面向物联网受限终端的机器学习入侵检测方法综述

姜来为; 赵志天; 杨宏宇

doi:10.12178/1001-0548.2025226

电子科技大学学报 ›› 2026, Vol. 55 ›› Issue (3) : 411 -425. DOI: 10.12178/1001-0548.2025226

计算机工程与应用

面向物联网受限终端的机器学习入侵检测方法综述

姜来为 ¹^,² ,
赵志天 ¹ ,
杨宏宇 ¹^,^*

作者信息 +

A survey of machine learning intrusion detection methods for internet of things restricted terminals

Laiwei JIANG ¹^,² ,
Zhitian ZHAO ¹ ,
Hongyu YANG ¹^,^*

Author information +

文章历史 +

PDF (790K)

摘要

针对物联网（internet of things, IoT）分布式架构与终端资源受限特性导致的脆弱性问题，以及现有综述未系统剖析资源受限场景下物联网终端入侵检测核心瓶颈的缺陷，对终端资源受限 IoT 环境中基于机器学习的入侵检测方法开展研究。首先，解析 IoT 3 层架构，分析 IoT 终端资源受限原因并明确标注数据稀缺与类不平衡、终端计算能力不足、存储资源匮乏等核心挑战；其次，系统梳理近 5 年技术进展，综述了类别均衡与半监督/无监督学习如何缓解标注样本稀缺问题、模型轻量化设计与训练优化算法在降低算力需求方面的突破、数据降维及冗余特征去除技术在内存优化上的有效性，并对比各类方法的优劣；最后，提出构建真实 IoT 专用数据集、处理类间重叠问题等未来方向，为该领域技术深化与工程落地提供参考。

Abstract

In response to the vulnerability issue arising from the distributed architecture and resource-constrained nature of internet of things (IoT) terminals, and the defects of the core bottlenecks of intrusion detection of IoT terminals in the resource-constrained scenarios that have not been systematically analyzed in the existing reviews. Firstly, the IoT three-tier architecture is analyzed to elucidate the causes of terminal resource constraints, explicitly identifying core challenges such as the scarcity of labeled data and class imbalance, insufficient terminal computing power, and limited storage resources. Secondly, this paper systematically reviews technical advancements over the past five years. It summarizes how class balancing and semi-supervised/unsupervised learning mitigate the scarcity of labeled samples, the breakthroughs of lightweight model design and training optimization algorithms in reducing computational demands, and the effectiveness of data dimensionality reduction and redundant feature removal technologies in memory optimization, while comparing the advantages and disadvantages of various methods. Future research directions, such as constructing realistic IoT-specific datasets and addressing class overlap issues are proposed, providing a reference for technological deepening and engineering implementation in this field.

关键词

物联网 / 入侵检测 / 机器学习 / 安全防护

Key words

internet of things / intrusion detection / machine learning / safety protection

引用本文

引用格式 ▾

姜来为,赵志天,杨宏宇. 面向物联网受限终端的机器学习入侵检测方法综述[J]. 电子科技大学学报, 2026, 55(3): 411-425 DOI:10.12178/1001-0548.2025226

登录浏览全文

4963

注册一个新账户忘记密码

参考文献

原文顺序 | 出版日期 | 本文引用

[1]	郭佳琦, 马智, 王文胜, 等. 云辅助物联网环境下可验证的安全图像检索[J]. 通信学报, 2025, 46(3): 28-44.

[2]	GUO J Q , MA Z , WANG W S , et al. Verifiable secure image retrieval in cloud—assisted IoT environment[J]. Journal on Communications, 2025, 46(3): 28-44.

[3]	王鹏, 宋亚飞, 王晓丹, 等. FATIDS：面向类不平衡样本的物联网入侵检测方法[J]. 吉林大学学报（工学版）, 2025, 52(12): 3986-3999.

[4]	WANG P , SONG Y F , WANG X D , et al. FATIDS: An IoT intrusion detection method for class—imbalanced samples[J]. Journal of Jilin University (Engineering and Technology Edition), 2025, 52(12): 3986-3999.

[5]	LI W J , ROSENBERG P , GLISBY M , et al. Designing energy—aware collaborative intrusion detection in IoT networks[J]. Journal of Information Security and Applications, 2024, 81: 103713.

