sooox
sooox.cc
Back to Blog

Edge AI IDS on Microcontrollers

May 31, 2026

Python Machine Learning TinyML IoT Cybersecurity Embedded Research

(master thesis paper summary)

The core question: can you run a real intrusion detection system (IDS) directly on a microcontroller, and if so, what model would you actually deploy?

The problem with existing IDS research

Most previous research done was kinda useless, two main inaccuracies kept showing up:

  • Models are evaluated on servers or by simulating a “resource constrained environment”, making their numbers worthless (imo)
  • One of the first things you learn in machine learning is that you should balance your data to get accurate results, but somehow most of the previous work used class-imbalance and then used accuracy as their primary metric, this artifically inflates performance on the majority classees and hides misclassifications on less common attacks

The majority of previous work only does binary classification (attack vs benign traffic)

We fixed these problems.

What we did

We trained using 11 algorithms, actually deployed on 3 different MCUs, used a balanced dataset, and gathered actual on-device inference times.

Dataset: Edge-IIoTset, originally 2.2M rows, 15 classes. We grouped the 14 attack classes into 5 macro-categories by similarity, downsampled to 25,000 samples per class (125k total)

Preprocessing: Removed temporally and instance-specific features to prevent leakage, deduplicated, label-encoded, MinMax-scaled

Hard constraints: model size <256KB, inference time <10ms.

Training hardware: RTX 4090, 36GB RAM

The boards:

BoardMCUClockFlashSRAM
M5StickC Plus2ESP32-PICO-V3-02240 MHz8 MB520 KB
ESP32 HuzzahESP32-WROOM-32E240 MHz4 MB520 KB
Arduino Nano 33 BLEARM Cortex-M4F64 MHz1 MB256 KB

Models:

  • Classical ML: Decision Tree, Random Forest, Extra Trees, Naive Bayes, XGBoost, LightGBM
  • Deep Learning: ANN, CNN, CNN with SE, CNN with CBAM, Depthwise CNN

Classical models were tuned using grid searches, NNs were quantized from float32 to int8, first using Post Traning Quantization (PTQ) but later switching to Quantization-Aware Training as we ran into some issues

Deployment pipeline: train on workstation → export as C header → flash via PlatformIO → stream testset and collect predictions and inference times over serial using a python script

Model architectures

ANN: Four hidden layers (32→64→64→128) The narrow first layer forces the network to pick out the most important relationships from 46 input features before expanding. Dropout at 30% after the last two layers.

CNN variants: All built around the same two-stage Conv1D backbone: 8 filters, kernel size 3, Batch Norm, ReLU, MaxPooling. The 256KB constraint is what locked us to 8 filters per layer. That decision ends up being the whole story for why the CNNs underperform (compared to tree based models).

The attention variants add their blocks after batch norm in each stage:

  • SE: channel attention only: squeeze spatially, reweight channels through a small MLP
  • CBAM: channel attention (like SE) + spatial attention on top, using a Conv1D layer over concatenated average and max pooled channels. We added this because it had never been done before
  • Depthwise: replaces standard convolutions with depthwise separable ones, lower param count

All CNN variants trained 100 epochs

Results

Decision Tree won on every board.

AlgorithmF2Nano AccNano Inf (μs)Nano E (μJ)M5Stick AccM5Stick Inf (μs)M5Stick E (μJ)Huzzah AccHuzzah Inf (μs)Huzzah E (μJ)
Decision Tree0.94995.0%21.40.2395.2%16.51.6395.8%10.21.01
LightGBM0.93893.8%691.77.4794.0%1013.0100.2994.0%1007.799.76
XGBoost0.93793.7%722.87.8193.7%826.181.7894.0%860.885.22
Random Forest0.88288.5%111.11.2089.2%66.26.5589.2%74.17.34
Extra Trees0.79281.7%137.61.4981.7%69.16.8481.7%76.37.55
Naive Bayes0.70971.9%6189.366.8473.8%372.336.8673.8%356.035.24
ANN0.67468.6%625.66.7670.2%520.051.4869.9%494.848.99
CNN0.79279.9%30144.8325.5678.5%1818.0179.9879.0%1642.3162.59
CNN-SE0.79380.0%37671.5406.8580.8%4864.5481.5980.8%4705.5465.84
CNN-CBAM0.79780.4%47124.5508.9481.0%9111.3902.0281.0%10047.6994.71
Depthwise CNN0.72673.5%2860.230.8975.0%1363.3134.9775.0%1357.7134.41

Decision Tree: highest accuracy, fastest inference, lowest energy. Not even close.

