Resource-efficient network attack detection using selective State Space Models

Zdornikov E.O., Popov I.Yu. Resource-efficient network attack detection using selective State Space Models. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2026, vol. 26, no. 1, pp. 94–103 (in Russian). doi: 10.17586/2226-1494-2026-26-1-94-103

The spread of vulnerable Internet of Things devices leads to an increase in the number of attacks on them, which requires the development of accurate and resource-efficient detection methods. Existing Intrusion Detection System models adapt poorly to different datasets. This paper proposes a solution to this problem based on the Edge-Mamba architecture — a “lightweight model” (distilled models) built on a linear-time selective State Space architecture. An evaluation is provided of the ability to transfer models across heterogeneous datasets and ensure their operation on end devices in real time. The proposed model is based on a selective State Space architecture and provides linear complexity for sequence processing. Adaptation of the model for network traffic analysis is achieved through the encoding of 74 features and the application of two State Space Model blocks. This design reduces computational costs while maintaining high accuracy in attack classification. Experiments were conducted on modern datasets CICIDS-2017 and TII-SSRC-23. The results demonstrate that Edge-Mamba achieves an accuracy of 99 % with a latency of 0.15 ms on the TII-SSRC-23 dataset, and an accuracy of 98 % with a latency of 2.4 ms on the CICIDS-2017 dataset. When transferring the model from one dataset to another without additional training, the classification accuracy drops to 65 %; however, fine-tuning on 10 % of the target dataset increases the accuracy to 99 % without any increase in classification latency. Thus, the proposed model demonstrates comparable or superior accuracy relative to existing approaches. In multiclass classification, the Edge-Mamba model outperforms CNN-BiLSTM and Transformer by 1–3 % in terms of macro-F1 score while maintaining lower latency. The model preserves its efficiency on resource-constrained devices. Therefore, the proposed approach combines high accuracy with transferability across datasets, making it applicable for Intrusion Detection System deployment on network gateways, Internet of Things hubs, and containerized infrastructures.

1. Gelgi M., Guan Y., Arunachala S., Rao M.S.S., Dragoni N. Systematic literature review of IoT botnet DDOS attacks and evaluation of detection techniques. Sensors, 2024, vol. 24, no. 11, pp. 3571. https://doi.org/10.3390/s24113571

2. Singh A., Gupta B.B.Distributed Denial-of-Service (DDoS) attacks and defense mechanisms in various web-enabled computing platforms. International Journal on Semantic Web and Information Systems, 2022, vol. 18, no. 1, pp. 43. https://doi.org/10.4018/ijswis.297143

3. Diana L., Dini P., Paolini D. Overview on intrusion detection systems for computers. Computers, 2025, vol. 14, no. 3, pp. 87. https://doi.org/10.3390/computers14030087

4. Arnob A.K.B., Roy Chowdhury R., Chaiti N.A., Saha S., Roy A. A comprehensive systematic review of intrusion detection systems: emerging techniques, challenges, and future research directions. Journal of Edge Computing, 2025, vol. 4, no. 1, pp. 73–104. https://doi.org/10.55056/jec.885

5. Ravipati R.D., Abualkibash M. Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets: a review paper. International Journal of Computer Science and Information Technology, 2019, vol. 11, no. 3, pp. 65–80. https://doi.org/10.5121/ijcsit.2019.11306

6. Talukder M.A., Islam M.M., Uddin M.A., Hasan K.F., Sharmin S., Alyami S.A., Moni M.A. Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction. Journal of Big Data, 2024, vol. 11, no. 1, pp. 33. https://doi.org/10.1186/s40537-024-00886-w

7. Sapre S., Ahmadi P., Islam K. A Robust Comparison of the KDDCup99 and NSL-KDD IoT Network Intrusion Detection Datasets Through Various Machine Learning Algorithms. arXiv, 2019. arXiv:1912.13204. https://doi.org/10.48550/arXiv.1912.13204

8. Lapina M.A., Movzalevskaya V.V., Tokmakova M.E., Babenko M.G., Sajid M. Detecting web attacks using machine learning algorithms. Voprosy Kiberbezopasnosti, 2024, no. 4 (62), pp. 92–103. (in Russian). https://doi.org/10.21681/2311-3456-2024-4-92-103

9. Divekar A., Parekh M., Savla V., Mishra R., Shirole M. Benchmarking datasets for anomaly-based network intrusion detection: KDD CUP 99 alternatives. Proc. of the IEEE 3^rd International Conference on Computing, Communication and Security (ICCCS), 2018, pp. 1–8. https://doi.org/10.1109/CCCS.2018.8586840

10. Choudhary S., Kesswani N. Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT. Procedia Computer Science, 2020, vol. 167, pp. 1561–1573. https://doi.org/10.1016/j.procs.2020.03.367

11. Antari A., Abo-Aisheh Y., Shamasneh J., Ashqar H.I. Network traffic classification using machine learning, transformer, and large language models. Proc. of the IEEE 4^th International Conference on Computing and Machine Intelligence (ICMI), 2025, pp. 1–5. https://doi.org/10.1109/icmi65310.2025.11141207

