“Smarter attention. Lighter models. Stronger intrusion defense.”

The rapid expansion of IoT and IoMT devices has increased the attack surface of modern networks, making Intrusion Detection Systems (IDS) a critical line of defense. While deep learning–based IDS models achieve strong detection performance, they often suffer from high computational cost, large memory footprints, and limited deployability in resource-constrained environments.

This research project introduces a SE-Spline Attention-based Convolutional Kolmogorov-Arnold Network (SE-Spline CKAN) — a lightweight hybrid architecture designed to:

• Preserve or improve intrusion-detection accuracy
• Reduce computational and memory overhead
• Enhance feature interpretability through structured attention

The project compares four model variants under identical experimental conditions:

• CKAN (Baseline)
• SE-CKAN
• Spline-CKAN
• SE-Spline CKAN (Proposed)

• Design a hybrid attention CKAN architecture combining channel-wise and spatial attention
• Evaluate performance on realistic IoT and IoMT attack datasets
• Measure both classification effectiveness and computational efficiency
• Identify trade-offs between accuracy, cost, and model complexity

• Environment: Internet of Things (IoT)
• Devices: 105 IoT devices
• Attack Types: DDoS, DoS, Reconnaissance, Web-based, Brute Force, Spoofing, Mirai
• Data Type: Flow-based network traffic features

• Environment: Internet of Medical Things (IoMT)
• Devices: 40 medical IoMT devices
• Attack Types: DDoS, DoS, MQTT, Spoofing
• Data Type: Flow-based network traffic features

Both datasets were selected for their real-world traffic patterns, feature richness, and relevance to resource-constrained security deployments.

• Dataset shuffling to ensure random sample distribution
• Class balancing via uniform per-class sampling
• Removal of missing, NaN, and infinite values
• Outlier detection using Isolation Forest (training-only statistics)
• One-hot encoding of categorical labels
• Min–Max normalization to the [0,1] range

• Hybrid PSO–XGBoost feature selection
• Information gain filtering
• Mutual information validation
• Final feature set reshaped into 6×6 matrices
• Tiled into 24×24 feature maps for convolutional processing

This transformation enables CKAN-based models to exploit spatial feature relationships from tabular network data.

• Convolutional layers with Kolmogorov-Arnold Networks
• Batch normalization
• Feature concatenation and flattening
• Lightweight functional representation with reduced parameter count

• Adds Squeeze-and-Excitation (SE) blocks
• Channel-wise feature recalibration
• Improves global feature importance modeling

• Introduces B-Spline-based spatial attention
• Smooth, learnable nonlinear transformations
• Enhanced spatial awareness with minimal overhead

• Combines SE (channel attention) + Spline (spatial attention)
• Balanced global and local feature emphasis
• Designed for accuracy-efficiency trade-off optimization

• Framework: TensorFlow 2.13 + Keras
• Epochs: 50 (early stopping, patience = 10)
• Batch Size: 8
• Optimizer: Adam
• Learning Rate: 0.001
• Loss Function: Categorical Cross-Entropy

Training was conducted on a CPU-based workstation to reflect realistic deployment constraints.

• Accuracy
• FLOPs / GFLOPs
• Model Size
• Training Memory Usage
• Inference Footprint

Supplementary metrics:

• Precision
• Recall
• F1-Score

CICIoT2023

• CKAN: 69.68%
• SE-CKAN: 61.27%
• Spline-CKAN: 70.27%
• SE-Spline CKAN: 71.74%

CICIoMT2024

• CKAN: 86.22%
• SE-CKAN: 92.00%
• Spline-CKAN: 90.12%
• SE-Spline CKAN: 93.11%

The proposed model consistently achieved highest accuracy across both datasets.

• Reduced FLOPs compared to attention-heavy CKAN variants
• Second KAN layer identified as primary computational hotspot (~70%)
• Improved convergence speed and training stability

• Limited per-class performance analysis (precision/recall per attack type)
• Confusion matrices used, but deeper ROC-AUC analysis not included
• Feature repetition required to enforce fixed 36-feature input shape
• CPU-only experiments limit insights into GPU scalability

These are acknowledged design trade-offs rather than implementation flaws.

• Add class-wise confusion matrices and ROC-AUC curves
• Explore graph-based CKAN extensions
• Investigate real-time IDS deployment scenarios
• Experiment with SE-Spline Transformer hybrids
• Reduce computational dominance of deeper KAN layers

🧩 Research Quest: SE-Spline Attention-based CKAN for IDS 🎓 Level: Honours Research Project 🚀 Outcome: Lightweight, accurate, and deployment-friendly intrusion detection model

Built for security where resources are scarce — not where GPUs are infinite.