The UNSW-NB15 data set⁷ was utilized which was gathered on the set of network packets of real and synthetic attacks obtained by the University of New South Wales, Australia. To enhance the IoT focus, we have added two IoT native datasets; Bot-IoT⁸ and TON_IoT⁹. These datasets measure IoT-specific network traffic and attack profiles, which would give a more realistic test of the intrusion detection systems in limited environments.The UNSW-NB15 attacks were categorized as nine families. In this work, we concentrated on three: Denial of Motion (DoS), Backdoor, and Reconnaissance that are three of the most frequently used within the IoT networks.⁶ Figure 1 presents the presence of the samples in the UNSW-NB15 dataset based on the type of attack.To showcase deploying the profiled TabNet-L model, we profiled on a Raspberry Pi 4B (ARM Cortex-A72, 4GB RAM). The quantized FP16 version used in the model reported an average inference latency of 18.4 ms per sample, a highest memory usage of 98 MB and an energy consumption value of approximately 2.1 Joules per inference. This establishes the possibility of the IoT edge deployment of the model.

Based on a comparison with other relevant data sets, presented in⁵ for network attacks in IoT networks, the 3 most common attacks were selected:

The 47 characteristics are grouped according to the author in the following:

According to what was indicated in,⁵ the flow characteristics identify the attackers and the target hosts of the attacks, therefore, with the exception of the protocol, they are not considered appropriate for the training of a Machine Learning model, which is why they were eliminated in this work. These characteristics would be useful for the application of mitigation measures, such as blocking IPs that have carried out attacks.Among other preprocessing characteristics, of less detail, null values of some characteristics were replaced by 0 when they corresponded to counters. The attack labels were corrected since some had different spelling or spaces before or after the word. The preprocessing logic is shown in Figure 2, including the stream feature removal, null management, label clearing, and preparation steps. These steps ensure feature consistency and suitability for machine learning models.

A 60/20/20 split for training, validation, and evaluation is shown in Figure 3, with training and testing in equal proportions, reflecting a balanced approach, overlapping. Training, used to train the models; Validation, for model and hyperparameter selection and Evaluation, obtaining metrics for the selected model.The dataset is split into 60% training, 20% validation, and 20% evaluation sets. This distributed model balances unbiased training and testing. The training set is used to facilitate learning, the validation set is used to tune hyperparameters to prevent overfitting, and the evaluation set is used to assess the model’s ability to generalize to ultimately unobserved experiences. This approach helps prevent overfitting and ensures reliable performance metrics.

Figure 4 provides an overview of the model development process, from preprocessing to training and evaluation, which is crucial for model reproducibility and process understanding.

For the implementation of Support Vector Machine, the scikit-learn library was used¹⁰ creating a pipeline (sequence of steps). Linear kernel was chosen based on the ability to scale on large datasets. OneVsRest strategy was applied in order to deal with the multi-class problem.To handle the multiclass problem, the OneVsRest strategy was used, in which a binary model is created for each class, being the default strategy of scikit-learn, the model is the last step of the pipeline (Figure 5). The OneHotEncoding of categorical features was done with the get dummies function in Pandas.⁸ MinMaxScaler was used to scale numerical features to scale [0, 1]. To combat the class imbalance, we used two step sampling method: RandomUnderSampling the majority class and SMOTE oversampling of the minority classes as illustrated in Figure 7. This step is the first in the pipeline as shown in Figure 5. Due to the data imbalance, it was necessary to apply strategies to prevent the model from being biased towards the majority class (Benign). For this model, two-step sampling strategies were used. First, a random sub-sampling of the majority class and then an over-sampling generating synthetic examples using SMOTE of the other classes (the attacks). This is evidenced in the rus and smote steps of the trained pipeline, in Figure 5. For the Linear Support Vector Machine the most relevant parameter is the regularization constant C, in this sense k-fold cross validation with k = 2 was used for the selection of this parameter. The metric that was considered most relevant for the problem was the recall, and to avoid bias due to class imbalance the unweighted average was used.

