Machine Learning-Driven Cross-Layer IDS Architecture for Next-Generation IoT Networks

Abstract

The proliferation of Internet of Things (IoT) devices across critical infrastructures introduces significant security risks due to their heterogeneous and resource-constrained nature. This study extends cross-layer Intrusion Detection System (IDS) research by systematically comparing three machine learning models—Support Vector Machine (SVM), Random Forest (RF), and a hybrid CNN-LSTM—using benchmark datasets (NSL-KDD, BoT-IoT, and CICIDS2017). Unlike prior works that focus on single-layer IDS or isolated model evaluation, our approach aggregates features from multiple OSI layers (network, transport, and application), providing a holistic view of IoT traffic. The findings demonstrate that CNN-LSTM achieves the highest detection accuracy (97.4%) but requires substantial computational resources, whereas RF offers a near-optimal trade-off between accuracy (96.8%) and efficiency, making it suitable for deployment on resource-constrained IoT devices. Scalability analysis confirms stable detection performance up to 200 IoT nodes with only minor accuracy degradation. This work highlights both the strengths and limitations of cross-layer ML-based IDS and provides insights for future enhancements through lightweight deep learning, federated learning, and explainable AI (XAI) for 6G-IoT environments.