[6]	姜来为, 顾海洋, 谢丽霞, 等. 机器学习在 WSN 入侵检测中的应用研究[J]. 西安电子科技大学学报, 2024, 51(4): 206-225.

[7]	JIANG L W , GU H Y , XIE L X , et al. Application of machine learning in WSN intrusion detection[J]. Journal of Xidian University, 2024, 51(4): 206-225.

[8]	HAZMAN C , GUEZZAZ A , BENKIRANE S , et al. Toward an intrusion detection model for IoT—based smart environments[J] Multimedia Tools and Applications, 2024, 83: 62159-62180.

[9]	ZHANG Z Q , ZHENG L Y , TAN H N , et al. GBFKAN: An adaptive multilayer interpretable architecture for intrusion detection in various internet of things scenarios[J]. IEEE Internet of Things Journal, 2025, 14(8): 30379-30397.

[10]	KIKISSAGBE B R , ADDA M . Machine learning—based intrusion detection methods in IoT systems: A comprehensive review[J]. Electronics, 2024, 13(18): 3601-3623.

[11]	谭振江, 高萌 . 基于深度学习的网络入侵检测系统综述[J]. 吉林师范大学学报（自然科学版）, 2024, 45(4): 104-110.

[12]	TAN Z J , GAO M . Survey on deep learning—based network intrusion detection systems[J]. Journal of Jilin Normal University (Natural Science Edition), 2024, 45(4): 104-110.

[13]	冯光升, 蒋舜鹏, 胡先浪, 等. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2): 167-178.

[14]	FENG G S , JIANG S P , HU X L , et al. New advances in intrusion detection technologies for internet of things[J]. Netinfo Security, 2024, 24(2): 167-178.

[15]	SINGH A , CHOUHAN P K , AUJIA G S . SecureFlow: Knowledge and data—driven ensemble for intrusion detection and dynamic rule configuration in software—defined IoT environment[J]. Ad Hoc Networks, 2024, 156: 103404.

[16]	潘桐, 陈伟, 吴礼发 . 面向不平衡样本的物联网入侵检测方法[J]. 网络与信息安全学报, 2023, 9(1): 130-139.

[17]	PAN T , CHEN W , WU L F . IoT intrusion detection method for imbalanced samples[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 130-139.

[18]	IMTEAJ A , THAKKER U , WANG S Q , et al. A survey on federated learning for resource—constrained IoT devices[J]. IEEE Internet of Things Journal, 2022, 9(1): 1-24.

[19]	KHANDAY S A , FATIMA H , RAKESH N . Implementation of intrusion detection model for DDoS attacks in lightweight IoT networks[J]. Expert Systems with Applications, 2023, 215: 119330.

[20]	WANG N , SHI S H , CHEN Y M , et al. FeCo: Boosting intrusion detection capability in IoT networks via contrastive learning[C]// Proceedings of the 41st IEEE International Conference on Computer Communications. [S.l.]: IEEE, 2022: 1409-1418.

[21]	朱诗能, 韩萌, 杨书蓉, 等. 不平衡数据流的集成分类方法综述[J]. 计算机工程与应用, 2025, 61(2): 59-72.

[22]	ZHU S N , HAN M , YANG S R , et al. Survey on ensemble classification methods for imbalanced data streams[J]. Computer Engineering and Applications, 2025, 61(2): 59-72.

[23]	石洪波, 陈雨文, 陈鑫 . SMOTE 过采样及其改进算法研究综述[J]. 智能系统学报, 2019, 14(6): 1073-1083.

[24]	SHI H B , CHEN Y W , CHEN X . Research review on SMOTE oversampling and its improved algorithms[J]. CAAI Transactions on Intelligent Systems, 2019, 14(6): 1073-1083.

[25]	ZHANG Y , LIU Q . On IoT intrusion detection based on data augmentation for enhancing learning on unbalanced samples[J]. Future Generation Computer Systems, 2022, 133: 213-227.

[26]	DOUZAS G , BACAO F , LAST F . Improving imbalanced learning through a heuristic oversampling method based on k—means and SMOTE[J]. Information Sciences, 2018, 465: 1-20.

[27]	AUNG A P , WANG X R , YU R S , et al. DO—GAN: A double oracle framework for generative adversarial networks[C]// Proceedings of the 2022 IEEE Conference on Computer Vision and Pattern Recognition. New Orleans: IEEE, 2022: 11275-11284.

