Descrição
The computational complexity of high-performance Deep Learning (DL) models for Intrusion Detection Systems (IDS) prohibits their deployment on resource-constrained IoT devices. A common practice is to apply quantization and compression techniques to reduce the memory footprints of IDS models so that they can be deployed on edge devices. Knowledge Distillation (KD), which allows knowledge transfer between different model architectures, offers a viable model compression technique, yet the efficacy of different distillation strategies—logits, feature-based, and gradient-based—for the specific demands of IoT security remains unclear. This paper presents a rigorous comparative analysis of these three distillation strategies to create lightweight and interpretable IDS. We formulate the KD process for each strategy and train compact "student" models from a large "teacher" on the CICIoT2023 and NIMSIoT2025 datasets. The Convolutional neural network (CNN) is applied with different architectures for the teacher and student, where the student learns from knowledge obtained from the teacher for improved performance. Through KD, a lightweight model that reduces the model architecture and the number of parameters by 90% while maintaining high predictive capacity. Further evaluation demonstrates that Feature-based Distillation achieves the best balance, yielding a student model with 98.7% accuracy, outperforming logit-based and Gradient-based methods in detecting sophisticated attacks. Furthermore, we integrate the interpretability of model prediction and provide a quantitative analysis of explanatory reliability using SHAP, which reveals that all three methods achieve a high fidelity score of up to 99% in the prediction explanation. This indicates that KD enhances the deployability of DL models, with feature-based method offering improved knowledge transfer compared to gradient- and logits-based methods. The integration of explainability technique provides security analysts with more trustworthy and actionable explanations. Thus, this work provides a foundational framework for selecting distillation strategies tailored to the performance, efficiency, and interpretability requirements of IoT security.
| Selecione a modalidade do seu trabalho | Artigo Completo |
|---|
