The rapid growth of the Internet of Things (IoT) has created large-scale, heterogeneous ecosystems that are increasingly vulnerable to sophisticated, distributed cyber threats. However, many existing anomaly detection systems prioritize detection accuracy while overlooking system-level constraints, such as latency, computational overhead, and energy consumption, thereby limiting their practicality for resource-constrained edge gateways. This paper presents EcoDefender, an edge-oriented hybrid anomaly detection framework that combines Autoencoder (AE)-based latent representation learning with Isolation Forest (IF) anomaly scoring for IoT traffic analysis. The proposed architecture introduces several enhancements over conventional AE-IF pipelines, including anomaly-aware latent manifold regularization, variance-weighted isolation splits in the latent space, and a learnable fusion mechanism that adaptively combines reconstruction error and isolation-based anomaly scores in the presence of potential distributional drift. By compressing high-dimensional traffic features into compact latent representations and performing anomaly scoring in this reduced space, EcoDefender enables lightweight and fully unsupervised anomaly detection suitable for edge deployment. An experimental evaluation of realistic IoT traffic and a distributed Raspberry Pi edge testbed demonstrates that EcoDefender achieves up to 94% detection accuracy while maintaining low computational overhead, with an average CPU usage of 22% and an end-to-end inference latency of 27 ms. Furthermore, energy-aware measurements obtained through device-level power monitoring show an average energy consumption of 0.45 J per inference (0.28 g CO2 emissions), representing a 30% reduction in energy consumption compared with AE-only baselines while sustaining inference throughput of up to 5,000 samples per second.

翻译：摘要：物联网的快速发展催生了大规模、异构化的生态系统，使其日益易受复杂分布式网络威胁的攻击。然而，现有异常检测系统多优先追求检测精度，却忽视了延迟、计算开销与能耗等系统级约束，导致其在资源受限的边缘网关中实用性有限。本文提出EcoDefender——一种面向边缘的混合异常检测框架，通过结合基于自编码器的潜在表示学习与孤立森林异常评分机制，对物联网流量进行分析。所提架构在传统自编码器-孤立森林流水线基础上引入多项增强：包括异常感知的潜在流形正则化、潜在空间中基于方差加权的孤立分裂策略，以及一种可学习融合机制——该机制能在潜在分布漂移条件下自适应地结合重构误差与基于孤立性的异常评分。通过将高维流量特征压缩为紧凑的潜在表示，并在此降维空间中进行异常评分，EcoDefender实现了适用于边缘部署的轻量级、全无监督异常检测。基于真实物联网流量与分布式树莓派边缘测试平台的实验评估表明，EcoDefender在保持低计算开销（平均CPU占用率22%、端到端推理延迟27毫秒）的同时，检测精度可达94%。此外，通过设备级功耗监测获取的能耗数据显示，每次推理平均能耗为0.45焦耳（折合0.28克二氧化碳排放），相较仅使用自编码器的基线方法能耗降低30%，同时推理吞吐量可维持在每秒5000样本。