Deployment-Aware Parameter Optimization for IoT Attack Detection

Smart IoT environments require attack detection (AD) mechanisms that operate reliably under real-time and resource-constrained deployment conditions. Although machine learning models can achieve high detection accuracy, their practical performance is strongly influenced by internal configuration parameters, including the way traffic metrics are derived from streaming packets and the selection of the decision threshold. This paper presents a deployment-aware parameter optimization study for IoT attack detection based on the Auto-Associative Dense Random Neural Network (AADRNN). Rather than focusing solely on peak detection accuracy, we examine how the extraction of traffic metrics from successive packets and the choice of the decision threshold influence detection behavior under realistic operating conditions. Experiments conducted on a physical IoT test-bed with controlled flooding attacks and on the Mirai Botnet dataset identify stable operating regions that maintain high detection rates while limiting false alarms, and reveal parameter ranges that lead to performance degradation. The results provide practical configuration guidelines for lightweight IoT attack detection deployed at network access points.