Eren K. K., Küçük K., Saleh R. A. A., Konyar M. Z., Hardy O. M., Khan S. A.
ELECTRONICS (Basel), cilt.15, sa.11, ss.1-30, 2026 (Scopus)
-
Yayın Türü:
Makale / Tam Makale
-
Cilt numarası:
15
Sayı:
11
-
Basım Tarihi:
2026
-
Doi Numarası:
10.3390/electronics15112307
-
Dergi Adı:
ELECTRONICS (Basel)
-
Derginin Tarandığı İndeksler:
Scopus, Compendex, INSPEC
-
Sayfa Sayıları:
ss.1-30
-
Kocaeli Üniversitesi Adresli:
Evet
Özet
The rapid expansion of Internet of Things (IoT) technologies has highlighted the need for reliable intrusion detection systems (IDSs), yet the majority of existing studies rely on single-dataset evaluations, raising concerns about their real-world generalisation capability. This study addresses this limitation by systematically investigating distributional shift across heterogeneous IoT intrusion detection datasets and their impact on model behaviour. To achieve this, a unified feature space is constructed using BoT-IoT, ToN-IoT, and UNSW-NB15 datasets, followed by a comprehensive preprocessing pipeline including attack class alignment, distribution-preserving sampling for class imbalance, and feature selection based on cross-dataset feature value propagation analysis. Furthermore, feature-specific transformations and correlation-based dimensionality reduction are applied to enhance statistical consistency and model stability. To simulate realistic deployment scenarios, models are trained on combinations of datasets and evaluated on unseen datasets. The results reveal that distributional inconsistencies and dataset-specific feature biases significantly degrade cross-dataset performance, despite strong within-dataset results. The proposed framework provides a systematic understanding of feature-level behaviour across datasets, identifying both stable and bias-prone features. These findings highlight the necessity of distribution-aware preprocessing and feature analysis for developing robust and generalisable IoT intrusion detection systems.