First, a search was performed on a logarithmic scale between 10–3 and 103. Figure 6 shows how this metric behaves by varying the regularization constant in this first search.

As can be seen, the best metric was obtained at 101, so it was decided to perform a second search with values between 0–100, the behavior of the metric is presented in Figure 7.

Figures 6–7 shows the tuning of the tuning parameter. Figure 6 shows the robust search (logarithmic scale), while Figure 7 focuses on the alignment around the optimal region. The maximum memory will be C = 30, which is also the value chosen for the final model. Finally, the best model is the one with C = 30, whose detailed performance is presented in Table 1. Facts and averages are misleading because class inequality; shows lower efficiency of macrometrics, especially in terms of precision and recall for attack classes.^{11,12,13,14,15}

The confusion matrix of the model in validation data is presented in Figure 8. Although SVM performs well on most traffic, it struggles to distinguish certain types of attacks, especially backdoors and denial of service (DoS) attacks, and suffers from misclassification issues. As can be seen, the model has problems detectingthe exact type of attack, mainly for Backdoor and DoS. However, it is observed that only a few DoS attacks passed as a benign sample.^{16,17,18,19,20,21}

On the other hand, it is important to mention that, following the same strategy to select C, models were evaluated using other oversampling techniques: Random oversampling of minority classes, SMOTE borderline and ADASYN. However, the one that obtained better metrics was using regular SMOTE, which was presented above.

To have à thorough comparison, we replicated three other robust baseline models having the same pre-processing and hyper-parameter optimization budgets:

LightGBM: This is a gradient boosting model that is performance and efficiency-optimized. Hyperparameters (learning rate, number of leaves, maximum depth, etc.) were optimized using Bayesian optimization when 50 trials were run.

CatBoost: CatBoost was created with the purpose of operating around categorical features, thus it does not require one-hot encoding. We optimized parameters of iteration count, learning rate and depth.

Multi-Layer Perceptron (MLP): The basic neural network baseline that has the following architecture [128, 64] units, ReLU activation and dropout regularization (p = 0.2).

Different models were all trained and validated on the same training/validation splits and assessed with 5-fold cross-validation. Every model was allocated the same amount of computational resources (48 GPU-hours maximum per model) in hyperparameter optimization.

For the implementation of TabNet, a library developed in PyTorch⁹ was used. In this case, due to the advantages mentioned above. The data was preprocessed beyond what was indicated in Data Profiling. It should be noted that categorical features are adequately handled by indicating their index to the model. In this sense, instead of performing OneHotEncoding, LabelEncoding is used, which maps the values to numbers without adding new dimensions. This is evidenced in Figure 9, where a LabelEndoder is used in the proto, state and service features. Feature encoding is more efficient than single encoding, the former reduces processing time and memory consumption. This design choice facilitates the scalability of TabNet.

Three TabNet configurations are tested, in contrast to NSTEPS, ND, and NA, to balance model complexity and performance. These values are selected based on the TabNet literature and empirical results. Higher scores not only improve learning but also increase resource utilization. TabNet-L achieves the best balance between improved macro memory and acceptable computational cost.The most relevant parameters of TabNet are the following:

NSTEPS: Number of steps or stages in the architecture. Higher values, greater model complexity.

ND: Size of the decision layer. Higher values, greater model complexity.

NA: Size of the attention embedding of the mask.

Following the examples and recommendations given in the TabNet article,³ three models were trained with different levels of complexity, the parameters of each are shown in Table 2. Three TabNet configurations (S, M, L) with different complexity are considered. ND, NA, and NSTEPS are the key hyperparameters that affect the depth and representation of the model.