12. Bilge L., Dumitras T. Before we knew it: an empirical study of zero-day attacks in the real world. Proc. of the ACM conference on Computer and communications security, 2012, pp. 833–844. https://doi.org/10.1145/2382196.2382284

13. Wang T., Xie X., Wang W., Wang C., Zhao Y., Cui Y. NetMamba: efficient network traffic classification via pre-training unidirectional Mamba. Proc. of the IEEE 32^nd International Conference on Network Protocols (ICNP), 2024, pp. 1–11. https://doi.org/10.1109/icnp61940.2024.10858569

14. Xu J., Chen L., Xu W., Dai L., Wang C., Hu L. ET-Mamba: a Mamba model for encrypted traffic classification. Information, 2025, vol. 16, no. 4, pp. 314. https://doi.org/10.3390/info16040314

15. Ma C., Du X., Cao L. Improved KNN algorithm for fine-grained classification of encrypted network flow. Electronics, 2020, vol. 9, no. 2, pp. 324. https://doi.org/10.3390/electronics9020324

16. Zhang W., Zhang L., Zhang X., Wang Y., Liu P., Gui G. Intelligent unsupervised network traffic classification method using adversarial training and deep clustering for secure Internet of things. Future Internet, 2023, vol. 15, no. 9, pp. 298. https://doi.org/10.3390/fi15090298

17. Pang B., Fu Y., Ren S., Wang Y., Liao Q., Jia Y. C. GNN: Traffic Classification with graph neural network. arXiv, 2021. arXiv:2110.09726. https://doi.org/10.48550/arXiv.2110.09726

18. Lotfollahi M., Jafari Siavoshani M., Shirali Hossein Zade R., Saberian M. Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Computing, 2020, vol. 24, no. 3, pp. 1999–2012. https://doi.org/10.1007/s00500-019-04030-2

19. Lin X., Xiong G., Gou G., Li Z., Shi J., Yu J. ET-BERT: a contextualized datagram representation with pre-training transformers for encrypted traffic classification. Proc. of the ACM Web Conference, 2022, pp. 633–642. https://doi.org/10.1145/3485447.3512217

20. Yang J., Liang G., Li B., Wen G., Gao T. A deep-learning- and reinforcement-learning-based system for encrypted network malicious traffic detection. Electronics Letters, 2021, vol. 57, no. 9, pp. 363–365. https://doi.org/10.1049/ell2.12125

21. Zeleke S.N., Jember A.F., Bochicchio M. Integrating explainable AI for effective malware detection in encrypted network traffic. arXiv, 2024. arXiv:2501.05387. https://doi.org/10.48550/arXiv.2501.05387

22. Panigrahi R., Borah S., Bhoi A.K., Ijaz M.F., Pramanik M., Kumar Y., Jhaveri R.H. A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets. Mathematics, 2021, vol. 9, no. 7, pp. 751. https://doi.org/10.3390/math9070751

23. Tran D.-H., Park M. FN-GNN: a novel graph embedding approach for enhancing graph neural networks in network intrusion detection systems. Applied Sciences, 2024, vol. 14, no. 16, pp. 6932. https://doi.org/10.3390/app14166932

24. Akpaku E., Chen J., Ahmed M., Agbenyegah F.K., Brown-Acquaye W.L. RAGN: Detecting unknown malicious network traffic using a robust adaptive graph neural network. Computer Networks, 2025, vol. 262, pp. 111184. https://doi.org/10.1016/j.comnet.2025.111184

25. Areia J., Bispo I.A., Santos L., De Carvalho Costa R.L. IoMT-TrafficData: dataset and tools for benchmarking intrusion detection in Internet of medical things. IEEE Access, 2024, vol. 12, pp. 115370–115385. https://doi.org/10.1109/ACCESS.2024.3437214

26. Koumar J., Hynek K., Cejka T., Šiška P. CESNET-TimeSeries24: time series dataset for network traffic anomaly detection and forecasting. Scientific Data, 2025, vol. 12, no. 1, pp. 338. https://doi.org/10.1038/s41597-025-04603-x

27. Werbos P.J. Backpropagation through time: what it does and how to do it. Proceedings of the IEEE, 1990, vol. 78, no. 10, pp. 1550–1560. https://doi.org/10.1109/5.58337

28. Gu A., Dao T. Mamba: linear-time sequence modeling with selective state spaces. arXiv, 2023. arXiv:2312.00752. https://doi.org/10.48550/arXiv.2312.00752

29. Wang M., Zhang H., Zhou N. A study on the Mamba-ECANet model for intrusion detection in data security using end-to-end learning. Optimizations in Applied Machine Learning, 2024, vol. 1, no. 1, pp. 01001. https://doi.org/10.71070/oaml.v1i1.8

30. Jouhari M., Guizani M. Lightweight CNN-BiLSTM based Intrusion detection systems for resource-constrained IoT devices. Proc. of the International Wireless Communications and Mobile Computing (IWCMC), 2024, pp. 1558–1563. https://doi.org/10.1109/iwcmc61514.2024.10592352

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License