[28]	LI S F , CAO Y , LIU S H , et al. HDA—IDS: A hybrid DoS attacks intrusion detection system for IoT by using semi—supervised CL—GAN[J]. Expert Systems with Applications, 2024, 238(F): 122198.

[29]	DING H W , CHEN L Y , DONG L , et al. Imbalanced data classification: A KNN and generative adversarial networks—based hybrid approach for intrusion detection[J]. Future Generation Computer Systems, 2022, 131: 240-254.

[30]	WEN X C , WANG X , GAO C , et al. When less is enough: Positive and unlabeled learning model for vulnerability detection[C]// Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering. Echternach: IEEE, 2023: 345-357.

[31]	WU Y X , ZHANG L , YANG L , et al. Intrusion detection for internet of things: An anchor graph clustering approach[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 1965-1980.

[32]	LE H L , LANDA—SILVA D , GALAR M , et al. EUSC: A clustering—based surrogate model to accelerate evolutionary undersampling in imbalanced classification[J]. Applied Soft Computing, 2021, 101: 107033.

[33]	FARSHIDVARD A , HOOSHMAND F , MIRHASSANI S A . A novel two—phase clustering—based under—sampling method for imbalanced classification problems[J]. Expert Systems with Applications, 2023, 213(B): 119003.

[34]	SCHUBERT E , SANDER J , ESTER M , et al. DBSCAN revisited, revisited: Why and how you should (still) use DBSCAN[C]// ACM Special Interest Group on Management of Data. Melbourne: ACM, 2017: 19.

[35]	MUSTAFA D H , HUSIEN I M . Adaptive DBSCAN with grey wolf optimizer for Botnet detection[J]. International Journal of Intelligent Engineering and Systems, 2023, 16(4): 409-421.

[36]	LI Y , MOUBAYED A , SHAMI A . MTH—IDS: A multitiered hybrid intrusion detection system for internet of vehicles[J]. IEEE Internet of Things Journal, 2022, 9(1): 616-632.

[37]	CUI J , XIAO J T , ZHONG H , et al. LH—IDS: Lightweight hybrid intrusion detection system based on differential privacy in VANETs[J]. IEEE Transactions on Mobile Computing, 2024, 23(12): 12195-12210.

[38]	YANG Y , CHEN J R , WU R J , et al. TGDCLNet: Teacher—guided denoising contrastive learning network—based IoT network intrusion detection[J]. IEEE Internet of Things Journal, 2025, 12(18): 38509-38525.

[39]	DIAO E , DING J , TAROKH V . SemiFL: Semi—supervised federated learning for unlabeled clients with alternate training[C]// Proceedings of the 36th Conference on Neural Information Processing Systems. New Orleans: MIT Press, 2022: 1-14.

[40]	杨俊闯, 赵超 . K—Means 聚类算法研究综述[J]. 计算机工程与应用, 2019, 55(23): 7-14.

[41]	YANG J C , ZHAO C . Research review on K—Means clustering algorithm[J]. Computer Engineering and Applications, 2019, 55(23): 7-14.

[42]	RIEGER P , CHILESE M , MOHAMED R . ARGUS: context—based detection of stealthy IoT infiltration attacks[C]// Proceedings of the 32nd USENIX Security Symposium. California: USENIX Association, 2023: 4301-4313.

[43]	SUMAN P , PADHY S , KUMAR N , et al. An improved deep learning—based intrusion detection for reliable communication in VANET[J]. IEEE Transactions on Consumer Electronics, 2024, 71(1): 209-217.

[44]	BASATI A , FAGHIH M M . PDAE: Efficient network intrusion detection in IoT using parallel deep auto—encoders[J]. Information Sciences, 2022, 598: 57-74.

[45]	LU K D , HUANG J C , ZENG G Q , et al. Multi—objective discrete extremal optimization of variable—length blocks—based CNN by joint NAS and HPO for intrusion detection in IIoT[J]. IEEE Transactions on Dependable and Secure Computing, 2025, 22(4): 4266-4283.

[46]	黄震华, 杨顺志, 林威, 等. 知识蒸馏研究综述[J]. 计算机学报, 2022, 45(3): 624-653.

[47]	HUANG Z H , YANG S Z , LIN W , et al. A survey on knowledge distillation[J]. Chinese Journal of Computers, 2022, 45(3): 624-653.

