Optimizing IoT Intrusion Detection with Tabular Foundation Models for Smart City Forensics
Asma Al-Dahmani, Abdulla Bin Safwan, Mohammad Obeidat, Belal Alsinglawi
TLDR
This paper introduces TabPFNv2.5, a tabular foundation model, for faster and accurate IoT intrusion detection in smart cities, proposing a hybrid security pipeline.
Key contributions
- Evaluates TabPFNv2.5, a transformer-based foundation model, for IoT intrusion detection.
- Demonstrates TabPFNv2.5 achieves 40x faster inference with 97% accuracy compared to Random Forest.
- Proposes a hybrid pipeline using TabPFNv2.5 for rapid screening and ensembles for detailed classification.
- Identifies scanning attacks as the hardest to detect and highlights feature similarity for cross-device generalization.
Why it matters
This research addresses the critical need for fast and accurate intrusion detection in smart cities by leveraging tabular foundation models. It shows how these models can significantly speed up threat screening, making real-time forensic triage more feasible. This approach offers a practical way to enhance IoT security operations without sacrificing detection quality.
Original Abstract
Security operations in smart cities demand detection systems that balance accuracy with response time. While ensemble methods like Random Forest achieve high accuracy, their computational overhead impedes real-time forensic triage. We present the first systematic evaluation of TabPFNv2.5, a transformer-based foundation model, against traditional ensemble classifiers for IoT intrusion detection. Using the TON IoT dataset, we demonstrate that TabPFNv2.5 achieves 40 faster inference than Random Forest while maintaining 97% binary classification accuracy. We propose a hybrid pipeline in which TabPFNv2.5 performs rapid threat screening, while ensemble models handle detailed classification. Our analysis reveals that scanning attacks remain the hardest to detect (F1: 69.8%) and cross-device generalization depends critically on feature similarity. These findings establish foundation models as viable components for time-sensitive IoT security operations
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.