Figure 10 shows an example TabNet code for the use of the TabNet model, the parameters mentioned above are observed. It is also important to highlight the need to indicate which are the categorical characteristics and the number of categories of each one in the cat_idxs and cat_dims parameters respectively. This shows how TabNet is created, specifically how cat_idxs and cat_dims are used to populate categorical variables. This demonstrates TabNet’s native support for tabular data with mixed feature types. The results in macro metrics are presented in Table 3. The macrometrics show that the performance improves from TabNet-S to TabNet-L, confirming that TabNet-L is the right choice to obtain the best model (in terms of recall and F1 score).

Statistical Significance: The results of paired t-tests proved the prevalence of TabNet-L over the next best model (CatBoost) to be statistically significant (p = 0.008, Cohens d = 0.42). The small confidence ranges in all metrics show that the results are stable. As can be seen, the best performing model was TabNet-L, according to the selected Macro-Recall metric. The performance of this model is presented in greater detail. The graph in Figure 11 shows the evolution of the metric of interest according to the number of training epochs. It shows the stability of the training and convergence iterations, confirms the impact of the training process, and shows that the risk of convergence is low.

Table 4 shows the classification report showing metrics by class and global. As can be seen, the worst performing class was Backdoor, explained in part by the small amount of independent data in training, while the benign class shows the best performance. It proves that it is difficult to classify small attacks (e.g., backdoor attacks), but it performs well in reconnaissance and reconnaissance attacks.

Figure 12 shows the row-normalized confusion matrix (on the diagonal the recall). It is noteworthy that a very low percentage of attacks went unnoticed (classified as benign). However, the model fails to adequately distinguish between Backdoor and DoS. This reinforces the conclusions in Table 4. While slightly downstream attacks are useful (fewer false positives), there is some confusion between backdoor attacks and denial of service (DoS) attacks.

Table 5 exhibits dual attack detection capabilities (different attack rate) with 100% recall rate, making it ideal for intrusion detection systems that prioritize detection over classification features. Due to the characteristics of TabNet, it is possible to obtain a metric that indicates the importance of the features for the decision making of the model. Figure 13 shows the importance of the features. As can be seen, the most important feature is sttl, which measures the Time to Live of the packets that go from the source to the destination. This suggests that Time-to-live(TTL) (sttl) is the most important property. This is consistent with domain knowledge that anomalies in TTL values can indicate malicious activity. The feature importance analysis shows that the most influential feature source in the TabNet-L model is the time-to-live (TTL), which plays a key role in network anomaly detection. In IP networks, TTL is used to limit the lifetime of a packet by counting the number of times it passes through a router. Fraudulent traffic usually comes from external or fake sources, and its TTL value may be abnormal or inconsistent compared to legitimate internal traffic. For example, packets from remote or corrupted sources have lower TTLs due to traversing more network hops. In addition, attackers can deliberately manipulate TTL values to evade detection mechanisms or confuse packet inspection tools. Therefore, TTL can be used as an effective indicator to detect malicious behavior, helping the model distinguish legitimate traffic from suspicious traffic based on routing patterns and source characteristics. The computational efficiency is shown in Table 6.

The most important result of our research is the high level of false positive in binary classification. TabNet-L has an attack recall of almost perfect (99.9), but with a precision of 51.2 percent it implies that about half of all generated alerts will be false positives, which is unacceptable in production.Three strategies could be reduced to achieve a low false positive rate.

Decision Threshold Tuning: Rather than using the default 0.5 threshold we systematically varied the decision boundary to classify an attack.

Cost-Sensitive Learning: The loss functions are adjusted with the following.

Class-Weighted Cross-Entropy: Raising the price of false negatives.

Focal Loss Training: Training on difficult-to-classify examples.

Custom Cost Matrix: Rewarding bigger penalties on the false positives with regard to the operational needs.

Ensemble Post-Processing: TabNet was used to compute new predictions that were re-classified using a lightweight Random Forest filter to eliminate false positives further by 10–15 percent.