[48]	WANG Z D , LI J F , YANG S X , et al. A lightweight IoT intrusion detection model based on improved BERT—of—Theseus[J]. Expert Systems with Applications, 2024, 238(F): 122045.

[49]	LI Z Y , YAO W B . A two—stage lightweight approach for intrusion detection in Internet of Things[J]. Expert Systems with Applications, 2024, 257: 124965.

[50]	JIANG Y , WANG S Q , VALLS V , et al. Model pruning enables efficient federated learning on edge devices[J]. IEEE Transactions on Neural Networks and Learning Systems, 2023, 34(12): 10374-10386.

[51]	赵军辉, 李怀城, 王东明, 等. 物联网中模型剪枝技术: 现状、方法和展望[J]. 物联网学报, 2024, 8(4): 1-13.

[52]	ZHAO J H , LI H C , WANG D M , et al. Model pruning in IoT: State—of—the—art, methods and prospects[J]. Chinese Journal on Internet of Things, 2024, 8(4): 1-13.

[53]	WU X , YAO X , WANG C L . FedSCR: Structure—based communication reduction for federated learning[J]. IEEE Transactions on Parallel and Distributed Systems, 2021, 32(7): 1565-1577.

[54]	LI S F , CAO Y , PENG G J , et al. Efficient intrusion detection for in—vehicle networks using knowledge distillation from BERT to CNN—BiLSTM[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 6398-6412.

[55]	AZIMJONOV J , KIM T . Designing accurate lightweight intrusion detection systems for IoT networks using fine—tuned linear SVM and feature selectors[J]. Computers & Security, 2024, 137: 103598.

[56]	YIN Y , JANG—JACCARD J , XU W , et al. IGRF—RFE: A hybrid feature selection method for MLP—based network intrusion detection on UNSW—NB15 dataset[J]. Expert Systems with Applications, 2023, 238: 122045.

[57]	ASIF S . OSEN—IoT: An optimized stack ensemble network with genetic algorithm for robust intrusion detection in heterogeneous IoT networks[J]. Expert Systems with Applications, 2025, 276: 127183.

[58]	SINGH K . Industrial internet of things fortify: Multi—domain feature learning framework with deepdetectnet++ for improved intrusion detection[J]. Computers & Security, 2025, 156: 104506.

[59]	ABU A O , ALMOBAIDEN W , SAADEH M , et al. An improved PIO feature selection algorithm for IoT network intrusion detection system based on ensemble learning[J]. Expert Systems with Applications, 2023, 213(A): 118745.

[60]	SU H , ZHAO D , HEIDARI A A , et al. RIME: A physics—based optimization[J]. Neurocomputing, 2023, 532: 183-214.

[61]	WANG L , XU J L , JIA L Y , et al. Multi—strategy RIME optimization algorithm for feature selection of network intrusion detection[J]. Computers & Security, 2025, 153: 104393.

[62]	NGUYEN H , KASHEF R . TS—IDS: Traffic—aware self—supervised learning for IoT network intrusion detection[J]. Knowledge—Based Systems, 2023, 279: 110966.

[63]	ZHANG J , CHEN R , ZHANG Y , et al. MF2POSE: Multi—task feature fusion pseudo—Siamese network for intrusion detection using category distance promotion loss[J]. Knowledge—Based Systems, 2024, 283: 111110.

[64]	吴昊, 郝佳佳, 卢云龙 . 物联网场景下基于蜜场的分布式网络入侵检测系统研究[J]. 通信学报, 2024, 45(1): 106-118.

[65]	WU H , HAO J J , LU Y L . Distributed network intrusion detection system based on honeypot in IoT scenarios[J]. Journal on Communications, 2024, 45(1): 106-118.

[66]	王军, 王华琳, 黄博文, 等. 基于联邦学习和自注意力的工业物联网入侵检测[J]. 吉林大学学报（工学版）, 2023, 53(11): 3229-3237.

[67]	WANG J , WANG H L , HUANG B W , et al. Industrial IoT intrusion detection based on federated learning and self—attention[J]. Journal of Jilin University (Engineering and Technology Edition), 2023, 53(11): 3229-3237.

[68]	SWATHI K , HIMA B G . An automated intrusion detection system in IoT system using attention based deep bidirectional sparse auto encoder model[J]. Knowledge—Based Systems, 2024, 305: 112633.

