To address the challenge of real-time detection of diverse network attacks on resource-constrained IoT edge devices, this paper proposes a lightweight, decision-tree–dominated ensemble learning framework. The framework integrates optimized feature engineering, multi-class imbalance mitigation, and a random forest enhancement strategy, specifically tailored for low-compute IoT endpoints. Evaluated on the CICIoT 2023 dataset, it achieves high-accuracy multiclass detection across 10 attack categories and 34 distinct attack types, attaining 99.56% accuracy and a 99.62% macro-F1 score, with inference latency consistently in the millisecond range. Compared to existing approaches, this work is the first to establish a decision-tree–based lightweight ensemble paradigm that jointly optimizes accuracy, inference speed, and deployment feasibility on edge devices. Experimental results validate the effectiveness and practicality of lightweight machine learning models for real-time security analytics at the network edge.

In the growing terrain of the Internet of Things (IoT), it is vital that networks are secure to protect against a range of cyber threats. Based on the strong machine learning framework, this study proposes novel lightweight ensemble approaches for improving multi-class attack detection of IoT devices. Using the large CICIoT 2023 dataset with 34 attack types distributed amongst 10 attack categories, we systematically evaluated the performance of a wide variety of modern machine learning methods with the aim of establishing the best-performing algorithmic choice to secure IoT applications. In particular, we explore approaches based on ML classifiers to tackle the biocharges characterized by the challenging and heterogeneous nature of attack vectors in IoT environments. The method that performed best was the Decision Tree, with an accuracy of 99.56% and an F1 score of 99.62%, showing that this model is capable of accurately and reliably detecting threats.The Random Forest model was the next best-performing model with 98.22% and an F1 score of 98.24%, suggesting that ML methods are quite effective in a situation of high-dimensional data. Our results highlight the potential for using ML classifiers in bolstering security for IoT devices and also serve as motivations for future investigations targeting scalable, keystroke-based attack detection systems. We believe that our method provides a new path to develop complex machine learning algorithms for low-resource IoT devices, balancing both accuracy and time efficiency needs. In summary, these contributions enrich the state of the art of the IoT security literature, laying down solid ground and guidelines for the deployment of smart, adaptive security in IoT settings.