We use F2-score (β=2) over F1 because missed attacks are more costly than false alarms —> it weights recall higher than precision. This is very important in the field of cyber security, but many previous work seems to ignore this.

Why Decision Tree and not XGBoost or Random Forest?

XGBoost and LightGBM are genuinely competitive on classification (F2 ~0.937–0.939) but their sequential boosting structure makes inference 80–100× slower than a single tree. For real-time network traffic that’s a problem.

Random Forest hits the 256KB size limit before it can grow deep enough to make fine splits. Decision Tree fits in 76KB at 95.8% accuracy.

Extra Trees consistently underperformed Random Forest by 7–9 percentage points across all boards. Random threshold selection isn’t doing it any favors under these constraints.

Neural networks on MCUs

They struggled. All four CNN variants fell below every tree-based model on classification performance.

CNN with CBAM is technically interesting it’s the first deployment of a 1D CNN with a CBAM attention block on actual MCU hardware. The attention mechanism measurably improved accuracy over plain CNN by 2–2.5 percentage points. CNN-SE got within 0.2 points of CBAM at roughly half the inference cost (4864.5μs vs 9111.3μs on the M5Stick), which makes it the better trade-off if you actually need attention. But both cost 550–900× the energy of the Decision Tree for worse classification.

Depthwise CNN had the fastest CNN inference (~1360μs) but the weakest CNN classification.

ANN consistently ranked worst overall at 68.6–70.2% accuracy, right below Naive Bayes.

StudyModelDatasetHardwareClassesAcc.Latency
Manocchio et al. (2022)Decision TreeBoT-IoT, ToN-IoT, MQTTESP32299.92%0.89 μs
Selvaraj et al. (2025)Q-CNN + AutoencoderEdge-IIoTsetArduino Nano 33 BLE Sense794.3%~12000 μs
Our workCNN-CBAMEdge-IIoTsetESP32 Huzzah581%9111.3 μs
Our workDecision TreeEdge-IIoTsetESP32 Huzzah595.8%10.2 μs

Manocchio’s 99.92% is binary classification on a simpler dataset. Selvaraj evaluated their 7-class model on a more capable sensor board, with 12ms inference. Our Decision Tree hits 95.8% at 10.2μs on a standard ESP32 doing 5-class.

Takeaway

If you’re building an IDS for IoT edge devices: use a Decision Tree. Neural networks didnt really fit within our constraints.

The assumption that “more parameters = better” breaks down completely under MCU constraints. The literature mostly misses this because they benchmark on servers. We deployed on actual hardware, under real resource constraints, on a balanced dataset, and the answer is pretty clear. (we mogged them)

Tree-based classifiers beat neural architectures on accuracy, inference time, and energy consumption. There’s no tradeoff here, the Decision Tree just wins.

Limitations and future work

Energy measurement We estimated energy per inference as E = P · t, where P comes from datasheet current values and supply voltage rather than measured current draw. It’s alright for an approximation but not exactly accurate, this was a skill issue, electricity is magic to me

Only one dataset. Everything was trained and evaluated on Edge-IIoTset. It would be very interesting to test on other datasets as well, this way we could detect Dataset-specific biases.

Only three boards. We just trained on what we had, resulting in two of our 3 boards being nearly identical (hardware-wise)

The neural network angle isn’t dead. We could add a hybrid approach that adds a small NN for anomly detection as a first stage, then let the DT perform classification.