TinyML-Based Intrusion Detection System for Handling Class Imbalance in IoT-Edge Domain Using Siamese Neural Network on MCU

The widespread of Internet of Things (IoT) devices has introduced significant cyber security challenges, requiring robust and efficient Intrusion Detection Systems (IDSs) tailored for IoT-edge environments. In this context, on-board training has emerged as a valuable approach for enabling online learning of IoT-edge smart devices, useful for model refining with on-field data, as well as reducing concept drift and data privacy violations. On the other hand, collecting a large set of representative on-field attack samples could be very complex or infeasible, particularly in critical application domains. Moreover, the collected samples are often uneven data distribution, known as imbalanced datasets. Therefore, appropriate neural network models trainable with reduced and imbalanced datasets should be used. In this paper, a performance assessment of a Siamese Neural Network (SNN)-based IDS deployed on a tiny Microcontroller Unit (MCU) is presented. The detection system is trained using both a custom IoT dataset and the widely used TON_IoT dataset in order to assess its ability to detect anomalous traffic patterns indicative of IoT-edge attacks. Accuracy and latency are analyzed to ensure practical applicability. The results highlight that the SNN-based IDS achieves a high detection rate with limited and imbalanced training data, demonstrating its effectiveness in securing IoT-edge environments under resource constraints.