A Zero-Trust Enabled Adaptive Intrusion Detection Framework for Resource-Constrained Internet of Things Networks

Abstract

The fast-growing number of Internet of Things (IoT) deployments has changed the digital landscape. However, the dis- tributed and heterogeneous nature of IoT networks enlarges the attack surface by exposing critical systems to botnets, distributed denial-of-service attacks, spoofing, and moving laterally. Tra- ditional perimeter-based security measures and deep learning- based intrusion detection systems, which are too resource- demanding, are not applicable to the resource-constrained IoT context. This paper presents the Adaptive Intrusion Detection Framework (ZTA-AIDF) we have put together which is for IoT gateways and edge nodes. This framework includes light weight statistical traffic profiling, entropy based anomaly quantification, hybrid ensemble learning, and dynamic trust recalibration which in turn provides continuous verification with minimal computa- tional impact. We differ from static IDS models which do not adapt over time our put forth approach includes behavioral drift detection and adaptive weight optimization to maintain security against new attack trends. Also we report that in preliminary analysis we out perform traditional anomaly detection in terms of stability of detection and in reduction of false positive reports. Our framework is to fill in the gap between zero trust security and lightweight intrusion detection for the scale of today’s IoT.

Introduction

The Internet of Things (IoT) enables billions of devices to communicate across domains such as smart healthcare, industrial automation, and intelligent transport, but faces significant security challenges due to limited device resources, weak authentication, and dynamic network behavior. Traditional intrusion detection systems (IDS) and deep learning approaches are often too computationally heavy or static for IoT environments. To address this, the paper proposes the Zero-Trust Enabled Adaptive Intrusion Detection Framework (ZTA-AIDF), which combines lightweight anomaly detection, dynamic trust evaluation, and adaptive ensemble learning for IoT gateway deployment.

The framework uses statistical traffic features (e.g., mean packet size, flow duration, entropy, protocol distribution) and a hybrid ensemble model comprising Random Forest, Gradient Boosting, and One-Class SVM, with dynamic weight recalibration to handle behavioral drift in IoT networks. By integrating zero-trust principles with adaptive IDS, ZTA-AIDF ensures continuous device validation while respecting computational constraints, providing resilient, real-time security for heterogeneous IoT ecosystems.

Conclusion

This paper reports on a design of an Adaptive Intrusion Detection Framework which we have tailored for use in resource constrained IoT settings. We put together a light weight statistical profiling element, a hybrid ensemble learning approach, a dynamic trust recalculation feature, and a concept drift handling component into the present system which at the same time reports high in terms of detection accuracy and does so in a way that is also very much in terms of what can be handled at the edge in terms of computing power. We saw from our experiments that we out performed sig- nature based and deep learning based models with regards to performance which also included lower false positive reports and less energy use. Also we looked at ablation and adversarial results which in turn confirmed the value of adaptive weight recalculation and trust scoring elements. Our work reports in to the fact that we have created a solution which puts zero trust security precepts into a practical IoT intrusion detection model and in the process we present a scalable and very robust solution for next generation smart infrastructures.

References

[1] Butun, P. Osterberg,¨ and H. Song, “Security of the Internet of Things: Vulnerabilities, attacks, and countermeasures,” IEEE Communications Surveys & Tutorials, 2020. [2] H. Hindy et al.,“Ataxonomy of network threats and intrusion detection systems,” Future Internet, 2020. [3] D. Berman et al.,“Asurvey of deep learning methods for cybersecurity,”IEEE Communications Surveys, 2019. [4] S. Ahmed et al., “Feature selection for IoT botnet detection,” IEEE Access, 2019. [5] Y. Meidan et al., “N-BaIoT: Network-based detection of IoT botnet attacks,” IEEE Pervasive Computing, 2018. [6] J. Zhang et al., “Concept drift detection in streaming data,” IEEE Transactions on Knowledge and Data Engineering, 2018 [7] Google, “BeyondCorp: A new approach to enterprise security,” 2020. [8] A. Shabtai et al., “Zero-trust architecture for IoT,” IEEE Security & Privacy, 2021. [9] K. Zhao et al., “Machine learning in IoT security,” IEEE Internet of Things Journal, 2022.

Copyright

Copyright © 2026 Junaid Rana, Abhinav Sharma, Piyush Sagar, Kartik Pal, Anubhav Sharma. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.