The rapid growth of the Internet of Things (IoT) has created large-scale, heterogeneous ecosystems that are increasingly vulnerable to sophisticated, distributed cyber threats. However, many existing anomaly detection systems prioritize detection accuracy while overlooking system-level constraints, such as latency, computational overhead, and energy consumption, thereby limiting their practicality for resource-constrained edge gateways. This paper presents EcoDefender, an edge-oriented hybrid anomaly detection framework that combines Autoencoder (AE)-based latent representation learning with Isolation Forest (IF) anomaly scoring for IoT traffic analysis. The proposed architecture introduces several enhancements over conventional AE-IF pipelines, including anomaly-aware latent manifold regularization, variance-weighted isolation splits in the latent space, and a learnable fusion mechanism that adaptively combines reconstruction error and isolation-based anomaly scores in the presence of potential distributional drift. By compressing high-dimensional traffic features into compact latent representations and performing anomaly scoring in this reduced space, EcoDefender enables lightweight and fully unsupervised anomaly detection suitable for edge deployment. An experimental evaluation of realistic IoT traffic and a distributed Raspberry Pi edge testbed demonstrates that EcoDefender achieves up to 94% detection accuracy while maintaining low computational overhead, with an average CPU usage of 22% and an end-to-end inference latency of 27 ms. Furthermore, energy-aware measurements obtained through device-level power monitoring show an average energy consumption of 0.45 J per inference (0.28 g CO2 emissions), representing a 30% reduction in energy consumption compared with AE-only baselines while sustaining inference throughput of up to 5,000 samples per second.

翻译：物联网（IoT）的快速发展构建了大规模、异构化的生态系统，使其面临日益复杂的分布式网络威胁。然而，现有异常检测系统多侧重于检测精度，忽视了延迟、计算开销与能耗等系统级约束，从而限制了其在资源受限的边缘网关中的实用性。本文提出EcoDefender，一种面向边缘的混合异常检测框架，它将基于自编码器（AE）的潜在表示学习与孤立森林（IF）异常评分相结合，用于物联网流量分析。所提架构在传统AE-IF流水线基础上进行了多项改进，包括异常感知的潜在流形正则化、潜在空间中的方差加权孤立分裂，以及一种可学习融合机制，该机制能在潜在分布漂移下自适应地结合重构误差与基于孤立的异常评分。通过将高维流量特征压缩为紧凑的潜在表示，并在降维空间中进行异常评分，EcoDefender实现了适合边缘部署的轻量级全无监督异常检测。在真实物联网流量与分布式树莓派边缘测试床上的实验评估表明，EcoDefender在保持较低计算开销的前提下，检测准确率高达94%，平均CPU占用率为22%，端到端推理延迟为27毫秒。此外，通过设备级功耗监测获得的能量感知测量显示，每次推理平均能耗为0.45焦耳（二氧化碳排放0.28克），与仅基于自编码器的基线相比能耗降低30%，同时推理吞吐量可达每秒5000个样本。