Unified Anomaly Detection in IoT and Cyber-Physical Networks Using Evo-Transformer-LSTM: Validation on Four CIC Benchmarks
Discuss this preprint
Start a discussion What are Sciety discussions?Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
The rapid proliferation of the Internet of Things (IoT) and cyber-physical systems (CPS) within critical infrastructure sectors has significantly expanded the attack surface for advanced and stealthy cyber threats. Since these systems increasingly rely on real-time data exchange and autonomous control, developing intelligent, scalable, and adaptive anomaly detection mechanisms has become a pressing requirement. This paper proposes a novel hybrid framework, evolutionary-transformer-long short-term memory (Evo-Transformer-LSTM), that integrates the temporal modeling capability of LSTM networks, the global attention mechanism of Transformer encoders, and the optimization power of the improved chimp optimization algorithm (IChOA) for hyper-parameter tuning. In the proposed architecture, the Transformer encoder extracts high-level contextual patterns from traffic sequences, while the LSTM component captures local temporal dependencies. The framework is rigorously evaluated on four benchmark datasets from the Canadian Institute for Cybersecurity (CIC): CIC-IDS-2017, CSE-CIC-IDS-2018, CIC IoT-DIAD (2024), and CICIoV (2024). Comparative experiments are conducted against several state-of-the-art baselines, including transformer, LSTM, bidirectional encoder representations from transformers (BERT), deep reinforcement learning (DRL), convolutional neural network (CNN), k-nearest neighbors (KNN), and random forest (RF) classifiers. Results show that the proposed Evo-Transformer-LSTM achieves up to 98.25% accuracy, an F1-score of 97.91%, and an area under the curve (AUC) of 99.36% on CIC-IDS 2017, while maintaining above 96% accuracy and 98% AUC even on the more challenging CICIoV 2024 dataset, consistently surpassing all baseline models. In addition, statistical significance tests confirm the superiority of the proposed approach. In conclusion, Evo-Transformer-LSTM offers a unified, scalable, and robust solution for anomaly detection in modern IoT and CPS infrastructures, with potential for real-world deployment in security-sensitive domains.