Internet of Things (IoT) environments are difficult to detect intrusion because of the heterogeneity of the devices and intricate attack patterns. Class imbalance, irrelevant features, suboptimal accuracy, poor hyperparameter tuning, and limited labeling data are some of the problems that exist in traditional machine and deep learning models. To address these challenges, we propose the Deep Optimized Active Learning Framework for Intrusion Detection in IoT Systems (DOAL-IDS). First, low-variance features are removed using a variance threshold, and the proximity weighted random affine shadow sampling technique balances the dataset by generating synthetic samples near the minority class. Capsule Network (CapsNet) is employed for classification and further optimized using the Reptile Search Algorithm (RSA), forming Reptile-Optimized Capsule Network (ROC-Net). ROC-Net is enhanced with Margin-Based Active Learning (MBAL) to create MARCO-Net, which efficiently annotates the most uncertain samples, reducing labeling costs. Experimental results show that ROC-Net and MARCO-Net achieve improvements of 8.75% and 12.5% in accuracy, 7.41% and 11.11% in F1-score, and 11.94% and 20.90% in Matthews correlation coefficient, with reductions of 75.86% and 82.70% in log loss. Robustness is ensured via 10-fold cross-validation and the Wilcoxon signed-rank test. For interpretability, local interpretable model-agnostic explanations and Shapley additive explanations analyzes provide insights into model decisions. These results demonstrate the effectiveness, reliability, and transparency of the proposed DOAL-IDS framework for IoT intrusion detection.
Javed et al. (Sun,) studied this question.