolutional Residual Temporal Cross-Attention Network

Abstract

An intrusion detection system (IDS) frequently monitors logs and network traffic to address malicious activities. However, due to the heterogeneous behavior of Internet of Things (IoT) networks, traffic patterns frequently change, making the conventional feature extraction process inadequate for representing new attack behaviors. The composite features often include redundancies, resulting in high dimensionality that increases latency and decreases the IDS’s efficiency in IoT environments. Existing methods face computational challenges in processing complex spatial and temporal features, which affect scalability in IoT settings. Therefore, this research proposes a convolutional residual temporal cross-attention network (CR-TCAN) for IDS detection. The one-dimensional convolutional neural network (1D-CNN) facilitates the detection of complex and IoT attack patterns by simplifying data structures. The parallel interaction attention (PIA) mechanism reduces latency by processing flow information and packet headers simultaneously. Compression techniques are applied to optimize the limited speed of IoT devices by removing redundancy and reducing data size. Residual connections improve training stability and accuracy by integrating refined traffic data. The CR-TCAN achieves an accuracy of 99.58% on Bot-IoT, 91.24% on UNSW_NB15, and 98.10% on CICIDS-2018, outperforming other models.