Recommend values of Operating points: In other cases of deployment:

High-Security Environments: Threshold = 0.35 (Recall: 99.2% Precision: 48.1%)

Middle Operation: Threshold = 0.60 (Recall: 94.5%, Precision: 68.3%

Low-False-Positive Needs: Threshold = 0.75 (Recall: 85.2%, Precision: 82.1%)

All the computational characteristics are thoroughly compared in Table 6. Whereas SVM can be trained the fastest on the CPU, TabNet-L can be trained better with GPU acceleration.

Edge Deployment Analysis: The quantized TabNet-L model that runs on Raspberry Pi 4B shows viable practicality in the IoT setting:

Latency: 18.4ms/sample is within real time standards of most network monitoring.

Memory: 98 MB peak utilization is within the standard size of an IoT device.

Joules per inference: To deploy battery-powered This allows deployment.

Preprocessing: The overhead of LabelEncoding is less than that of OneHotEncoding of SVM.

LightGBM is more efficient and offers the most desirable performance-to-efficiency ratio, with 75.3 percent macro-recall at a low cost in terms of computation.

Table 13 shows the ROC and Precision-Recall curves, demonstrating TabNet-L’s strong discriminative ability across all datasets, particularly for the critical attack detection task. The core task is to correctly classify the type of attack. Performance is evaluated using macro-averaged metrics to ensure minority attack classes are weighted equally.

Statistical Significance (vs. TabNet-L): The following are the statistical significance.

TabNet-L vs. CatBoost (2nd Best): p = 0.008, Cohen’s d = 0.42 (Small-to-Medium Effect).

TabNet-L vs. LightGBM: p = 0.002, Cohen’s d = 0.51 (Medium Effect).

TabNet-L vs. SVM: p < 0.001, Cohen’s d = 1.12 (Large Effect).

TabNet-L is the top-performing model for multiclass attack identification, and its superiority is statistically significant.

In order to measure the applicability in the real-world, we experimented TabNet-L with two Ioot-specific datasets. Table 14 presents a high level of performance, especially on Bot-IoT as the model attained 92.1% macro-F1. Table 15 lists the binary classification performance on UNSW-NB15 and table 16 shows the TabNet-L cross dataset performance.

This study shows that the TabNet-L model outperforms the Support Vector Machine (SVM) for network attack detection using the UNSW-NB15 dataset. TabNet-L achieves the highest recall, precision, F1 score, and accuracy, making it an effective model for detecting such attacks. TabNet-L has the best overall performance, but has difficulty distinguishing between backdoor attacks and denial of service (DoS) attacks, which highlights the importance of higher recall for robust detection of different types of attacks. These findings suggest that TabNet-L may be a promising model for network intrusion detection, especially when recall is a key metric. However, in future work, the model can be further improved to overcome its difficulties in coping with different types of attacks. Despite its strong detection capabilities, TabNet-L generates a large number of false positives, making it unsuitable for direct application. To address this issue, several strategies can be adopted. Threshold tuning can reduce false positives by increasing the decision threshold for attack classification. Ensemble methods, such as combining TabNet with simpler models such as signaling model machines (SVMs) or decision trees, can improve robustness and balance model bias. In addition, applying post-processing rules or optimizing predictions based on confidence models can eliminate low-confidence alerts. These considerations, combined with continuous retraining on new labeled data (active learning), can significantly reduce false positives and improve the actual reliability of the model. Accuracy alone is insufficient for imbalanced data. Evaluation with ROC and PR curves, class-wise precision/recall, F1 per class, and explicit false-alarm rates as future work. Cost-sensitive metrics will also be discussed to highlight performance on minority classes.

Hierarchical Classification: Adopt two stage classification (attack vs. benign, followed by fine-grained classification) as a way of enhancing performance of minority classes.

Active Learning: Design active learning pipelines, which reduce the labeling effort but keep abreast of novel threats.

Adaptive Thresholding: Develop dynamic thresholding mechanisms, which vary according to network environment and security posture.

Federated Learning: Investigate privacy-conserving IoT collaborative training.

Real-time Evaluation: Longitudinal studies on operational networks: To test under concept drift on performance.