A-THENA: Early Intrusion Detection for IoT with Time-Aware Hybrid Encoding and Network-Specific Augmentation

The proliferation of Internet of Things (IoT) devices has significantly expanded attack surfaces, making IoT ecosystems particularly susceptible to sophisticated cyber threats. To address this challenge, this work introduces A-THENA, a lightweight early intrusion detection system (EIDS) that significantly extends preliminary findings on time-aware encodings. A-THENA employs an advanced Transformer-based architecture augmented with a generalized Time-Aware Hybrid Encoding (THE), integrating packet timestamps to effectively capture temporal dynamics essential for accurate and early threat detection. The proposed system further employs a Network-Specific Augmentation (NA) pipeline, which enhances model robustness and generalization. We evaluate A-THENA on three benchmark IoT intrusion detection datasets-CICIoT23-WEB, MQTT-IoT-IDS2020, and IoTID20-where it consistently achieves strong performance. Averaged across all three datasets, it improves accuracy by 6.88 percentage points over the best-performing traditional positional encoding, 3.69 points over the strongest feature-based model, 6.17 points over the leading time-aware alternatives, and 5.11 points over related models, while achieving near-zero false alarms and false negatives. To assess real-world feasibility, we deploy A-THENA on the Raspberry Pi Zero 2 W, demonstrating its ability to perform real-time intrusion detection with minimal latency and memory usage. These results establish A-THENA as an agile, practical, and highly effective solution for securing IoT networks.

翻译：物联网设备的激增显著扩大了攻击面，使物联网生态系统极易遭受高级网络威胁。为解决这一挑战，本文提出A-THENA——一种轻量级早期入侵检测系统（EIDS），对时间感知编码的初步研究成果进行了显著扩展。A-THENA采用基于Transformer的先进架构，并配合通用化时间感知混合编码（THE），通过整合数据包时间戳有效捕获对早期准确威胁检测至关重要的时间动态特性。该系统进一步采用网络特定增强（NA）流程，提升了模型的鲁棒性与泛化能力。我们在三个基准物联网入侵检测数据集——CICIoT23-WEB、MQTT-IoT-IDS2020和IoTID20上评估A-THENA，其均展现出稳定且优异的性能。在三个数据集的平均表现上，相比于最优传统位置编码，准确率提升6.88个百分点；相比最强基于特征的模型，提升3.69个百分点；相比领先的时间感知替代方案，提升6.17个百分点；相比相关模型，提升5.11个百分点，同时达到近乎零的误报率与漏报率。为评估实际部署可行性，我们在树莓派Zero 2 W上部署A-THENA，验证了其在极低延迟和内存占用下实现实时入侵检测的能力。这些结果确立了A-THENA作为保护物联网网络的敏捷、实用且高效解决方案的地位。