[69]	WANG Q , JIANG H Y , REN J D , et al. An intrusion detection algorithm based on joint symmetric uncertainty and hyperparameter optimized fusion neural network[J]. Expert Systems with Applications, 2024, 244: 123014.

[70]	LI J , CHEN H , OTHMAN M S , et al. NFIoT—GATE—DTL IDS: Genetic algorithm—tuned ensemble of deep transfer learning for NetFlow—based intrusion detection system for internet of things[J]. Engineering Applications of Artificial Intelligence, 2025, 143: 110046.

[71]	WU J , HAIDER S A , YU H , et al. An intelligent IoT intrusion detection system using HeInit—WGAN and SSO—BNMCNN based multivariate feature analysis[J]. Engineering Applications of Artificial Intelligence, 2024, 127(A): 107132.

[72]	CHEN Y , LIN Q Z , WEI W H , et al. Intrusion detection using multi—objective evolutionary convolutional neural network for internet of things in Fog computing[J]. Knowledge—Based Systems, 2022, 244: 108505.

[73]	JOHNPETER T , KARUPPANAN S . Fuzzy—rule based optimized hybrid deep learning model for network intrusion detection in SDN enabled IoT network[J]. Computers & Security, 2025, 152: 104372.

[74]	EDUARDO D L H , EMIRO D L H , ORTIZ A , et al. PCA filtering and probabilistic SOM for network intrusion detection[J]. Neurocomputing, 2015, 164: 71-81.

[75]	WANG C H , XU D , LI Z H , et al. Effective intrusion detection in highly imbalanced IoT networks with lightweight S2CGAN—IDS[J]. IEEE Internet of Things Journal, 2024, 11: 15140-15151.

[76]	KOU L , DING S S , WU T , et al. An intrusion detection model for drone communication network in SDN environment[J]. Drones, 2022, 6(11): 342-360.

[77]	NGUYEN T P , CHO J , KIM D . Semi—supervised intrusion detection system for in—vehicle networks based on variational autoencoder and adversarial reinforcement learning[J]. Knowledge—Based Systems, 2024, 304: 112563.

[78]	储岳中, 汪佳庆, 张学锋, 等. 基于改进深度残差网络的图像分类算法[J]. 电子科技大学学报, 2021, 50(2): 243-248.

[79]	CHU Y Z , WANG J Q , ZHANG X F , et al. Image classification algorithm based on improved deep residual network[J]. Journal of University of Electronic Science and Technology of China, 2021, 50(2): 243-248.

[80]	KUSHWAHA J P , BHADAURIA S , TAPASWI S . mFCBF based lightweight intrusion detection system for IoT networks[J]. Cluster Computing, 2025, 28: 1-19.

[81]	LIU Z Q , MOHIUDDIN G , ZHENG J B , et al. Intrusion detection in wireless sensor network using enhanced empirical based component analysis[J]. Future Generation Computer Systems, 2022, 135: 181-193.

[82]	TÜRKOĞLU M , POLAT H , KOCAK C , et al. Recognition of DDoS attacks on SD—VANET based on combination of hyperparameter optimization and feature selection[J]. Expert Systems with Applications, 2022, 203: 117500.

[83]	ISMAIL M G , GHANY M A E , SALEM M A , et al. Enhanced recursive feature elimination for IoT intrusion detection systems[C]// 2022 International Conference on Microelectronics. Morocco: IEEE, 2022: 193-196.

[84]	QIU L , WANG X W , YI B , et al. Towards efficiency and decentralization: A blockchain assisted distributed fuzzy—rough feature selection[J]. IEEE Transactions on Parallel and Distributed Systems, 2025, 36: 1762-1778.

[85]	FU R , WU Y C , XU Q Q , et al. FEAST: A communication—efficient federated feature selection framework for relational data[C]// Proceedings of the 2023 ACM International Conference on Management of Data. Washington: ACM, 2023: 1-28.

[86]	陈瑞东, 张小松, 牛伟纳, 等. APT 攻击检测与反制技术体系的研究[J]. 电子科技大学学报, 2019, 48(6): 870-879.

[87]	CHEN R D , ZHANG X S , NIU W N , et al. A research on architecture of APT attack detection and countering technology[J]. Journal of University of Electronic Science and Technology of China, 2019, 48(6): 870-879.